From 0e9a3fd3ddc3fba752e0a58ca70d9f859a6eeca92c77eb4d2af6a26cbf8c748a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 15 Jan 2007 23:15:33 +0000 Subject: [PATCH 001/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=1 --- gnupg-1.9.18-tmpdir.diff | 43 + gnupg-1.9.22-ccid-driver-fix.diff | 42 + gnupg-1.9.22-warnings-fix.diff | 66 + gnupg-1.9.22.tar.bz2 | 3 + gnupg-2.0.9-langinfo.patch | 17 - gnupg-2.2.16-secmem.patch | 35 - gnupg-2.4.1.tar.bz2 | 3 - gnupg-2.4.1.tar.bz2.sig | Bin 119 -> 0 bytes ...cation_but_no_self-sig_during_import.patch | 33 - ...dd-test-cases-for-import-without-uid.patch | 202 -- gnupg-add_legacy_FIPS_mode_option.patch | 68 - ...viously-known-keys-even-without-UIDs.patch | 108 - gnupg-allow-large-rsa.patch | 13 - gnupg-detect_FIPS_mode.patch | 18 - gnupg-dont-fail-with-seahorse-agent.patch | 17 - gnupg-gpg-agent-ulimit.patch | 35 - gnupg-revert-rfc4880bis.patch | 202 -- gnupg-set_umask_before_open_outfile.patch | 43 - gpg2-1.9.22-CVE-2006-6169.diff | 13 + gpg2.changes | 2571 ----------------- gpg2.keyring | 86 - gpg2.spec | 348 ++- nld-build.diff | 82 + pth-2.0.7.tar.bz2 | 3 + ready | 0 scdaemon.udev | 65 - 26 files changed, 425 insertions(+), 3691 deletions(-) create mode 100644 gnupg-1.9.18-tmpdir.diff create mode 100644 gnupg-1.9.22-ccid-driver-fix.diff create mode 100644 gnupg-1.9.22-warnings-fix.diff create mode 100644 gnupg-1.9.22.tar.bz2 delete mode 100644 gnupg-2.0.9-langinfo.patch delete mode 100644 gnupg-2.2.16-secmem.patch delete mode 100644 gnupg-2.4.1.tar.bz2 delete mode 100644 gnupg-2.4.1.tar.bz2.sig delete mode 100644 gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch delete mode 100644 gnupg-add-test-cases-for-import-without-uid.patch delete mode 100644 gnupg-add_legacy_FIPS_mode_option.patch delete mode 100644 gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch delete mode 100644 gnupg-allow-large-rsa.patch delete mode 100644 gnupg-detect_FIPS_mode.patch delete mode 100644 gnupg-dont-fail-with-seahorse-agent.patch delete mode 100644 gnupg-gpg-agent-ulimit.patch delete mode 100644 gnupg-revert-rfc4880bis.patch delete mode 100644 gnupg-set_umask_before_open_outfile.patch create mode 100644 gpg2-1.9.22-CVE-2006-6169.diff delete mode 100644 gpg2.keyring create mode 100644 nld-build.diff create mode 100644 pth-2.0.7.tar.bz2 create mode 100644 ready delete mode 100644 scdaemon.udev diff --git a/gnupg-1.9.18-tmpdir.diff b/gnupg-1.9.18-tmpdir.diff new file mode 100644 index 0000000..6f22e0b --- /dev/null +++ b/gnupg-1.9.18-tmpdir.diff @@ -0,0 +1,43 @@ +--- agent/gpg-agent.c ++++ agent/gpg-agent.c +@@ -789,6 +789,10 @@ + int fd_ssh; + pid_t pid; + ++ char *tmp1, *tmp; ++ char *tmp2 = "gpg-XXXXXX/S.gpg-agent"; ++ size_t len; ++ + /* Remove the DISPLAY variable so that a pinentry does not + default to a specific display. There is still a default + display when gpg-agent was started using --display or a +@@ -800,16 +804,26 @@ + unsetenv ("DISPLAY"); + #endif + ++ if ((tmp1 = getenv("TMPDIR")) == NULL) ++ tmp1 = "/tmp"; ++ ++ len = strlen(tmp1) + strlen(tmp2) + 10; ++ tmp = malloc(len); ++ ++ snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); + + /* Create the sockets. */ + socket_name = create_socket_name (standard_socket, + "S.gpg-agent", +- "/tmp/gpg-XXXXXX/S.gpg-agent"); +- if (opt.ssh_support) ++ tmp); ++ if (opt.ssh_support) { ++ snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); + socket_name_ssh = create_socket_name (standard_socket, + "S.gpg-agent.ssh", +- "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); ++ tmp); ++ } + ++ free(tmp); + fd = create_server_socket (standard_socket, socket_name); + if (opt.ssh_support) + fd_ssh = create_server_socket (standard_socket, socket_name_ssh); diff --git a/gnupg-1.9.22-ccid-driver-fix.diff b/gnupg-1.9.22-ccid-driver-fix.diff new file mode 100644 index 0000000..83a8e77 --- /dev/null +++ b/gnupg-1.9.22-ccid-driver-fix.diff @@ -0,0 +1,42 @@ +Index: scd/ccid-driver.c +=================================================================== +--- scd/ccid-driver.c.orig ++++ scd/ccid-driver.c +@@ -75,8 +75,6 @@ + # include + #endif + +-#if defined(HAVE_LIBUSB) || defined(TEST) +- + #include + #include + #include +@@ -91,7 +89,14 @@ + #include "ccid-driver.h" + + #define DRVNAME "ccid-driver: " +- ++static int debug_level; /* Flag to control the debug output. ++ 0 = No debugging ++ 1 = USB I/O info ++ 2 = T=1 protocol tracing ++ */ ++ ++#if defined(HAVE_LIBUSB) || defined(TEST) ++#include + + /* Depending on how this source is used we either define our error + output to go to stderr or to the jnlib based logging functions. We +@@ -250,11 +255,7 @@ struct ccid_driver_s + + + static int initialized_usb; /* Tracks whether USB has been initialized. */ +-static int debug_level; /* Flag to control the debug output. +- 0 = No debugging +- 1 = USB I/O info +- 2 = T=1 protocol tracing +- */ ++ + + + static unsigned int compute_edc (const unsigned char *data, size_t datalen, diff --git a/gnupg-1.9.22-warnings-fix.diff b/gnupg-1.9.22-warnings-fix.diff new file mode 100644 index 0000000..6ad5a7c --- /dev/null +++ b/gnupg-1.9.22-warnings-fix.diff @@ -0,0 +1,66 @@ +Index: agent/gpg-agent.c +=================================================================== +--- agent/gpg-agent.c.orig ++++ agent/gpg-agent.c +@@ -1621,7 +1621,7 @@ check_for_running_agent (int mode) + int rc; + char *infostr, *p; + assuan_context_t ctx; +- int prot, pid; ++ int prot=0, pid=0; + + if (!mode) + { +Index: g10/pubkey-enc.c +=================================================================== +--- g10/pubkey-enc.c.orig ++++ g10/pubkey-enc.c +@@ -154,7 +154,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, P + int rc; + gcry_mpi_t plain_dek = NULL; + byte *frame = NULL; +- unsigned n, nframe; ++ size_t n, nframe; + u16 csum, csum2; + + int card = 0; +@@ -166,7 +166,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, P + size_t rbuflen; + char *snbuf; + unsigned char *indata = NULL; +- unsigned int indatalen; ++ size_t int indatalen; + + snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk); + +Index: g10/seckey-cert.c +=================================================================== +--- g10/seckey-cert.c.orig ++++ g10/seckey-cert.c +@@ -107,7 +107,7 @@ do_check( PKT_secret_key *sk, const char + + csum = 0; + if( sk->version >= 4 ) { +- int ndata; ++ size_t ndata; + unsigned int ndatabits; + byte *p, *data; + u16 csumc = 0; +@@ -337,7 +337,7 @@ protect_secret_key( PKT_secret_key *sk, + { + int i,j, rc = 0; + byte *buffer; +- unsigned nbytes; ++ size_t nbytes; + u16 csum; + + if( !dek ) +@@ -370,7 +370,7 @@ protect_secret_key( PKT_secret_key *sk, + gcry_cipher_setiv (cipher_hd, sk->protect.iv, sk->protect.ivlen); + if( sk->version >= 4 ) { + byte *bufarr[PUBKEY_MAX_NSKEY]; +- unsigned narr[PUBKEY_MAX_NSKEY]; ++ size_t narr[PUBKEY_MAX_NSKEY]; + unsigned nbits[PUBKEY_MAX_NSKEY]; + int ndata=0; + byte *p, *data; diff --git a/gnupg-1.9.22.tar.bz2 b/gnupg-1.9.22.tar.bz2 new file mode 100644 index 0000000..a96a6fd --- /dev/null +++ b/gnupg-1.9.22.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2e4472e00c14c881ee1f93deddbe91d3c520311839f30d336ca48a51939e45cf +size 1908546 diff --git a/gnupg-2.0.9-langinfo.patch b/gnupg-2.0.9-langinfo.patch deleted file mode 100644 index e7c22d8..0000000 --- a/gnupg-2.0.9-langinfo.patch +++ /dev/null @@ -1,17 +0,0 @@ -# fix [bnc#305725] - non latin characters displayed incorrectly by pinentry ---- -# jnlib/utf8conv.c | 1 + -# 1 file changed, 1 insertion(+) -# -Index: gnupg-2.1.0/common/utf8conv.c -=================================================================== ---- gnupg-2.1.0.orig/common/utf8conv.c 2014-10-11 19:45:14.000000000 +0200 -+++ gnupg-2.1.0/common/utf8conv.c 2014-11-07 11:35:05.491413258 +0100 -@@ -198,6 +198,7 @@ set_native_charset (const char *newset) - #else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/ - - #ifdef HAVE_LANGINFO_CODESET -+ setlocale(LC_ALL, ""); - newset = nl_langinfo (CODESET); - #else /*!HAVE_LANGINFO_CODESET*/ - /* Try to get the used charset from environment variables. */ diff --git a/gnupg-2.2.16-secmem.patch b/gnupg-2.2.16-secmem.patch deleted file mode 100644 index 22ac5c2..0000000 --- a/gnupg-2.2.16-secmem.patch +++ /dev/null @@ -1,35 +0,0 @@ -Index: gnupg-2.2.16/g10/gpg.c -=================================================================== ---- gnupg-2.2.16.orig/g10/gpg.c -+++ gnupg-2.2.16/g10/gpg.c -@@ -973,7 +973,7 @@ make_libversion (const char *libname, co - - if (maybe_setuid) - { -- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ -+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ - maybe_setuid = 0; - } - s = getfnc (NULL); -@@ -1125,7 +1125,7 @@ build_list (const char *text, char lette - char *string; - - if (maybe_setuid) -- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ -+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ - - indent = utf8_charcount (text, -1); - len = 0; -Index: gnupg-2.2.16/sm/gpgsm.c -=================================================================== ---- gnupg-2.2.16.orig/sm/gpgsm.c -+++ gnupg-2.2.16/sm/gpgsm.c -@@ -533,7 +533,7 @@ make_libversion (const char *libname, co - - if (maybe_setuid) - { -- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ -+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ - maybe_setuid = 0; - } - s = getfnc (NULL); diff --git a/gnupg-2.4.1.tar.bz2 b/gnupg-2.4.1.tar.bz2 deleted file mode 100644 index f61626e..0000000 --- a/gnupg-2.4.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:76b71e5aeb443bfd910ce9cbc8281b617c8341687afb67bae455877972b59de8 -size 7341338 diff --git a/gnupg-2.4.1.tar.bz2.sig b/gnupg-2.4.1.tar.bz2.sig deleted file mode 100644 index c12b732bc36d7aba22f95b7fcedaf6ee6e00cc7431c12f265e0842ee382a7f27..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGVvrS6WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0Dc&3X8MrtFU?S_P8GbR@ zrC3C7op-Y!DmJAfE=?itaou)fzok7Kwl4jRt(zkl88)Oa+8bIN%Gchw^+MW{C0?Ef Td8e@VNa=5zD4}4poRJ# -Date: Thu, 13 Jun 2019 21:27:43 +0200 -Subject: [PATCH] gpg: accept subkeys with a good revocation but no self-sig - during import - -* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we -encounter a valid revocation signature. This allows import of subkey -revocation signatures, even in the absence of a corresponding subkey -binding signature. - --- - -This fixes the remaining test in import-incomplete.scm. - -GnuPG-Bug-id: 4393 -Signed-off-by: Daniel Kahn Gillmor ---- - g10/import.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/g10/import.c b/g10/import.c -index 2be214e63..ae2453803 100644 ---- a/g10/import.c -+++ b/g10/import.c -@@ -3536,6 +3536,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) - /* It's valid, so is it newer? */ - if (sig->timestamp >= rsdate) - { -+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ - if (rsnode) - { - /* Delete the last revocation sig since diff --git a/gnupg-add-test-cases-for-import-without-uid.patch b/gnupg-add-test-cases-for-import-without-uid.patch deleted file mode 100644 index 78983e5..0000000 --- a/gnupg-add-test-cases-for-import-without-uid.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 4c40bfa90bda748e5dada0bb1cc8fae14d744f07 Mon Sep 17 00:00:00 2001 -From: Vincent Breitmoser -Date: Thu, 13 Jun 2019 21:27:41 +0200 -Subject: [PATCH] tests: add test cases for import without uid - -This commit adds a test case that does the following, in order: -- Import of a primary key plus user id -- Check that import of a subkey works, without a user id present in the -imported key -- Check that import of a subkey revocation works, without a user id or -subkey binding signature present in the imported key -- Check that import of a primary key revocation works, without a user id -present in the imported key - --- - -Note that this test currently fails. The following changesets will -fix gpg so that the tests pass. - -GnuPG-Bug-id: 4393 -Signed-Off-By: Daniel Kahn Gillmor ---- - tests/openpgp/Makefile.am | 1 + - tests/openpgp/import-incomplete.scm | 68 +++++++++++++++++++ - .../import-incomplete/primary+revocation.asc | 9 +++ - .../primary+subkey+sub-revocation.asc | 10 +++ - .../primary+subkey+sub-sig.asc | 10 +++ - .../import-incomplete/primary+uid-sig.asc | 10 +++ - .../openpgp/import-incomplete/primary+uid.asc | 10 +++ - 7 files changed, 118 insertions(+) - create mode 100755 tests/openpgp/import-incomplete.scm - create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc - create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc - create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc - create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc - create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc - -diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am -index e5be42b41..d886bc8f7 100644 ---- a/tests/openpgp/Makefile.am -+++ b/tests/openpgp/Makefile.am -@@ -78,6 +78,7 @@ XTESTS = \ - gpgv-forged-keyring.scm \ - armor.scm \ - import.scm \ -+ import-incomplete.scm \ - import-revocation-certificate.scm \ - ecc.scm \ - 4gb-packet.scm \ -diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm -new file mode 100755 -index 000000000..727a027c6 ---- /dev/null -+++ b/tests/openpgp/import-incomplete.scm -@@ -0,0 +1,68 @@ -+#!/usr/bin/env gpgscm -+ -+;; Copyright (C) 2016 g10 Code GmbH -+;; -+;; This file is part of GnuPG. -+;; -+;; GnuPG is free software; you can redistribute it and/or modify -+;; it under the terms of the GNU General Public License as published by -+;; the Free Software Foundation; either version 3 of the License, or -+;; (at your option) any later version. -+;; -+;; GnuPG is distributed in the hope that it will be useful, -+;; but WITHOUT ANY WARRANTY; without even the implied warranty of -+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+;; GNU General Public License for more details. -+;; -+;; You should have received a copy of the GNU General Public License -+;; along with this program; if not, see . -+ -+(load (in-srcdir "tests" "openpgp" "defs.scm")) -+(setup-environment) -+ -+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) -+ -+(info "Test import of new subkey, from a certificate without uid") -+(define keyid "573EA710367356BB") -+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) -+(tr:do -+ (tr:pipe-do -+ (pipe:gpg `(--list-keys --with-colons ,keyid))) -+ (tr:call-with-content -+ (lambda (c) -+ ;; XXX we do not have a regexp library -+ (unless (any (lambda (line) -+ (and (string-prefix? line "sub:") -+ (string-contains? line "573EA710367356BB"))) -+ (string-split-newlines c)) -+ (exit 1))))) -+ -+(info "Test import of a subkey revocation, from a certificate without uid") -+(define keyid "573EA710367356BB") -+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) -+(tr:do -+ (tr:pipe-do -+ (pipe:gpg `(--list-keys --with-colons ,keyid))) -+ (tr:call-with-content -+ (lambda (c) -+ ;; XXX we do not have a regexp library -+ (unless (any (lambda (line) -+ (and (string-prefix? line "sub:r:") -+ (string-contains? line "573EA710367356BB"))) -+ (string-split-newlines c)) -+ (exit 1))))) -+ -+(info "Test import of revocation, from a certificate without uid") -+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) -+(tr:do -+ (tr:pipe-do -+ (pipe:gpg `(--list-keys --with-colons ,keyid))) -+ (tr:call-with-content -+ (lambda (c) -+ ;; XXX we do not have a regexp library -+ (unless (any (lambda (line) -+ (and (string-prefix? line "pub:r:") -+ (string-contains? line "0843DA969AA8DAFB"))) -+ (string-split-newlines c)) -+ (exit 1))))) -+ -diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc -new file mode 100644 -index 000000000..6b7b60802 ---- /dev/null -+++ b/tests/openpgp/import-incomplete/primary+revocation.asc -@@ -0,0 +1,9 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Comment: [E] primary key, revocation signature over primary (no user ID) -+ -+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ -+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ -+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 -+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== -+=tM90 -+-----END PGP PUBLIC KEY BLOCK----- -diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc -new file mode 100644 -index 000000000..83a51a549 ---- /dev/null -+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc -@@ -0,0 +1,10 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Comment: [D] primary key, subkey, subkey revocation (no user ID) -+ -+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ -+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK -+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC -+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ -+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= -+=dwx2 -+-----END PGP PUBLIC KEY BLOCK----- -diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc -new file mode 100644 -index 000000000..dc47a02d8 ---- /dev/null -+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc -@@ -0,0 +1,10 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Comment: [B] primary key, subkey, subkey binding sig (no user ID) -+ -+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ -+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK -+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC -+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR -+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= -+=xuDu -+-----END PGP PUBLIC KEY BLOCK----- -diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc -new file mode 100644 -index 000000000..134607d0e ---- /dev/null -+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc -@@ -0,0 +1,10 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Comment: [C] primary key and self-sig expiring in 2024 (no user ID) -+ -+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ -+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 -+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu -+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN -+9ohXOEBWvdJgVv2YAg== -+=KWIK -+-----END PGP PUBLIC KEY BLOCK----- -diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc -new file mode 100644 -index 000000000..055f30086 ---- /dev/null -+++ b/tests/openpgp/import-incomplete/primary+uid.asc -@@ -0,0 +1,10 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Comment: [A] primary key, user ID, and self-sig expiring in 2021 -+ -+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ -+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC -+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja -++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI -+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= -+=1eII -+-----END PGP PUBLIC KEY BLOCK----- diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch deleted file mode 100644 index cff4267..0000000 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ /dev/null @@ -1,68 +0,0 @@ ---- - doc/gpg.texi | 18 ++++++++++++++++++ - g10/gpg.c | 9 +++++++++ - 2 files changed, 27 insertions(+) - -Index: gnupg-2.4.1/doc/gpg.texi -=================================================================== ---- gnupg-2.4.1.orig/doc/gpg.texi -+++ gnupg-2.4.1/doc/gpg.texi -@@ -2285,6 +2285,24 @@ implies, this option is for experts only - understand the implications of what it allows you to do, leave this - off. @option{--no-expert} disables this option. - -+@item --set-legacy-fips -+@itemx --set-legacy-fips -+@opindex set-legacy-fips -+Enable legacy support even when the libgcrypt library is in FIPS 140-2 -+mode. The legacy mode of libgcrypt allows the use of all ciphers, -+including non-approved ciphers. This mode is needed when for legacy -+reasons a message must be encrypted or decrypted. Legacy reasons for -+decryptions include the decryption of old messages created with a -+public key that use cipher settings which do not meet FIPS 140-2 -+requirements. Legacy reasons for encryption include the encryption -+of messages with a recipients public key where the recipient is not -+bound to FIPS 140-2 regulation and therefore provided a key using -+non-approved ciphers. Although the legacy mode is a violation of strict -+FIPS 140-2 rule interpretations, it is wise to use this mode or -+either not being able to access old messages or not being able -+to create encrypted messages to a recipient that is not adhering -+to FIPS 140-2 rules. -+ - @end table - - -Index: gnupg-2.4.1/g10/gpg.c -=================================================================== ---- gnupg-2.4.1.orig/g10/gpg.c -+++ gnupg-2.4.1/g10/gpg.c -@@ -444,6 +444,7 @@ enum cmd_and_opt_values - oForceSignKey, - oForbidGenKey, - oRequireCompliance, -+ oSetLegacyFips, - oCompatibilityFlags, - oAddDesigRevoker, - oAssertSigner, -@@ -978,6 +979,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), - ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), - ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), -+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), - - - ARGPARSE_group (302, N_( -@@ -3743,6 +3745,13 @@ main (int argc, char **argv) - add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str); - break; - -+ case oSetLegacyFips: -+ if(gcry_fips_mode_active()) -+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, -+ "Enable legacy support in FIPS 140-2 mode"); -+ else -+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); -+ break; - - case oNoop: break; - diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch deleted file mode 100644 index 649e0d8..0000000 --- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +++ /dev/null @@ -1,108 +0,0 @@ -From a1db83d8a3308277f01b96833c13693bd7e13ff9 Mon Sep 17 00:00:00 2001 -From: Vincent Breitmoser -Date: Thu, 13 Jun 2019 21:27:42 +0200 -Subject: [PATCH] gpg: allow import of previously known keys, even without UIDs - -* g10/import.c (import_one): Accept an incoming OpenPGP certificate that -has no user id, as long as we already have a local variant of the cert -that matches the primary key. - --- - -This fixes two of the three broken tests in import-incomplete.scm. - -GnuPG-Bug-id: 4393 -Signed-off-by: Daniel Kahn Gillmor ---- - g10/import.c | 49 +++++++++++-------------------------------------- - 1 file changed, 11 insertions(+), 38 deletions(-) - -Index: gnupg-2.4.0/g10/import.c -=================================================================== ---- gnupg-2.4.0.orig/g10/import.c -+++ gnupg-2.4.0/g10/import.c -@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, - size_t an; - char pkstrbuf[PUBKEY_STRING_SIZE]; - int merge_keys_done = 0; -- int any_filter = 0; - KEYDB_HANDLE hd = NULL; - - if (r_valid) -@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, - log_printf ("\n"); - } - -- -- if (!uidnode) -- { -- if (!silent) -- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); -- return 0; -- } -- - if (screener && screener (keyblock, screener_arg)) - { - log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, - } - } - -- /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) -- { -- if (!silent) -- { -- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet) -- log_info(_("this may be caused by a missing self-signature\n")); -- } -- stats->no_user_id++; -- return 0; -- } -+ /* Delete invalid parts, and note if we have any valid ones left. -+ * We will later abort import if this key is new but contains -+ * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); - - /* Get rid of deleted nodes. */ - commit_kbnode (&keyblock); -@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, - { - apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); - commit_kbnode (&keyblock); -- any_filter = 1; - } - if (import_filter.drop_sig) - { - apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); - commit_kbnode (&keyblock); -- any_filter = 1; -- } -- -- /* If we ran any filter we need to check that at least one user id -- * is left in the keyring. Note that we do not use log_error in -- * this case. */ -- if (any_filter && !any_uid_left (keyblock)) -- { -- if (!opt.quiet ) -- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); -- stats->no_user_id++; -- return 0; - } - - /* The keyblock is valid and ready for real import. */ -@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, - err = 0; - stats->skipped_new_keys++; - } -+ else if (err && !any_uid_left (keyblock)) -+ { -+ if (!silent) -+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); -+ err = 0; -+ stats->no_user_id++; -+ } - else if (err) /* Insert this key. */ - { - /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/gnupg-allow-large-rsa.patch b/gnupg-allow-large-rsa.patch deleted file mode 100644 index 81e726a..0000000 --- a/gnupg-allow-large-rsa.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: gnupg-2.4.1/g10/keygen.c -=================================================================== ---- gnupg-2.4.1.orig/g10/keygen.c -+++ gnupg-2.4.1/g10/keygen.c -@@ -2456,7 +2456,7 @@ get_keysize_range (int algo, unsigned in - - default: - *min = opt.compliance == CO_DE_VS ? 2048: 1024; -- *max = 4096; -+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; - def = 3072; - break; - } diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch deleted file mode 100644 index 025a611..0000000 --- a/gnupg-detect_FIPS_mode.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: gnupg-2.3.8/g10/mainproc.c -=================================================================== ---- gnupg-2.3.8.orig/g10/mainproc.c -+++ gnupg-2.3.8/g10/mainproc.c -@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt ) - according to 2440, so hopefully it won't come up that often. - There is no good way to specify what algorithms to use in - that case, so these there are the historical answer. */ -- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); -+ -+ /* Libgcrypt manual says that gcry_version_check must be called -+ * before calling gcry_fips_mode_active. */ -+ gcry_check_version (NULL); -+ if(!gcry_fips_mode_active()) -+ gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160); - gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); - } - if (DBG_HASHING) diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch deleted file mode 100644 index e4bbb06..0000000 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- - g10/passphrase.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: gnupg-2.3.0/g10/passphrase.c -=================================================================== ---- gnupg-2.3.0.orig/g10/passphrase.c -+++ gnupg-2.3.0/g10/passphrase.c -@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac - } - else - { -- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); -+ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); - /* Due to limitations in the API of the upper layers they - consider an error as no passphrase entered. This works in - most cases but not during key creation where this should diff --git a/gnupg-gpg-agent-ulimit.patch b/gnupg-gpg-agent-ulimit.patch deleted file mode 100644 index 735bbdb..0000000 --- a/gnupg-gpg-agent-ulimit.patch +++ /dev/null @@ -1,35 +0,0 @@ -gpg-agent is in the chain of commands in xinitrc. -It receives a list of commands via argv[] which it is supposed to launch via exec. -In this mode all what matters is a bunch of setenv() of gpg related variables. -At no point it must fiddle with ulimit that was provided by its callers. -In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session. - -Every code path before the fork() call does no sensitive things, so coredumps do not matter. - -gpg-agent does fork a child in this mode. -That child has the liberty to tweak ulimit in every way it wants. -This is what this patch does. - -Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process. -As a result, crashes of desktop applications can not be debugged. - -References: bsc#1124847 - ---- a/agent/gpg-agent.c -+++ b/agent/gpg-agent.c -@@ -1049,7 +1049,6 @@ main (int argc, char **argv ) - gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); - gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL); - -- disable_core_dumps (); - - /* Set default options. */ - parse_rereadable_options (NULL, 0); /* Reset them to default values. */ -@@ -1738,6 +1737,7 @@ main (int argc, char **argv ) - /* - This is the child - */ -+ disable_core_dumps (); - - initialize_modules (); - diff --git a/gnupg-revert-rfc4880bis.patch b/gnupg-revert-rfc4880bis.patch deleted file mode 100644 index f981206..0000000 --- a/gnupg-revert-rfc4880bis.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Mon, 31 Oct 2022 16:14:18 +0100 -Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg - -* g10/gpg.c (oRFC4880bis): Remove. -(opts): Make --rfc4880bis a Noop. -(compliance_options): Make rfc4880bis to gnupg. -(set_compliance_option): Remove rfc4880bis stuff. -(main): Ditto. Note that this now activates the --mimemode option. -* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection. -(keygen_upd_std_prefs): Always announce support for v5 keys. -(read_parameter_file): Activate the v4 and v5 keywords. --- - -Index: gnupg-2.4.1/g10/gpg.c -=================================================================== ---- gnupg-2.4.1.orig/g10/gpg.c -+++ gnupg-2.4.1/g10/gpg.c -@@ -247,6 +247,7 @@ enum cmd_and_opt_values - oGnuPG, - oRFC2440, - oRFC4880, -+ oRFC4880bis, - oOpenPGP, - oPGP7, - oPGP8, -@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), - ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), - ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), -+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"), - ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), - ARGPARSE_s_n (oPGP7, "pgp6", "@"), - ARGPARSE_s_n (oPGP7, "pgp7", "@"), -@@ -977,7 +979,6 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), - ARGPARSE_s_s (oNoop, "aead-algo", "@"), - ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), -- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), - ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), - ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), - -@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co - { - { "gnupg", oGnuPG }, - { "openpgp", oOpenPGP }, -- { "rfc4880bis", oGnuPG }, -+ { "rfc4880bis", oRFC4880bis }, - { "rfc4880", oRFC4880 }, - { "rfc2440", oRFC2440 }, - { "pgp6", oPGP7 }, -@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co - static void - set_compliance_option (enum cmd_and_opt_values option) - { -+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */ -+ - switch (option) - { -+ case oRFC4880bis: -+ opt.flags.rfc4880bis = 1; -+ opt.compliance = CO_RFC4880; -+ opt.flags.dsa2 = 1; -+ opt.flags.require_cross_cert = 1; -+ opt.rfc2440_text = 0; -+ opt.allow_non_selfsigned_uid = 1; -+ opt.allow_freeform_uid = 1; -+ opt.escape_from = 1; -+ opt.not_dash_escaped = 0; -+ opt.def_cipher_algo = 0; -+ opt.def_digest_algo = 0; -+ opt.cert_digest_algo = 0; -+ opt.compress_algo = -1; -+ opt.s2k_mode = 3; /* iterated+salted */ -+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; -+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256; -+ break; - case oOpenPGP: - case oRFC4880: - /* This is effectively the same as RFC2440, but with -@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_ - case oPGP8: opt.compliance = CO_PGP8; break; - case oGnuPG: - opt.compliance = CO_GNUPG; -+ opt.flags.rfc4880bis = 1; - break; - - case oDE_VS: -@@ -2490,6 +2512,7 @@ main (int argc, char **argv) - opt.emit_version = 0; - opt.weak_digests = NULL; - opt.compliance = CO_GNUPG; -+ opt.flags.rfc4880bis = 1; - - /* Check special options given on the command line. */ - orig_argc = argc; -@@ -3032,6 +3055,7 @@ main (int argc, char **argv) - case oOpenPGP: - case oRFC2440: - case oRFC4880: -+ case oRFC4880bis: - case oPGP7: - case oPGP8: - case oGnuPG: -@@ -3867,6 +3891,11 @@ main (int argc, char **argv) - if( may_coredump && !opt.quiet ) - log_info(_("WARNING: program may create a core file!\n")); - -+ if (!opt.flags.rfc4880bis) -+ { -+ opt.mimemode = 0; /* This will use text mode instead. */ -+ } -+ - if (eyes_only) { - if (opt.set_filename) - log_info(_("WARNING: %s overrides %s\n"), -@@ -4083,7 +4112,7 @@ main (int argc, char **argv) - /* Check our chosen algorithms against the list of legal - algorithms. */ - -- if(!GNUPG) -+ if(!GNUPG && !opt.flags.rfc4880bis) - { - const char *badalg=NULL; - preftype_t badtype=PREFTYPE_NONE; -Index: gnupg-2.4.1/g10/keygen.c -=================================================================== ---- gnupg-2.4.1.orig/g10/keygen.c -+++ gnupg-2.4.1/g10/keygen.c -@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string - strcat(dummy_string,"S7 "); - strcat(dummy_string,"S2 "); /* 3DES */ - -- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) -+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) - strcat(dummy_string,"A2 "); - - if (personal) -@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig - /* Make sure that the MDC feature flag is set if needed. */ - add_feature_mdc (sig,mdc_available); - add_feature_aead (sig, aead_available); -- add_feature_v5 (sig, 1); -+ add_feature_v5 (sig, opt.flags.rfc4880bis); - add_keyserver_modify (sig,ks_modify); - keygen_add_keyserver_url(sig,NULL); - -@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, - } - } - else if (!ascii_strcasecmp (s, "v5")) -- keyversion = 5; -+ { -+ if (opt.flags.rfc4880bis) -+ keyversion = 5; -+ } - else if (!ascii_strcasecmp (s, "v4")) - keyversion = 4; - else -@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, - * ecdsa := Use algorithm ECDSA. - * eddsa := Use algorithm EdDSA. - * ecdh := Use algorithm ECDH. -- * v5 := Create version 5 key -+ * v5 := Create version 5 key (requires option --rfc4880bis) - * - * There are several defaults and fallbacks depending on the - * algorithm. PART can be used to select which part of STRING is -@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const - } - } - -- if ((keywords[i].key == pVERSION -- || keywords[i].key == pSUBVERSION)) -- ; /* Ignore version. */ -+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION -+ || keywords[i].key == pSUBVERSION)) -+ ; /* Ignore version unless --rfc4880bis is active. */ - else - { - r = xmalloc_clear( sizeof *r + strlen( value ) ); -@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p - para = r; - } - -- r = xmalloc_clear (sizeof *r + 20); -- r->key = for_subkey? pSUBVERSION : pVERSION; -- snprintf (r->u.value, 20, "%d", version); -- r->next = para; -- para = r; -+ if (opt.flags.rfc4880bis) -+ { -+ r = xmalloc_clear (sizeof *r + 20); -+ r->key = for_subkey? pSUBVERSION : pVERSION; -+ snprintf (r->u.value, 20, "%d", version); -+ r->next = para; -+ para = r; -+ } - - if (keytime) - { diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch deleted file mode 100644 index 7e78d69..0000000 --- a/gnupg-set_umask_before_open_outfile.patch +++ /dev/null @@ -1,43 +0,0 @@ -Index: gnupg-2.3.0/g10/plaintext.c -=================================================================== ---- gnupg-2.3.0.orig/g10/plaintext.c -+++ gnupg-2.3.0/g10/plaintext.c -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - #ifdef HAVE_DOSISH_SYSTEM - # include /* for setmode() */ - #endif -@@ -38,6 +39,9 @@ - #include "../common/status.h" - #include "../common/i18n.h" - -+/* define safe permissions for creating plaintext files */ -+#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR) -+#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS) - - /* Get the output filename. On success, the actual filename that is - used is set in *FNAMEP and a filepointer is returned in *FP. -@@ -161,11 +165,15 @@ get_output_file (const byte *embedded_na - log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); - goto leave; - } -- else if (!(fp = es_fopen (fname, "wb"))) -- { -- err = gpg_error_from_syserror (); -- log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); -- goto leave; -+ else { -+ mode_t saved_umask = umask(GPG_SAFE_UMASK); -+ if( !(fp = es_fopen(fname,"wb")) ) { -+ err = gpg_error_from_syserror (); -+ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); -+ umask(saved_umask); -+ goto leave; -+ } -+ umask(saved_umask); - } - - leave: diff --git a/gpg2-1.9.22-CVE-2006-6169.diff b/gpg2-1.9.22-CVE-2006-6169.diff new file mode 100644 index 0000000..80311f2 --- /dev/null +++ b/gpg2-1.9.22-CVE-2006-6169.diff @@ -0,0 +1,13 @@ +--- g10/openfile.c ++++ g10/openfile.c +@@ -144,8 +144,8 @@ + + s = _("Enter new filename"); + +- n = strlen(s) + namelen + 10; + defname = name && namelen? make_printable_string( name, namelen, 0): NULL; ++ n = strlen(s) + (defname?strlen (defname):0) + 10; + prompt = xmalloc(n); + if( defname ) + sprintf(prompt, "%s [%s]: ", s, defname ); + diff --git a/gpg2.changes b/gpg2.changes index 5da703c..e75054f 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,2574 +1,3 @@ -------------------------------------------------------------------- -Sat Apr 29 08:25:46 UTC 2023 - Pedro Monreal - -- Temporarily revert back to the pre-2.4 default for key generation. - The new rfc4880bis has been set as the default in 2.4 version and - might create incompatible keys. Note that, rfc4880bis can still - be used with the option flag --rfc4880bis as in previous versions. - * More info in the gnupg-devel ML: - https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html - * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 - * Add gnupg-revert-rfc4880bis.patch - -------------------------------------------------------------------- -Sat Apr 29 08:12:32 UTC 2023 - Pedro Monreal - -- Allow 8192 bit RSA keys in keygen UI when large_rsa is set - * Add gnupg-allow-large-rsa.patch - -------------------------------------------------------------------- -Sat Apr 29 08:01:16 UTC 2023 - Pedro Monreal - -- Enable the regression tests: Fix the regression test suite that - fails with the IBM TPM Software stack. Builds fine using the Intel - TPM; use the swtpm and tpm2-0-tss-devel packages instead of - ibmswtpm2 and ibmtss-devel. - -------------------------------------------------------------------- -Fri Apr 28 17:32:11 UTC 2023 - David Anes - -- Rebased patches: - * gnupg-add_legacy_FIPS_mode_option.patch - -- Removed patches (already upstream): - * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - -- Don't ship systemd examples, as they are removed from upstream - release tarball. - -- Update to 2.4.1: - * If the ~/.gnupg directory does not exist, the keyboxd is now - automagically enabled. - * gpg: New option --add-desig-revoker. - * gpg: New option --assert-signer. - * gpg: New command --quick-add-adsk and other ADSK features. - * gpg: New list-option "show-unusable-sigs". Also show - "[self-signature]" instead of the user-id in key signature - listings. - * gpg: For symmetric encryption the default S2K hash is now SHA256. - * gpg: Detect already compressed data also when using a pipe. Also - detect JPEG and PNG file formats. - * gpg: New subcommand "openpgp" for --card-edit. - * gpgsm: Verification of detached signatures does now strip trailing - zeroes from the input if --assume-binary is used. - * gpgsm: Non-armored detached signature are now created without - using indefinite form length octets. This improves compatibility - with some PDF signature verification software. - * gpgtar: Emit progress status lines in create mode. - * dirmngr: The LDAP modifyTimestamp is now returned by some - keyserver commands. - * ssh: Allow specification of the order keys are presented to ssh. - See the man page entry for --enable-ssh-support. - * gpg: Make list-options "show-sig-subpackets" work again. - Fixes regression in 2.4.0. - * gpg: Fix the keytocard command for Yubikeys. - * gpg: Do not continue an export after a cancel for the primary key. - * gpg: Replace the --override-compliance-check hack by a real fix. - * gpgtar: Fix decryption with input taken from stdin. - -------------------------------------------------------------------- -Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal - -- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 - * The original patch has been modified to expand the changes - also to the tests/gpgme/Makefile.in file. - * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - -------------------------------------------------------------------- -Tue Dec 20 16:01:05 UTC 2022 - David Anes - -- Updated to require libgpg-error-devel >= 1.46 - -- Rebased patches: - * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch - * gnupg-add_legacy_FIPS_mode_option.patch - -- GnuPG 2.4.0: - * common: Fix translations in --help for gpgrt < 1.47. - * gpg: Do not continue the export after a cancel for the primary key. - * gpg: Replace use of PRIu64 in log_debug. - * Update NEWS for 2.4.0. - * tests: Fix make check with GPGME. - * agent: Allow arguments to "scd serialno" in restricted mode. - * scd:p15: Skip deleted records. - * build: Remove Windows CE support. - * wkd: Do not send/install/mirror expired user ids. - * gpgsm: Print the revocation time also with --verify. - * gpgsm: Fix "problem re-searching certificate" case. - * gpgsm: Print revocation date and reason in cert listings. - * gpgsm: Silence the "non-critical certificate policy not allowed". - * gpgsm: Always use the chain model if the root-CA requests this. - * gpg: New export option "mode1003". - * gpg: Remove a mostly duplicated function. - * tests: Simplify fake-pinentry to use the option only. - * tests: Fix fake-pinentry for Windows. - * tests: Fix make check-all. - * agent: Fix import of protected v5 keys. - * gpgsm: Change default algo to AES-256. - * tests: Put a workaround for semihosted environment. - * tests: More fix for semihosted environment. - * tests: Support semihosted environment. - * tests: Fix tests under cms. - * tests,w32: Fix for semihosted environment. - * w32: Fix for tests on semihosted environment. - * w32: Fix gnupg_unsetenv. - * wkd: New option --add-revocs and some fixes. - * wkd: Make use of --debug extprog. - * gpg: New export-filter export-revocs. - * gpg: Fix double-free in gpg --card-edit. - * gpg: Make --require-compliance work with out --status-fd. - * gpg: New option --list-filter. - * dirmngr: Silence ocsp debug output. - * tests: Fix to support --enable-all-tests and variants. - * tests:w32: Fix for non-dot file name for Windows. - * tests:gpgscm:w32: Fix for GetTempPath. - * tests: Keep .log files in objdir. - * tests: Use 233 for invalid value of FD. - * w32: Fix gnupg_tmpfile for possible failure. - * scd: Redact --debug cardio output of a VERIFY APDU. - * common: Remove Windows CE support in common. - * gpgsm: Fix colon outout of ECC encryption certificates. - * scd:nks: Fix ECC signing if key not given by keygrip. - * dirmngr: Fix verification of ECDSA signed CRLs. - * agent: Allow trustlist on Windows in Unicode homedirs. - * gpg: Fix verification of cleartext signatures with overlong lines. - * gpg: Move w32_system function. - * gpg: New option --quick-update-pref. - * gpg: New list-options show-pref and show-pref-verbose. - * tests: Add tests to check that OCB is only used for capable keys. - * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. - * tests: Add symmetric decryption tests. - * tests: Add tr:assert-same function. - * agent: Avoid blanks in the ssh key's comment. - * build: Update m4 files. - * gpg: Merge --rfc4880bis features into --gnupg. - * gpg: Allow only OCB for AEAD encryption. - * gpg: New option --compatibility-flags. - * gpgsm: Also announce AES256-CBC in signatures. - * gpg: Fix trusted introducer for user-ids with only the mbox. - * gpg: Import stray revocation certificates. - * agent: Automatically convert to extended key format by KEYATTR. - * card: New commands "gpg" and "gpgsm". - * card: Also show fingerprints of known X.509 certificates. - * scd:nks: Support non-ESIGN signing with the Signature Card v2. - * gpgsm: Allow ECC encryption keys with just keyAgreement specified. - * gpgsm: Use macro constants for cert_usage_p. - * build: Update gpg-error.m4. - * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. - * gpg: Move NETLIBS after GPG_ERROR_LIBS. - * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. - * common,w32: Fix struct stat on Windows. - * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. - * common: Don't use FD2INT for POSIX-only code. - * dirmngr: Fix build with no LDAP support. - -------------------------------------------------------------------- -Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal - -- GnuPG 2.3.8: - * gpg: Do not consider unknown public keys as non-compliant while - decrypting. - * gpg: Avoid to emit a compliance mode line if Libgcrypt is - non-compliant. - * gpg: Improve --edit-key setpref command to ease c+p. - * gpg: Emit an ERROR status if --quick-set-primary-uid fails and - allow to pass the user ID by hash. - * gpg: Actually show symmetric+pubkey encrypted data as de-vs - compliant. Add extra compliance checks for symkey_enc packets. - * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit - preference. - * gpgsm: Fix reporting of bad passphrase error during PKCS#11 - import. - * agent: Fix a regression in "READKEY --format=ssh". - * agent: New option --need-attr for KEYINFO. - * agent: New attribute "Remote-list" for use by KEYINFO. - * scd: Fix problem with Yubikey 5.4 firmware. - * dirmngr: Fix CRL Distribution Point fallback to other schemes. - * dirmngr: New LDAP server flag "areconly" (A-record-only). - * dirmngr: Fix upload of multiple keys for an LDAP server specified - using the colon format. - * dirmngr: Use LDAP schema v2 when a Base DN is specified. - * dirmngr: Avoid caching expired certificates. - * wkd: Fix path traversal attack in gpg-wks-server. Add the mail - address to the pending request data. - * wkd: New command --mirror for gpg-wks-client. - * gpg-auth: New tool for authentication. - * New common.conf option no-autostart. - * Silence warnings from AllowSetForegroundWindow unless - GNUPG_EXEC_DEBUG_FLAGS is used. - * Rebase gnupg-detect_FIPS_mode.patch - * Remove patch upstream: - - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch - -------------------------------------------------------------------- -Mon Aug 8 18:00:44 UTC 2022 - Andreas Stieger - -- Fix YubiKey 5 Nano support (boo#1202201), add - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch - -------------------------------------------------------------------- -Tue Jul 12 22:06:02 UTC 2022 - Andreas Stieger - -- GnuPG 2.3.7: - * CVE-2022-34903: garbled status messages could trick gpgme and - other parsers to accept faked status lines [boo#1201225] - * A number of bug fixes to the gpg command line interface - * gpgsm gained a number of new options and got some rework on - the PKCS#12 parser to support DFN issues keys - * The gpg agent got some added options and UI tweaks - * smart card support got a number of bug fixes, and improved - support for Technology Nexus cards and Yubikey - * The Telesec ESIGN application is now supported - -------------------------------------------------------------------- -Mon May 16 09:12:06 UTC 2022 - Marcus Meissner - -- added tpm support, added a new subpackage gpg2-tpm - -------------------------------------------------------------------- -Mon Apr 25 19:09:32 UTC 2022 - Andreas Stieger - -- GnuPG 2.3.6: - * Up to five times faster verification of detached signatures, - doubled detached signing speed, threefold decryption speedup - for large files, nearly double the AES256.OCB encryption speed - * Add support for GeNUA cards - * Added and improved options for crypto options, and all-around - bug fixes - -------------------------------------------------------------------- -Wed Dec 22 16:08:08 UTC 2021 - Andreas Stieger - -- GnuPG 2.3.4: - * gpg: New option --min-rsa-length - * gpg: New option --forbid-gen-key - * gpg: New option --override-compliance-check - * gpgconf: New command --show-configs - * agent,dirmngr,keyboxd: New option --steal-socket - * gpg: Fix printing of binary notations - * gpg: Remove stale ultimately trusted keys from the trustdb - * gpg: Fix indentation of --print-mds and --print-md sha512 - * gpg: Emit gpg 2.2 compatible Ed25519 signature - * gpgsm: Detect circular chains in --list-chain - * dirmngr: Make reading resolv.conf more robust - * dirmngr: Ask keyservers to provide the key fingerprints - * gpgconf: Allow changing gpg's deprecated keyserver option - * gpg-wks-server: Fix created file permissions - * scd: Support longer data for ssh-agent authentication with - openpgp cards - * scd: Modify DEVINFO behavior to support looping forever - * Silence warning about the rootdir under Unices w/o a mounted - /proc file system - * Fix possible build problems about missing include files - -------------------------------------------------------------------- -Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger - -- GnuPG 2.3.3: - * agent: Fix segv in GET_PASSPHRASE (regression) - * dirmngr: Fix Let's Encrypt certificate chain validation - * gpg: Change default and maximum AEAD chunk size to 4 MiB - * gpg: Print a warning when importing a bad cv25519 secret key - * gpg: Fix --list-packets for undecryptable AEAD packets - * gpg: Verify backsigs for v5 keys correctly - * keyboxd: Fix checksum computation for no UBID entry on disk - * keyboxd: Fix "invalid object" error with cv448 keys - * dirmngr: New option --ignore-cert - * agent: Fix calibrate_get_time use of clock_gettime - * Support a gpgconf.ctl file under Unix and use this for the - regression tests - -------------------------------------------------------------------- -Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal - -- GnuPG 2.3.2: - * gpg: Allow fingerprint based lookup with --locate-external-key. - * gpg: Allow decryption w/o public key but with correct card inserted. - * gpg: Auto import keys specified with --trusted-keys. - * gpg: Do not use import-clean for LDAP keyserver imports. - * gpg: Fix mailbox based search via AKL keyserver method. - * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. - * gpg: Use a more descriptive prompt for symmetric decryption. - * gpg: Improve speed of secret key listing. - * gpg: Support keygrip search with traditional keyring. - * gpg: Let --fetch-key return an exit code on failure. - * gpg: Emit the NO_SECKEY status again for decryption. - * gpgsm: Support decryption of password based encryption (pwri). - * gpgsm: Support AES-GCM decryption. - * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. - * gpgsm: Fix finding of issuer in use-keyboxd mode. - * gpgsm: New option --ldapserver as an alias for --keyserver. - * agent: Use SHA-256 for SSH fingerprint by default. - * agent: Fix calling handle_pincache_put. - * agent: Fix importing protected secret key. - * agent: Fix a regression in agent_get_shadow_info_type. - * agent: Add translatable text for Caps Lock hint. - * agent: New option --pinentry-formatted-passphrase. - * agent: Add checkpin inquiry for pinentry. - * agent: New option --check-sym-passphrase-pattern. - * agent: Use the sysconfdir for a pattern file. - * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. - * dirmngr: LDAP search by a mailbox now ignores revoked keys. - * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. - * dirmngr: Allow for non-URL specified ldap keyservers. - * dirmngr: New option --ldapserver. - * dirmngr: Fix regression in KS_GET for mail address pattern. - * card: New option --shadow for the list command. - * tests: Make sure the built keyboxd is used. - * scd: Fix computing shared secrets for 512 bit curves. - * scd: Fix unblock PIN by a Reset Code with KDF. - * scd: Fix PC/SC removed card problem. - * scd: Recover the partial match for PORTSTR for PC/SC. - * scd: Make sure to release the PC/SC context. - * scd: Fix zero-byte handling in ECC. - * scd: Fix serial number detection for Yubikey 5. - * scd: Add basic support for AET JCOP cards. - * scd: Detect external interference when --pcsc-shared is in use. - * scd: Fix access to the list of cards. - * gpgconf: Do not list a disabled tpm2d. - * gpgconf: Make runtime changes with different homedir work. - * keyboxd: Fix searching for exact mail adddress. - * keyboxd: Fix searching with multiple patterns. - * tools: Extend gpg-check-pattern. - * wkd: Fix client issue with leading or trailing spaces in user-ids. - * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. - * Change the default keyserver to keyserver.ubuntu.com. This is a - temporary change due to the shutdown of the SKS keyserver pools. - -------------------------------------------------------------------- -Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal - -- GnuPG 2.3.1: - * The new configuration file common.conf is now used to enable - the use of the key database daemon with "use-keyboxd". Using - this option in gpg.conf and gpgsm.conf is supported for a - transitional period. See doc/example/common.conf for more. - * gpg: Force version 5 key creation for ed448 and cv448 algorithms. - * gpg: By default do not use the self-sigs-only option when - importing from an LDAP keyserver. - * gpg: Lookup a missing public key of the active card via LDAP. - * gpgsm: New command --show-certs. - * scd: Fix CCID driver for SCM SPR332/SPR532. - * scd: Further improvements for PKCS#15 cards. - * New configure option --with-tss to allow the selection of the - TSS library. -- Rebase patches: - * gnupg-add_legacy_FIPS_mode_option.patch - * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch - * gnupg-dont-fail-with-seahorse-agent.patch - * gnupg-set_umask_before_open_outfile.patch - -------------------------------------------------------------------- -Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger - -- GnuPG 2.3.0: - * A new experimental key database daemon is provided. To enable - it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored - in a SQLite database and make key lookup much faster. - * New tool gpg-card as a flexible frontend for all types of - supported smartcards. - * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and - gpg-connect-agent. - * The gpg-wks-client tool is now installed under bin; a wrapper for - its old location at libexec is also installed. - * tpm2d: New daemon to physically bind keys to the local machine. - * gpg: Switch to ed25519/cv25519 as default public key algorithms. - * gpg: Verification results now depend on the --sender option and - the signer's UID subpacket. - * gpg: Do not use any 64-bit block size cipher algorithm for - encryption. Use AES as last resort cipher preference instead of - 3DES. This can be reverted using --allow-old-cipher-algos. - * gpg: Support AEAD encryption mode using OCB or EAX. - * gpg: Support v5 keys and signatures. - * gpg: Support curve X448 (ed448, cv448). - * gpg: Allow use of group names in key listings. - * gpg: New option --full-timestrings to print date and time. - * gpg: New option --force-sign-key. - * gpg: New option --no-auto-trust-new-key. - * gpg: The legacy key discovery method PKA is no longer supported. - The command --print-pka-records and the PKA related import and - export options have been removed. - * gpg: Support export of Ed448 Secure Shell keys. - * gpgsm: Add basic ECC support. - * gpgsm: Support creation of EdDSA certificates. [#4888] - * agent: Allow the use of "Label:" in a key file to customize the - pinentry prompt. - * agent: Support ssh-agent extensions for environment variables. - With a patched version of OpenSSH this avoids the need for the - "updatestartuptty" kludge. - * scd: Improve support for multiple card readers and tokens. - * scd: Support PIV cards. - * scd: Support for Rohde&Schwarz Cybersecurity cards. - * scd: Support Telesec Signature Cards v2.0 - * scd: Support multiple application on certain smartcard. - * scd: New option --application-priority. - * scd: New option --pcsc-shared; see man page for important notes. - * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. - * The symcryptrun tool, a wrapper for the now obsolete external - Chiasmus tool, has been removed. - * Full Unicode support for the command line. -- dropped legacy commands: gpg-zip - -------------------------------------------------------------------- -Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger - -- Remove the "files-are-digests" option from the openSUSE package. - This feature was not upstream and only used in the OBS signing - daemon. The recommended upstream feature for separating the data - to be signed from the private keys is gpg agent forwarding, - available from 2.1. Drop gnupg-2.2.8-files-are-digests.patch - -------------------------------------------------------------------- -Tue Jan 12 22:45:11 UTC 2021 - Andreas Stieger - -- GnuPG 2.2.27: - * gpgconf: Fix case with neither local nor global gpg.conf - * gpgconf: Fix description of two new options -- includes changes from 2.2.26: - * gpg: New AKL method "ntds" - * gpg: Fix --trusted-key with fingerprint arg - * scd: Fix writing of ECC keys to an OpenPGP card - * scd: Make an USB error fix specific to SPR532 readers - * dirmngr: With new LDAP keyservers store the new attributes. - Never store the useless pgpSignerID. Fix a long standing - bug storing some keys on an ldap server. - * dirmngr: Support the new Active Direcory LDAP schema for - keyservers - * dirmngr: Allow LDAP OpenPGP searches via fingerprint - * dirmngr: Do not block other threads during keyserver LDAP calls - * Support global configuration files - * Fix the iconv fallback handling to UTF-8 - -------------------------------------------------------------------- -Mon Nov 23 22:36:17 UTC 2020 - Andreas Stieger - -- GnuPG 2.2.25: - * scd: Fix regression in 2.2.24 requiring gpg --card-status - before signing or decrypting - * gpgsm: Using Libksba 1.5.0 signatures with a rarely used - combination of attributes can now be verified - -------------------------------------------------------------------- -Tue Nov 17 21:52:38 UTC 2020 - Andreas Stieger - -- GnuPG 2.2.24: - * gpg: New command --quick-revoke-sig - * gpg: Do not use weak digest algos if selected by recipient - preference during sign+encrypt - * gpg: Switch to AES256 for symmetric encryption in de-vs mode - * gpg: Silence weak digest warnings with --quiet - * gpg: Print new status line CANCELED_BY_USER for a cancel during - symmetric encryption - * gpg: Fix the encrypt+sign hash algo preference selection for - ECDSA. This is in particular needed for keys created from - existing smartcard based keys - * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 - keys - * agent: Keep some permissions of private-keys-v1.d - * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and - gnutls builds - * dirmngr: Fix the pool keyserver case for a single host in the - pool - * scd: Fix the use case of verify_chv2 by CHECKPIN - * scd: Various improvements to the ccid-driver - * scd: Minor fixes for Yubikey - * gpgconf: New option --show-versions - * i18n: Complete overhaul and completion of the Italian - translation - -------------------------------------------------------------------- -Thu Sep 3 17:16:41 UTC 2020 - Andreas Stieger - -- GnuPG 2.2.23: - * gpg: fix AHEAD preference list overflow boo#1176034 / CVE-2020-25125 - * gpg: fix possible segv in the key cleaning code - * gpgsm: fix a minor RFC2253 parser gub - * scdaemon: Fix a PIN verify failure on certain OpenPGP card - implementations - -------------------------------------------------------------------- -Tue Sep 1 21:09:57 UTC 2020 - Andreas Stieger - -- GnuPG 2.2.22: - * gpg: Change the default key algorithm to rsa3072 - * gpg: Add regular expression support for Trust Signatures on - all platforms - * gpg: Ignore --personal-digest-prefs for ECDSA keys - * gpgsm: Make rsaPSS a de-vs compliant scheme - * gpgsm: Show also the SHA256 fingerprint in key listings - * gpgsm: Do not require a default keyring for --gpgconf-list - * gpg-agent: Default to extended key format and record the - creation time of keys - Add new option --disable-extended-key-format - * gpg-agent: Support the WAYLAND_DISPLAY envvar - * gpg-agent: Allow using --gpgconf-list even if HOME does not - exist - * gpg-agent: Make the Pinentry work even if the envvar TERM is - set to the empty string - * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which - wrongly incremented the error counter when using the - "verify" command of "gpg --edit-key" with only the signature - key being present - * dirmngr: Better handle systems with disabled IPv6 - * gpgpslit: Install tool. It was not installed in the past to - avoid conflicts with the version installed by GnuPG 1.4 - * gpgtar: Make --files-from and --null work as documented -- drop gnupg-gpgme-t-encrypt-sym.patch, upstream - -------------------------------------------------------------------- -Tue Jul 14 10:22:22 UTC 2020 - Pedro Monreal Gonzalez - -- Fix regression in latest gpg2 that makes gpgme fail to build [bsc#1174007] -- Add gnupg-gpgme-t-encrypt-sym.patch - -------------------------------------------------------------------- -Thu Jul 9 11:36:57 UTC 2020 - Andreas Stieger - -- GnuPG 2.2.21: - * gpg: Improve symmetric decryption speed by about 25% - * gpg: Support decryption of AEAD encrypted data packets - * gpg: Add option --no-include-key-block - * gpg: Allow for extra padding in ECDH - * gpg: Only a single pinentry is shown for symmetric encryption if - the pinentry supports this - * gpg: Print a note if no keys are given to --delete-key - * gpg,gpgsm: The ridiculous passphrase quality bar is not anymore - shown - * gpgsm: Certificates without a CRL distribution point are now - considered valid without looking up a CRL. The new option - --enable-issuer-based-crl-check can be used to revert to the - former behaviour - * gpgsm: Support rsaPSS signature verification - * gpgsm: Unless CRL checking is disabled lookup a missing issuer - certificate using the certificate's authorityInfoAccess - * gpgsm: Print the certificate's serial number also in decimal - notation - * gpgsm: Fix possible NULL-deref in messages of --gen-key - * scd: Support the CardOS 5 based D-Trust Card 3.1 - * dirmngr: Allow http URLs with "LOOKUP --url" - * wkd: Take name of sendmail from configure. Fixes an OpenBSD - specific bug - -------------------------------------------------------------------- -Thu Apr 30 13:59:33 UTC 2020 - Pedro Monreal Gonzalez - -- Fix gpgme and gpgme-qt builds on gpg2 2.2.20 update [bsc#1170811] -- Refresh patches: - * gnupg-2.2.8-files-are-digests.patch - * gnupg-add_legacy_FIPS_mode_option.patch - -------------------------------------------------------------------- -Fri Mar 20 20:17:44 UTC 2020 - Andreas Stieger - -- GnuPG 2.2.20: - * Protect the error counter against overflow to guarantee that the - tools can't be tricked into returning success after an error - * gpg: Make really sure that --verify-files always returns an error - * gpg: Fix key listing --with-secret if a pattern is given - * gpg: Fix detection of certain keys used as default-key - * gpg: Fix default-key selection when a card is available - * gpg: Fix key expiration and key usage for keys created with a - creation date of zero - * gpgsm: Fix import of some CR,LF terminated certificates - * gpg: New options --include-key-block and --auto-key-import to - allow encrypted replies after an initial signed message - * gpg: Allow the use of a fingerprint with --trusted-key - * gpg: New property "fpr" for use by --export-filter - * scdaemon: Disable the pinpad if a KDF DO is used - * dirmngr: Improve finding OCSP certificates -- drop gpg2-gcc10-build-fno-common.patch, upstream - -------------------------------------------------------------------- -Fri Mar 13 10:39:09 UTC 2020 - Fabian Vogt - -- Split dirmngr into a subpackage to avoid a hard dependency of - gpg2 on libgnutls - -------------------------------------------------------------------- -Wed Feb 19 08:48:34 UTC 2020 - Pedro Monreal Gonzalez - -- Fix build with GCC-10: [bsc#1160394] - * Always use EXTERN_UNLESS_MAIN_MODULE pattern - * In GCC-10, the default option -fcommon will change to -fno-common -- Add gpg2-gcc10-build-fno-common.patch - -------------------------------------------------------------------- -Fri Jan 10 17:47:24 UTC 2020 - Pedro Monreal Gonzalez - -- Accept key updates even without UIDs [bsc#1143158] -- Add patches: - * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch - * gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch - * gnupg-add-test-cases-for-import-without-uid.patch - -------------------------------------------------------------------- -Sat Dec 7 15:20:41 UTC 2019 - Andreas Stieger - -- update to 2.2.19: - * gpg: Fix double free when decrypting for hidden recipients - * gpg: Use auto-key-locate for encryption even for mail addressed - given with angle brackets - * gpgsm: Add special case for certain expired intermediate - certificates - -------------------------------------------------------------------- -Wed Nov 27 15:42:22 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 2.2.18 [bsc#1157900, CVE-2019-14855] - * gpg: Changed the way keys are detected on a smartcards; this - allows the use of non-OpenPGP cards. In the case of a not very - likely regression the new option --use-only-openpgp-card is - available. [#4681] - * gpg: The commands --full-gen-key and --quick-gen-key now allow - direct key generation from supported cards. [#4681] - * gpg: Prepare against chosen-prefix SHA-1 collisions in key - signatures. This change removes all SHA-1 based key signature - newer than 2019-01-19 from the web-of-trust. Note that this - includes all key signature created with dsa1024 keys. The new - option --allow-weak-key-signatues can be used to override the new - and safer behaviour. [#4755,CVE-2019-14855] - * gpg: Improve performance for import of large keyblocks. [#4592] - * gpg: Implement a keybox compression run. [#4644] - * gpg: Show warnings from dirmngr about redirect and certificate - problems (details require --verbose as usual). - * gpg: Allow to pass the empty string for the passphrase if the - '--passphase=' syntax is used. [#4633] - * gpg: Fix printing of the KDF object attributes. - * gpg: Avoid surprises with --locate-external-key and certain - --auto-key-locate settings. [#4662] - * gpg: Improve selection of best matching key. [#4713] - * gpg: Delete key binding signature when deletring a subkey. - [#4665,#4457] - * gpg: Fix a potential loss of key sigantures during import with - self-sigs-only active. [#4628] - * gpg: Silence "marked as ultimately trusted" diagnostics if - option --quiet is used. [#4634] - * gpg: Silence some diagnostics during in key listsing even with - option --verbose. [#4627] - * gpg, gpgsm: Change parsing of agent's pkdecrypt results. [#4652] - * gpgsm: Support AES-256 keys. - * gpgsm: Fix a bug in triggering a keybox compression run if - --faked-system-time is used. - * dirmngr: System CA certificates are no longer used for the SKS - pool if GNUTLS instead of NTBTLS is used as TLS library. [#4594] - * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces - to avoid long timeouts. [#4165] - * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio - Shield and Trustica Cryptoucan work. [#4654,#4566] - * wkd: gpg-wks-client --install-key now installs the required policy - file. -- Rebase patches: - * gnupg-2.2.8-files-are-digests.patch - * gnupg-add_legacy_FIPS_mode_option.patch - -------------------------------------------------------------------- -Thu Sep 19 12:05:13 UTC 2019 - Ludwig Nussel - -- Do not recommend lang package. The lang package already has a - supplements. - -------------------------------------------------------------------- -Thu Jul 11 09:51:49 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 2.2.17 [bsc#1141093] - * gpg: Do not try the import fallback if the options are already used. - * gpg: Fix regression in option "self-sigs-only". - * gpg: With --auto-key-retrieve prefer WKD over keyservers. - * gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. - * gpg: Avoid printing false AKL error message. - * gpg: New command --locate-external-key. - * gpg: Make the get_pubkey_byname interface easier to understand. - * gpg: Fallback to import with self-sigs-only on too large keyblocks. - * gpg: New import and keyserver option "self-sigs-only" - * gpg: Make read_block in import.c more flexible. - * dirmngr: fix handling of HTTPS redirections during HKP. - * dirmngr: Avoid endless loop in case of HTTP error 503. - * dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain. - * dirmngr: Support the new WKD draft with the openpgpkey subdomain. - * wkd: Change client/server limit back to 64 KiB. - * tools: gpgconf: Killing order is children-first. - * Return better error code for some getinfo IPC commands. - * po: Update Russian translation. - -------------------------------------------------------------------- -Wed Jun 19 21:02:05 UTC 2019 - Jason Sikes - -- Fix secure memory being disabled before fips checks in libgcrypt [boo#1137307] - * Added gnupg-2.2.16-secmem.patch - -------------------------------------------------------------------- -Thu May 30 08:00:37 UTC 2019 - Pedro Monreal Gonzalez - -- Update to 2.2.16 - * gpg: Fixed i18n markup of some strings. - * gpg: Allow deletion of subkeys with --delete-[secret-]key. - * gpg: Do not bail on an invalid packet in the local keyring. - * gpg: Do not allow creation of user ids larger than our parser allows. - * gpg: Do not delete any keys if --dry-run is passed. - * gpg: Fix using --decrypt along with --use-embedded-filename. - * gpg: Improve the photo image viewer selection. - * gpg: enable OpenPGP export of cleartext keys with comments. - * gpg: Do not print a hint to use the deprecated --keyserver option. - * gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. - * gpg: Use just the addrspec from the Signer's UID. - * gpg: Accept also armored data from the WKD. - * gpg: Set a limit of 5 to the number of keys imported from the WKD. - * gpg: Don't use EdDSA algo ID for ECDSA curves. - * agent: Stop scdaemon after reload when disable_scdaemon. - * agent: For SSH key, don't put NUL-byte at the end. - * agent: correct length for uri and comment on 64-bit big-endian platforms - * dirmngr: Allow for other hash algorithms than SHA-1 in OCSP. - * dirmngr: Improve domaininfo cache update algorithm. - * dirmngr: Better error code for http status 413. - * g10: Fix possible null dereference. - * g10: Fix double free when locating by mbox. - * g10: Fix symmetric cipher algo constant for ECDH. - * sm: Avoid confusing diagnostic for the default key. - * sm: Fix a warning in an es_fopencooie function. - * gpgconf: Before --launch check that the config file is fine. - * gpgconf: Support --homedir for --launch. - * build: Update m4/iconv.m4. - * doc: correct documentation for gpgconf --kill. - * scd: Add dummy option --application-priority. - * common: Fix AWK portability. - -------------------------------------------------------------------- -Thu Mar 28 08:48:36 UTC 2019 - Karol Babioch - -- Update to 2.2.15 - * sm: Allow decryption even if expired keys are configured. - * agent: Change command KEYINFO to print ssh fingerprints with other - hash algos. - * dirmngr: Fix build problems on Solaris due to the use of reserved - symbol names. - * wkd: New commands --print-wkd-hash and --print-wkd-url for - gpg-wks-client. - -------------------------------------------------------------------- -Tue Mar 19 12:11:23 UTC 2019 - Karol Babioch - -- Update to 2.2.14: - * gpg: Allow import of PGP desktop exported secret keys. Also avoid - importing secret keys if the secret keyblock is not valid. - * gpg: Do not error out on version 5 keys in the local keyring. - * gpg: Make invalid primary key algo obvious in key listings. - * sm: Do not mark a certificate in a key listing as de-vs compliant - if its use for a signature will not be possible. - * sm: Fix certificate creation with key on card. - * sm: Create rsa3072 bit certificates by default. - * sm: Print Yubikey attestation extensions with --dump-cert. - * agent: Fix cancellation handling for scdaemon. - * agent: Support --mode=ssh option for CLEAR_PASSPHRASE. - * scd: Fix flushing of the CA-FPR DOs in app-openpgp. - * scd: Avoid a conflict error with the "undefined" app. - * dirmngr: Add CSRF protection exception for protonmail. - * dirmngr: Fix build problems with gcc 9 in libdns. - * gpgconf: New option --show-socket for use wity --launch. - * gpgtar: Make option -C work for archive creation. -- Removed patches that are included upstream by now: - - 0001-libdns-Avoid-using-compound-literals.patch - - 0002-libdns-Avoid-using-compound-literals-2.patch - - 0003-libdns-Avoid-using-compound-literals-3.patch - - 0004-libdns-Avoid-using-compound-literals-4.patch - - 0005-libdns-Avoid-using-compound-literals-5.patch - - 0006-libdns-Avoid-using-compound-literals-6.patch - - 0007-libdns-Avoid-using-compound-literals-7.patch - - 0008-libdns-Avoid-using-compound-literals-8.patch - -------------------------------------------------------------------- -Tue Feb 26 11:35:29 UTC 2019 - Pedro Monreal Gonzalez - -- Fix build with gcc9 [bsc#1121223] - * Avoid using compound literals - - Upstream bug: https://dev.gnupg.org/T4367 - * Added upstream patches: - - 0001-libdns-Avoid-using-compound-literals.patch - - 0002-libdns-Avoid-using-compound-literals-2.patch - - 0003-libdns-Avoid-using-compound-literals-3.patch - - 0004-libdns-Avoid-using-compound-literals-4.patch - - 0005-libdns-Avoid-using-compound-literals-5.patch - - 0006-libdns-Avoid-using-compound-literals-6.patch - - 0007-libdns-Avoid-using-compound-literals-7.patch - - 0008-libdns-Avoid-using-compound-literals-8.patch - -------------------------------------------------------------------- -Fri Feb 22 19:30:29 UTC 2019 - olaf@aepfle.de - -- Allow coredumps in X11 desktop sessions (bsc#1124847) - gpg-agent unconditionally disables coredumps, which is not - supposed to happen in the code path that does just exec(argv[]) - gnupg-gpg-agent-ulimit.patch - -------------------------------------------------------------------- -Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch - -- Update to 2.2.13: - * gpg: Implement key lookup via keygrip (using the & prefix). - * gpg: Allow generating Ed25519 key from existing key. - * gpg: Emit an ERROR status line if no key was found with -k. - * gpg: Stop early when trying to create a primary Elgamal key. - * gpgsm: Print the card's key algorithms along with their keygrips - in interactive key generation. - * agent: Clear bogus pinentry cache in the error case. - * scd: Support "acknowledge button" feature. - * scd: Fix for USB INTERRUPT transfer. - * wks: Do no use compression for the the encrypted challenge and response. - -Release-info: https://dev.gnupg.org/T4290 -See-also: gnupg-announce/2019q1/000434.html - -------------------------------------------------------------------- -Fri Dec 14 16:11:56 UTC 2018 - atoptsoglou@suse.com - -- Update to 2.2.12: - * tools: New commands --install-key and --remove-key for - gpg-wks-client. This allows to prepare a Web Key Directory on a - local file system for later upload to a web server. - * gpg: New --list-option "show-only-fpr-mbox". This makes the use - of the new gpg-wks-client --install-key command easier on Windows. - * gpg: Improve processing speed when --skip-verify is used. - * gpg: Fix a bug where a LF was accidentally written to the console. - * gpg: --card-status now shwos whether a card has the new KDF - feature enabled. - * agent: New runtime option --s2k-calibration=MSEC. New configure - option --with-agent-s2k-calibration=MSEC. [#3399] - * dirmngr: Try another keyserver from the pool on receiving a 502, - 503, or 504 error. [#4175] - * dirmngr: Avoid possible CSRF attacks via http redirects. A HTTP - query will not anymore follow a 3xx redirect unless the Location - header gives the same host. If the host is different only the - host and port is taken from the Location header and the original - path and query parts are kept. - * dirmngr: New command FLUSHCRL to flush all CRLS from disk and - memory. [#3967] - -------------------------------------------------------------------- -Thu Nov 8 15:35:27 UTC 2018 - Cristian Rodríguez - -- Code no longer uses libcurl, remove from buildrequires. - -------------------------------------------------------------------- -Tue Nov 6 12:05:35 UTC 2018 - Karol Babioch - -- Update to 2.2.11: - * gpgsm: Fix CRL loading when intermediate certicates are not yet trusted. - * gpgsm: Fix an error message about the digest algo. - * gpg: Fix a wrong warning due to new sign usage check introduced with 2.2.9. - * gpg: Print the "data source" even for an unsuccessful keyserver query. - * gpg: Do not store the TOFU trust model in the trustdb. - * scd: Fix cases of "Bad PIN" after using "forcesig". - * agent: Fix possible hang in the ssh handler. - * dirmngr: Tack the unmodified mail address to a WKD request. - * dirmngr: Tweak diagnostic about missing LDAP server file. - * dirmngr: In verbose mode print the OCSP responder id. - * dirmngr: Fix parsing of the LDAP port. - * wks: Add option --directory/-C to the server. - * wks: Add option --with-colons to the client. - * Fix EBADF when gpg et al. are called by broken CGI scripts. - * Fix some minor memory leaks and bugs. - -------------------------------------------------------------------- -Thu Oct 4 04:09:12 UTC 2018 - Bernhard Wiedemann - -- Make package build reproducible (boo#1047218) - -------------------------------------------------------------------- -Thu Aug 30 14:14:08 UTC 2018 - kbabioch@suse.com - -- Update to 2.2.10: - * Refresh expired keys originating from the WKD - * Use a 256 KiB limit for a WKD imported key - * New option --known-notation - * dirmngr: Validate SRV records in WKD queries - -------------------------------------------------------------------- -Wed Jul 25 05:50:42 UTC 2018 - tchvatal@suse.com - -- Add basic udev rules for smartcards to be used with - scdaemon, taken from debian: - * scdaemon.udev - -------------------------------------------------------------------- -Fri Jul 13 07:13:12 UTC 2018 - astieger@suse.com - -- GnuPG 2.2.9: - * dirmngr: Fix recursive resolver mode and other bugs in the - libdns code - * dirmngr: When using libgpg-error 1.32 or later a GnuPG build - with NTBTLS support does not anymore block for dozens of - seconds before returning data. - * gpg: Fix bug in --show-keys which actually imported revocation - certificates - * gpg: Ignore too long user-ID and comment packets - * gpg: Fix crash due to bad German translation. Improved printf - format compile time check. - * gpg: Handle missing ISSUER sub packet gracefully in the presence of - the new ISSUER_FPR - * gpg: Allow decryption using several passphrases in most cases. - * gpg: Command --show-keys now enables the list options - show-unusable-uids, show-unusable-subkeys, show-notations and - show-policy-urls by default. - * gpg: Command --show-keys now prints revocation certificates. - * gpg: Add revocation reason to the "rev" and "rvs" records of the - option --with-colons. [#1173] - * gpg: Export option export-clean does now remove certain expired - subkeys; export-minimal removes all expired subkeys. - * gpg: New "usage" property for the drop-subkey filters. - -------------------------------------------------------------------- -Fri Jun 8 14:37:06 UTC 2018 - kbabioch@suse.com - -- Update to version 2.2.8: - * gpg: Decryption of messages not using the MDC mode will now lead to a - hard failure even if a legacy cipher algorithm was used. The option - --ignore-mdc-error can be used to turn this failure into a warning. Take - care: Never use that option unconditionally or without a prior warning. - * gpg: The MDC encryption mode is now always used regardless of the - cipher algorithm or any preferences. For testing --rfc2440 can be - used to create a message without an MDC. - * gpg: Sanitize the diagnostic output of the original file name in - verbose mode (bsc#1096745, CVE-2018-12020) - * gpg: Detect suspicious multiple plaintext packets in a more reliable way. - * gpg: Fix the duplicate key signature detection code. - * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, - --disable-mdc and --no-disable-mdc have no more effect. - * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the - list of startup environment variables. -- Refresh gnupg-2.0.18-files-are-digests.patch - to gnupg-2.2.8-files-are-digests.patch - -------------------------------------------------------------------- -Fri May 4 14:15:27 UTC 2018 - astieger@suse.com - -- GnuPG 2.2.7: - * gpg: New option --no-symkey-cache to disable the passphrase - cache for symmetrical en- and decryption. - * gpg: The ERRSIG status now prints the fingerprint if that is - part of the signature - * gpg: Relax emitting of FAILURE status lines - * gpg: Add a status flag to "sig" lines printed with --list-sigs - * gpg: Fix "Too many open files" when using --multifile - * ssh: Return an error for unknown ssh-agent flags - * dirmngr: Fix a CNAME problem with pools and TLS. Also use a - fixed mapping of keys.gnupg.net to sks-keyservers.net - * dirmngr: Try resurrecting dead hosts earlier (from 3h to 1.5h) - * dirmngr: Fallback to CRL if no default OCSP responder is - configured - * dirmngr: Implement CRL fetching via https. Here a redirection - to http is explictly allowed - * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease - debugging - -------------------------------------------------------------------- -Tue Apr 10 06:32:22 UTC 2018 - kbabioch@suse.com - -- GnuPG 2.2.6: - * gpg,gpgsm: New option --request-origin to pretend requests coming - from a browser or a remote site. - * gpg: Fix race condition on trustdb.gpg updates due to too early - released lock. - * gpg: Emit FAILURE status lines in almost all cases. - * gpg: Implement --dry-run for --passwd to make checking a key's - passphrase straightforward. - * gpg: Make sure to only accept a certification capable key for key - signatures. - * gpg: Better user interaction in --card-edit for the factory-reset - sub-command. - * gpg: Improve changing key attributes in --card-edit by adding an - explicit "key-attr" sub-command. - * gpg: Print the keygrips in the --card-status. - * scd: Support KDF DO setup. - * scd: Fix suspend/resume handling in the CCID driver. - * agent: Evict cached passphrases also via a timer. - * agent: Use separate passphrase caches depending on the request - origin. - * ssh: Support signature flags. - * dirmngr: Handle failures related to missing IPv6 support - gracefully. - * Allow the use of UNC directory names as homedir. [#3818] -- Dropped gnupg-CVE-2018-9234.patch since it is included upstream - -------------------------------------------------------------------- -Thu Apr 5 08:38:58 UTC 2018 - kbabioch@suse.com - -- Added gnupg-CVE-2018-9234.patch: Enforce that key certification - can only be done with the master key, and not a signing subkey. - (bnc#1088255 CVE-2018-9234) - -------------------------------------------------------------------- -Sun Feb 25 12:14:54 UTC 2018 - astieger@suse.com - -- GnuPG 2.2.5: - * gpg: Allow the use of the "cv25519" and "ed25519" short names - in addition to the canonical curve names in --batch --gen-key - * gpg: Make sure to print all secret keys with option --list-only - and --decrypt - * gpg: Fix the use of future-default with --quick-add-key for - signing keys - * gpg: Select a secret key by checking availability under - gpg-agent - * gpg: Fix reversed prompt texts for --only-sign-text-ids - * gpg,gpgsm: Fix detection of bogus keybox blobs on 32 bit - systems - * gpgsm: Fix regression since 2.1 in --export-secret-key-raw - which got $d mod (q-1)$ wrong - * scd: Support the KDF Data Object of the OpenPGP card 3.3 - * scd: Fix a regression in the internal CCID driver for certain - card readers - * dirmngr: Improve returned error description on failure of DNS - resolving - * wks: Implement command --install-key for gpg-wks-server. - -------------------------------------------------------------------- -Thu Feb 22 15:10:33 UTC 2018 - fvogt@suse.com - -- Use %license (boo#1082318) - -------------------------------------------------------------------- -Thu Dec 21 09:44:03 UTC 2017 - astieger@suse.com - -- GnuPG 2.2.4: - * gpg: Change default preferences to prefer SHA512. - * gpg: Print a warning when more than 150 MiB are encrypted using - a cipher with 64 bit block size. - * gpg: Print a warning if the MDC feature has not been used for a - message. - * gpg: Fix regular expression of domain addresses in trust - signatures - * agent: New option --auto-expand-secmem to help with high - numbers of concurrent connections. Requires libgcrypt 1.8.2 - for having an effect. - * dirmngr: Cache responses of WKD queries. - * gpgconf: Add option --status-fd. - * wks: Add commands --check and --remove-key to gpg-wks-server - * Increase the backlog parameter of the daemons to 64 and add - option --listen-backlog. -- Not enabled features: - * New configure option --enable-run-gnupg-user-socket to first - try a socket directory which is not removed by systemd at - session end. - -------------------------------------------------------------------- -Tue Nov 21 08:25:48 UTC 2017 - astieger@suse.com - -- GnuPG 2.2.3: - * dirmngr: Fix crash in case of a CRL loading error - * gpgtar: Fix wrong behaviour of --set-filename - * gpg: Silence AKL retrieval messages - * agent: Use clock or clock_gettime for calibration - * agent: Improve robustness of the shutdown pending state - -------------------------------------------------------------------- -Tue Nov 7 20:08:04 UTC 2017 - astieger@suse.com - -- GnuPG 2.2.2: - * gpg: Avoid duplicate key imports by concurrently running gpg - processes - * gpg: Fix creating on-disk subkey with on-card primary key - * gpg: Fix validity retrieval for multiple keyrings - * gpg: Fix --dry-run and import option show-only for secret keys - * gpg: Print "sec" or "sbb" for secret keys with import option - import-show - * gpg: Make import less verbose - * gpg: Add alias "Key-Grip" for parameter "Keygrip" and new - parameter "Subkey-Grip" to unattended key generation - * gpg: Improve "factory-reset" command for OpenPGP cards - * gpg: Ease switching Gnuk tokens into ECC mode by using the magic - keysize value 25519 - * gpgsm: Fix --with-colon listing in crt records for fields > 12. - * gpgsm: Do not expect X.509 keyids to be unique - * agent: Fix stucked Pinentry when using --max-passphrase-days - * agent: New option --s2k-count - * dirmngr: Do not follow https-to-http redirects - * dirmngr: Reduce default LDAP timeout from 100 to 15 seconds - * gpgconf: Ignore non-installed components for commands - --apply-profile and --apply-defaults - * Add configure option --enable-werror - -------------------------------------------------------------------- -Tue Sep 19 19:12:53 UTC 2017 - astieger@suse.com - -- GnuPG 2.2.1: - * gpg: Fix formatting of the user id in batch mode key generation - if only "name-email" is given. - * gpgv: Fix annoying "not suitable for" warnings. - * wks: Convey only the newest user id to the provider. This is - the case if different names are used with the same addr-spec. - * wks: Create a complying user id for provider policy mailbox-only. - * wks: Add workaround for posteo.de. - * scd: Fix the use of large ECC keys with an OpenPGP card. - * dirmngr: Use system provided root certificates if no specific - HKP certificates are configured. If bu - -------------------------------------------------------------------- -Mon Aug 28 17:21:30 UTC 2017 - astieger@suse.com - -- GnuPG 2.2.0: - * New long term stable branch, replacing the 2.0.x series - * gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve - is again the default boo#1054088 - * Fixed a few minor bugs - -------------------------------------------------------------------- -Sat Aug 12 16:56:26 UTC 2017 - astieger@suse.com - -- GnuPG 2.1.23: - * gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd" - are now used by default. Note: this enables keyserver and Web Key - Directory operators to notice when a signature from a locally - non-available key is being verified for the first time or when - you intend to encrypt to a mail address without having the key - locally. This new behaviour will eventually make key discovery - much easier and mostly automatic. Disable this by adding - no-auto-key-retrieve - auto-key-locate local - to your gpg.conf. - * agent: Option --no-grab is now the default. The new option --grab - allows to revert this. - * gpg: New import option "show-only". - * gpg: New option --disable-dirmngr to entirely disable network - access for gpg. - * gpg,gpgsm: Tweaked DE-VS compliance behaviour. - * New configure flag --enable-all-tests to run more extensive tests - during "make check". - * gpgsm: The keygrip is now always printed in colon mode as - documented in the man page. - -------------------------------------------------------------------- -Fri Jul 28 19:29:52 UTC 2017 - astieger@suse.com - -- GnuPG 2.1.22: - * gpg: Extend command --quick-set-expire to allow for setting the - expiration time of subkeys. - * gpg: By default try to repair keys during import. New sub-option - no-repair-keys for --import-options. - * gpg,gpgsm: Improved checking and reporting of DE-VS compliance. - * gpg: New options --key-origin and --with-key-origin. Store the - time of the last key update from keyservers, WKD, or DANE. - * agent: New option --ssh-fingerprint-digest. - * dimngr: Lower timeouts on keyserver connection attempts and made - it configurable. - * dirmngr: Tor will now automatically be detected and used. The - option --no-use-tor disables Tor detection. - * dirmngr: Now detects a changed /etc/resolv.conf. - * agent,dirmngr: Initiate shutdown on removal of the GnuPG home - directory. - * gpg: Avoid caching passphrase for failed symmetric encryption. - * agent: Support for unprotected ssh keys. - * dirmngr: Fixed name resolving on systems using only v6 - nameservers. - * dirmngr: Allow the use of TLS over http proxies. - * wks: New man pages for client and server. - -------------------------------------------------------------------- -Fri May 19 11:59:24 UTC 2017 - marco.strigl@suse.com - -- GnuPG 2.1.21: - * modified gnupg-2.0.18-files-are-digests.patch to work with - obs-sign again bsc#1039899 - -------------------------------------------------------------------- -Mon May 15 20:49:25 UTC 2017 - astieger@suse.com - -- GnuPG 2.1.21: - * gpg,gpgsm: Fix corruption of old style keyring.gpg files, - regression in 2.1.20 - * gpg,dirmngr: Removed the skeleton config file support - New installations no longer generate a configuration file. - In the absence of a file, SHA-2 family hashes are used. - Existing configurations are not touched. - drop gnupg-2.1.19-stronger-defaults.patch FATE#323084 - * gpg: Fixed import filter property match bug. - * scd: Removed Linux support for Cardman 4040 PCMCIA reader. - * scd: Fixed some corner case bugs in resume/suspend handling. - * Many minor bug fixes and code cleanup. - -------------------------------------------------------------------- -Tue Apr 4 14:00:36 UTC 2017 - astieger@suse.com - -- GnuPG 2.1.20: - * gpg: New properties 'expired', 'revoked', and 'disabled' for the - import and export filters. - * gpg: New command --quick-set-primary-uid. - * gpg: New compliance field for the --with-colon key listing. - * gpg: Changed the key parser to generalize the processing of local - meta data packets. - * gpg: Fixed assertion failure in the TOFU trust model. - * gpg: Fixed exporting of zero length user ID packets. - * scd: Improved support for multiple readers. - * scd: Fixed timeout handling for key generation. - * agent: New option --enable-extended-key-format. - * dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr - uses a default keyserver. - * dimngr: Do not treat TLS warning alerts as severe error when - building with GNUTLS. - * dirmngr: Actually take /etc/hosts in account. - * wks: Fixed client problems on Windows. Published keys are now set - to world-readable. - * tests: Fixed creation of temporary directories. - * A socket directory for a non standard GNUGHOME is now created on - the fly under /run/user. Thus "gpgconf --create-socketdir" is now - optional. The use of "gpgconf --remove-socketdir" to clean up - obsolete socket directories is however recommended to avoid - cluttering /run/user with useless directories. - * Fixed build problems on some platforms. - -------------------------------------------------------------------- -Tue Mar 14 20:41:55 UTC 2017 - astieger@suse.com - -- Use stronger defaults for new users, using SHA-2 digest family - for certificates and message signatures - FATE#323084 - adding gnupg-2.1.19-stronger-defaults.patch - -------------------------------------------------------------------- -Tue Mar 7 12:55:14 UTC 2017 - astieger@suse.com - -- GnuPG 2.1.19: - * gpg: Print a warning if Tor mode is requested but the Tor - daemon is not running. - * gpg: New status code DECRYPTION_KEY to print the actual private - key used for decryption. - * gpgv: New options --log-file and --debug. - * gpg-agent: Revamp the prompts to ask for card PINs. - * scd: Support for multiple card readers. - * scd: Removed option --debug-disable-ticker. Ticker is used - only when it is required to watch removal of device/card. - * scd: Improved detection of card inserting and removal. - * dirmngr: New option --disable-ipv4. - * dirmngr: New option --no-use-tor to explicitly disable the use - of Tor. - * dirmngr: The option --allow-version-check is now required even - if the option --use-tor is also used. - * dirmngr: Handle a missing nsswitch.conf gracefully. - * dirmngr: Avoid PTR lookups for keyserver pools. The are only - done for the debug command "keyserver --hosttable". - * dirmngr: Rework the internal certificate cache to support - classes of certificates. Load system provided certificates on - startup. - * Add options --tls, --no-crl, and --systrust to the "VALIDATE" - command. - * dirmngr: Add support for the ntbtls library. - * wks: Create mails with a "WKS-Phase" header. Fix detection of - Draft-2 mode. - * Many other bug fixes and new regression tests. -- dirmngr: use system certificate store - -------------------------------------------------------------------- -Thu Mar 2 10:12:09 UTC 2017 - jengelh@inai.de - -- Rewrite descriptions - -------------------------------------------------------------------- -Tue Jan 24 16:32:04 UTC 2017 - astieger@suse.com - -- GnuPG 2.1.18: - * gpg: Remove bogus subkey signature while cleaning a key (with - export-clean, import-clean, or --edit-key's sub-command clean) - * gpg: Allow freezing the clock with --faked-system-time. - * gpg: New --export-option flag "backup", new --import-option flag - "restore". - * gpg-agent: Fixed long delay due to a regression in the progress - callback code. - * scd: Lots of code cleanup and internal changes. - * scd: Improved the internal CCID driver. - * dirmngr: Fixed problem with the DNS glue code (removal of the - trailing dot in domain names). - * dirmngr: Make sure that Tor is actually enabled after changing the - conf file and sending SIGHUP or "gpgconf --reload dirmngr". - * dirmngr: Fixed Tor access to IPv6 addresses. Note that current - versions of Tor may require that the flag "IPv6Traffic" is used - with the option "SocksPort" in torrc to actually allow IPv6 - traffic. - * dirmngr: Fixed HKP for literally given IPv6 addresses. - * dirmngr: Enabled reverse DNS lookups via Tor. - * dirmngr: Added experimental SRV record lookup for WKD. - See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details. - * dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record - lookups. Avoid SRV record lookup when a port is explicitly - specified. This fixes a regression from the 1.4 and 2.0 behavior. - * dirmngr: Gracefully handle a missing /etc/nsswitch.conf. Ignore - negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out. - * dirmngr: Better debug output for flags "dns" and "network". - * dirmngr: On reload mark all known HKP servers alive. - * gpgconf: Allow keyword "all" for --launch, --kill, and --reload. - * tools: gpg-wks-client now ignores a missing policy file on the - server. - * Avoid unnecessary ambiguity error message in the option parsing. - * Further improvements of the regression test suite. - * Fixed building with --disable-libdns configure option. - * Fixed a crash running the tests on 32 bit architectures. - * Fixed spurious failures on BSD system in the spawn functions. - This affected for example gpg-wks-client and gpgconf. - -------------------------------------------------------------------- -Mon Jan 9 09:18:48 UTC 2017 - tchvatal@suse.com - -- Remove the fixme, condition around fdupes - -------------------------------------------------------------------- -Sun Dec 25 15:12:44 UTC 2016 - astieger@suse.com - -- add runtime dependency to match runtime version check for libksba - -------------------------------------------------------------------- -Tue Dec 20 18:58:55 UTC 2016 - astieger@suse.com - -- GnuPG 2.1.17: - * gpg: By default new keys expire after 2 years. - * gpg: New command --quick-set-expire to conveniently change the - expiration date of keys. - * gpg: Option and command names have been changed for easier - comprehension. The old names are still available as aliases. - * gpg: Improved the TOFU trust model. - * gpg: New option --default-new-key-algo. - * scd: Support OpenPGP card V3 for RSA. - * dirmngr: Support for the ADNS library has been removed. Now using - bundled libdns, enabling Tor support on all platforms. - New option --standard-resolver can be used to disable this code - at runtime. - * dirmngr: Lazily launch ldap reaper thread. - * tools: New options --check and --status-fd for gpg-wks-client. - * The UTF-8 byte order mark is now skipped when reading conf files. - * Fixed many bugs and regressions. - * Major improvements to the test suite. For example it is possible - to run the external test suite of GPGME. - -------------------------------------------------------------------- -Sat Nov 19 22:07:13 UTC 2016 - astieger@suse.com - -- GnuPG 2.1.16: - * gpg: New algorithm for selecting the best ranked public key when - using a mail address with -r, -R, or --locate-key. - * gpg: New option --with-tofu-info to print a new "tfs" record in - colon formatted key listings. - * gpg: New option --compliance as an alternative way to specify - options like --rfc2440, --rfc4880, et al. - * gpg: Many changes to the TOFU implementation. - * gpg: Improve usability of --quick-gen-key. - * gpg: In --verbose mode print a diagnostic when a pinentry is - launched. - * gpg: Remove code which warns for old versions of gnome-keyring. - * gpg: New option --override-session-key-fd. - * gpg: Option --output does now work with --verify. - * gpgv: New option --output to allow saving the verified data. - * gpgv: New option --enable-special-filenames. - * agent, dirmngr: New --supervised mode for use by systemd and alike. - * agent: By default listen on all available sockets using standard - names. - * agent: Invoke scdaemon with --homedir. - * dirmngr: On Linux now detects the removal of its own socket and - terminates. - * scd: Support ECC key generation. - * scd: Support more card readers. - * dirmngr: New option --allow-version-check to download a software - version database in the background. - * dirmngr: Use system provided CAs if no --hkp-cacert is given. - * dirmngr: Use a default keyserver if none is explicitly set - * gpgconf: New command --query-swdb to check software versions - against an copy of an online database. - * gpgconf: Print the socket directory with --list-dirs. - * tools: The WKS tools now support draft version -02. - * tools: Always build gpg-wks-client and install under libexec. - * tools: New option --supported for gpg-wks-client. - * The log-file option now accepts a value "socket://" to log to the - socket named "S.log" in the standard socket directory. - * Provide fake pinentries for use by tests cases of downstream - developers. - * Fixed many bugs and regressions. - * Many changes and improvements for the test suite. -- drop upstreamed patches: - * 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch - * gnupg-2.1.15-bsc993324-status-output.patch - -------------------------------------------------------------------- -Tue Sep 13 13:50:52 UTC 2016 - astieger@suse.com - -- avoid mixing up status and colon line output - bsc#993324 - add gnupg-2.1.15-bsc993324-status-output.patch - -------------------------------------------------------------------- -Thu Sep 1 08:23:28 UTC 2016 - astieger@suse.com - -- enable web key discovery tools - -------------------------------------------------------------------- -Wed Aug 31 13:06:28 UTC 2016 - astieger@suse.com - -- Add an explicit runtime dependency on libgcrypt >= 1.7.0 to - match runtime version check - -------------------------------------------------------------------- -Fri Aug 19 21:22:22 UTC 2016 - astieger@suse.com - -- GnuPG 2.1.15: - * gpg: Remove the --tofu-db-format option and support for the - split TOFU database. - * gpg: Add option --sender to prepare for coming features. - * gpg: Add option --input-size-hint to help progress indicators. - * gpg: Extend the PROGRESS status line with the counted unit. - * gpg: Avoid publishing the GnuPG version by default with --armor. - * gpg: Properly ignore legacy keys in the keyring cache. - * gpg: Always print fingerprint records in --with-colons mode. - * gpg: Make sure that keygrips are printed for each subkey in - --with-colons mode. - * gpg: New import filter "drop-sig". - * gpgsm: Fix a bug in the machine-readable key listing. - * gpg,gpgsm: Block signals during keyring updates to limits the - effects of a Ctrl-C at the wrong time. - * g13: Add command --umount and other fixes for dm-crypt. - * agent: Fix regression in SIGTERM handling. - * agent: Cleanup of the ssh-agent code. - * agent: Allow import of overly long keys. - * scd: Fix problems with card removal. - * dirmngr: Remove all code for running as a system service. - * tools: Make gpg-wks-client conforming to the specs. - * tests: Improve the output of the new regression test tool. - * tests: Distribute the standalone test runner. - * tests: Run each test in a clean environment. - * Spelling and grammar fixes. -- fix build error, adding - 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch - -------------------------------------------------------------------- -Sun Aug 14 14:12:40 UTC 2016 - astieger@suse.com - -- GnuPG 2.1.14: - * gpg: Removed options --print-dane-records and --print-pka-records. - The new export options "export-pka" and "export-dane" can instead - be used with the export command. - * gpg: New options --import-filter and --export-filter. - * gpg: New import options "import-show" and "import-export". - * gpg: New option --no-keyring. - * gpg: New command --quick-revuid. - * gpg: New options -f/--recipient-file and -F/--hidden-recipient-file - to directly specify encryption keys. - * gpg: New option --mimemode to indicate that the content is a MIME - part. Does only enable --textmode right now. - * gpg: New option --rfc4880bis to allow experiments with proposed - changes to the current OpenPGP specs. - * gpg: Fix regression in the "fetch" sub-command of --card-edit. - * gpg: Fix regression since 2.1 in option --try-all-secrets. - * gpgv: Change default options for extra security. - * gpgsm: No more root certificates are installed by default. - * agent: "updatestartuptty" does now affect more environment - variables. - * scd: The option --homedir does now work with scdaemon. - * scd: Support some more GEMPlus card readers. - * gpgtar: Fix handling of '-' as file name. - * gpgtar: New commands --create and --extract. - * gpgconf: Tweak for --list-dirs to better support shell scripts. - * tools: Add programs gpg-wks-client and gpg-wks-server to implement - a Web Key Service. The configure option --enable-wks-tools is - required to build them; they should be considered Beta software. - * tests: Complete rework of the openpgp part of the test suite. The - test scripts have been changed from Bourne shell scripts to Scheme - programs. A customized scheme interpreter (gpgscm) is included. - This change was triggered by the need to run the test suite on - non-Unix platforms. - * The rendering of the man pages has been improved. -- drop upstream gnupg-make_--try-all-secrets_work.patch - -------------------------------------------------------------------- -Thu Aug 4 12:17:14 UTC 2016 - tchvatal@suse.com - -- Fix date call as the curlified parameter for sure are not parsed - correctly by escaping it with % - -------------------------------------------------------------------- -Wed Aug 3 11:56:58 UTC 2016 - astieger@suse.com - -- Fix upstream bug 1985: --try-all-secrets doesn't work when - decrypting messages encrypted with --hidden-recipient, fixes unit - tests of the duplicity package. - Adding gnupg-make_--try-all-secrets_work.patch -- record the fact that gpg-error 1.21 is required - -------------------------------------------------------------------- -Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com - -- GnuPG 2.1.13: - * gpg: New command --quick-addkey. Extend the --quick-gen-key - command. - * gpg: New --keyid-format "none" which is now also the default. - * gpg: New option --with-subkey-fingerprint. - * gpg: Include Signer's UID subpacket in signatures if the secret key - has been specified using a mail address and the new option - --disable-signer-uid is not used. - * gpg: Allow unattended deletion of a secret key. - * gpg: Allow export of non-passphrase protected secret keys. - * gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS. - * gpg: Change status line TOFU_STATS_LONG to use '~' as - a non-breaking-space character. - * gpg: Speedup key listings in Tofu mode. - * gpg: Make sure that the current and total values of a PROGRESS - status line are small enough. - * gpgsm: Allow the use of AES192 and SERPENT ciphers. - * dirmngr: Adjust WKD lookup to current specs. - * dirmngr: Fallback to LDAP v3 if v2 is is not supported. - * gpgconf: New commands --create-socketdir and --remove-socketdir, - new option --homedir. - * If a /run/user/$UID directory exists, that directory is now used - for IPC sockets instead of the GNUPGHOME directory. This fixes - problems with NFS and too long socket names and thus avoids the - need for redirection files. - * Speedup fd closing after a fork. -- drop upstreamed gnupg-fix-signature-checking.patch - -------------------------------------------------------------------- -Thu Jun 2 16:01:40 UTC 2016 - pjanouch@suse.de - -- add gnupg-fix-signature-checking.patch (bsc#981020) - https://bugs.gnupg.org/gnupg/issue2351 - -------------------------------------------------------------------- -Wed May 4 15:37:12 UTC 2016 - astieger@suse.com - -- GnuPG 2.1.12: - * gpg: New --edit-key sub-command "change-usage" for testing - purposes. - * gpg: Out of order key-signatures are now systematically detected - and fixed by --edit-key. - * gpg: Improved detection of non-armored messages. - * gpg: Removed the extra prompt needed to create Curve25519 keys. - * gpg: Improved user ID selection for --quick-sign-key. - * gpg: Use the root CAs provided by the system with --fetch-key. - * gpg: Add support for the experimental Web Key Directory key - location service. - * gpg: Improve formatting of Tofu messages and emit new Tofu specific - status lines. - * gpgsm: Add option --pinentry-mode to support a loopback pinentry. - * gpgsm: A new pubring.kbx is now created with the header blob so - that gpg can detect that the keybox format needs to be used. - * agent: Add read support for the new private key protection format - openpgp-s2k-ocb-aes. - * agent: Add read support for the new extended private key format. - * agent: Default to --allow-loopback-pinentry and add option - --no-allow-loopback-pinentry. - * scd: Changed to use the new libusb 1.0 API for the internal CCID - driver. - * dirmngr: The dirmngr-client does now auto-detect the PEM format. - * g13: Add experimental support for dm-crypt. - * The man pages for gpg and gpgv are now installed under the correct - name (gpg2 or gpg - depending on a configure option). - -------------------------------------------------------------------- -Sun Mar 6 08:17:00 UTC 2016 - astieger@suse.com - -- GnuPG 2.1.11: - * gpg: New command --export-ssh-key to replace the gpgkey2ssh tool. - * gpg: Allow to generate mail address only keys with --gen-key. - * gpg: "--list-options show-usage" is now the default. - * gpg: Make lookup of DNS CERT records holding an URL work. - * gpg: Emit PROGRESS status lines during key generation. - * gpg: Don't check for ambigious or non-matching key specification in - the config file or given to --encrypt-to. This feature will return - in 2.3.x. - * gpg: Lock keybox files while updating them. - * gpg: Fix possible keyring corruption. (bug#2193) - * gpg: Fix regression of "bkuptocard" sub-command in --edit-key and - remove "checkbkupkey" sub-command introduced with 2.1. (bug#2169) - * gpg: Fix internal error in gpgv when using default keyid-format. - * gpg: Fix --auto-key-retrieve to work with dirmngr.conf configured - keyservers. (bug#2147). - * agent: New option --pinentry-timeout. - * scd: Fix regression for generating RSA keys on card. - * dirmmgr: All configured keyservers are now searched. - * dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net. - Use this certiticate even if --hkp-cacert is not used. - * gpgtar: Add actual encryption code. gpgtar does now fully replace - gpg-zip. - * gpgtar: Fix filename encoding problem on Windows. - * Print a warning if a GnuPG component is using an older version of - gpg-agent, dirmngr, or scdaemon. -- disable running test which no longer work -- remove 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch - is now upstream -- the PIE options are implemented in the upstream build, and spec - code broke the build. The only remaining broken executable was - gpgsplit, which was removed from the package - -------------------------------------------------------------------- -Tue Jan 26 20:23:18 UTC 2016 - astieger@suse.com - -- add g13, an experimental tool for accessing encrypted storage - with with GnuPG (cards) - -------------------------------------------------------------------- -Tue Jan 19 13:56:58 UTC 2016 - vcizek@suse.com - -- fix fingerprint ambiguity (bsc#958891) - * https://bugs.gnupg.org/gnupg/issue2198 - * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch - -------------------------------------------------------------------- -Sun Dec 6 14:14:45 UTC 2015 - p.drouand@gmail.com - -- Move to pkgconfig() packaging style - -------------------------------------------------------------------- -Fri Dec 4 13:35:40 UTC 2015 - astieger@suse.com - -- GnuPG 2.1.10 adds TOFU (Trust-On-First-USe) and anonymous key - retrival via Tor. - * gpg: New trust models "tofu" and "tofu+pgp". - * gpg: New command --tofu-policy. New options --tofu-default-policy - and --tofu-db-format. - * gpg: New option --weak-digest to specify hash algorithms which - should be considered weak. - * gpg: Allow the use of multiple --default-key options; take the last - available key. - * gpg: New option --encrypt-to-default-key. - * gpg: New option --unwrap to only strip the encryption layer. - * gpg: New option --only-sign-text-ids to exclude photo IDs from key - signing. - * gpg: Check for ambigious or non-matching key specification in the - config file or given to --encrypt-to. - * gpg: Show the used card reader with --card-status. - * gpg: Print export statistics and an EXPORTED status line. - * gpg: Allow selecting subkeys by keyid in --edit-key. - * gpg: Allow updating the expiration time of multiple subkeys at - once. - * dirmngr: New option --use-tor. For full support this requires - libassuan version 2.4.2 and a patched version of libadns - (e.g. adns-1.4-g10-7 as used by the standard Windows installer). - * dirmngr: New option --nameserver to specify the nameserver used in - Tor mode. - * dirmngr: Keyservers may again be specified by IP address. - * dirmngr: Fixed problems in resolving keyserver pools. - * dirmngr: Fixed handling of premature termination of TLS streams so - that large numbers of keys can be refreshed via hkps. - * gpg: Fixed a regression in --locate-key [since 2.1.9]. - * gpg: Fixed another bug for keyrings with legacy keys. - * gpgsm: Allow combinations of usage flags in --gen-key. - * Make tilde expansion work with most options. - * Many other cleanups and bug fixes. - -------------------------------------------------------------------- -Tue Nov 24 10:27:58 UTC 2015 - vcizek@suse.com - -- enable tests for PPC64 again, - the problem from bsc#935887 went away - -------------------------------------------------------------------- -Fri Nov 20 16:03:03 UTC 2015 - astieger@suse.com - -- Improve upgrade to gpg2 from security:privacy w.r.t. libassuan - run-time dependencies (boo#955982) - -------------------------------------------------------------------- -Sat Oct 10 11:39:55 UTC 2015 - astieger@suse.com - -- GnuPG 2.1.9: - * gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate).\ - New option --print-dane-records. - * gpg: Fix for a problem with PGP-2 keys in a keyring. - * gpg: Fail with an error instead of a warning if a modern cipher - algorithm is used without a MDC. - * agent: New option --pinentry-invisible-char. - * agent: Always do a RSA signature verification after creation. - * agent: Fix a regression in ssh-add-ing Ed25519 keys. - * agent: Fix ssh fingerprint computation for nistp384 and EdDSA. - * agent: Fix crash during passprase entry on some platforms. - * scd: Change timeout to fix problems with some 2.1 cards. - * dirmngr: Displayed name is now Key Acquirer. - * dirmngr: Add option --keyserver. Deprecate that option for gpg. - Install a dirmngr.conf file from a skeleton for new installations. -- update gnupg-add_legacy_FIPS_mode_option.patch for context change - -------------------------------------------------------------------- -Fri Sep 11 06:02:23 UTC 2015 - astieger@suse.com - -- GnuPG 2.1.8: - * gpg: Sending very large keys to the keyservers works again. - * gpg: Validity strings in key listings are now again translatable. - * gpg: Emit FAILURE status lines to help GPGME. - * gpg: Does not anymore link to Libksba to reduce dependencies. - * gpgsm: Export of secret keys via Assuan is now possible. - * agent: Raise the maximum passphrase length from 100 to 255 bytes. - * agent: Fix regression using EdDSA keys with ssh. - * Does not anymore use a build timestamp by default. - * The fallback encoding for broken locale settings changed - from Latin-1 to UTF-8. - * Many code cleanups and improved internal documentation. - * Various minor bug fixes. - -------------------------------------------------------------------- -Wed Aug 12 10:58:48 UTC 2015 - astieger@suse.com - -- GnuPG 2.1.7: - * gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used. - * gpg: In the --edit-key menu: Removed the need for "toggle", changed - how secret keys are indicated, new commands "fpr *" and "grip". - * gpg: More fixes related to legacy keys in a keyring. - * gpgv: Does now also work with a "trustedkeys.kbx" file. - * scd: Support some feature from the OpenPGP card 3.0 specs. - * scd: Improved ECC support - * agent: New option --force for the DELETE_KEY command. - * Dropped deprecated gpgsm-gencert.sh - * Various other bug fixes. - -------------------------------------------------------------------- -Thu Jul 2 14:26:21 UTC 2015 - astieger@suse.com - -- do not run checks on ppc64 for now - -------------------------------------------------------------------- -Wed Jul 1 14:15:28 UTC 2015 - astieger@suse.com - -- GnuPG 2.1.6: - * agent: New option --verify for the PASSWD command. - * gpgsm: Add command option "offline" as an alternative to - --disable-dirmngr. - * gpg: Do not prompt multiple times for a password in pinentry - loopback mode. - * Allow the use of debug category names with --debug. - * Using gpg-agent and gpg/gpgsm with different locales will now show - the correct translations in Pinentry. - * gpg: Improve speed of --list-sigs and --check-sigs. - * gpg: Make --list-options show-sig-subpackets work again. - * gpg: Fix an export problem for old keyrings with PGP-2 keys. - * scd: Support PIN-pads on more readers. - * dirmngr: Properly cleanup zombie LDAP helper processes and avoid - hangs on dirmngr shutdown. - * Various other bug fixes. -- remove documentation make workaround, fixed upstream - -------------------------------------------------------------------- -Sun Jun 28 13:14:03 UTC 2015 - schwab@linux-m68k.org - -- Enable workaround for missing dependencies everywhere - -------------------------------------------------------------------- -Mon Jun 15 13:20:33 UTC 2015 - astieger@suse.com - -- fix build with openSUSE 13.2 and earlier, call make to - compensate for incorrect documentation dependencies. - -------------------------------------------------------------------- -Thu Jun 11 14:32:09 UTC 2015 - astieger@suse.com - -- GnuPG 2.1.5: - * Support for an external passphrase cache. - * Support for the forthcoming version 3 OpenPGP smartcard. - * Manuals now show the actual used file names. - * Prepared for improved integration with Emacs. - * Code cleanups and minor bug fixes. - -------------------------------------------------------------------- -Sun May 17 08:24:15 UTC 2015 - meissner@suse.com - -- info deinstall needs to be in %preun - -------------------------------------------------------------------- -Tue May 12 18:04:36 UTC 2015 - astieger@suse.com - -- update to 2.1.4: - * gpg: Add command --quick-adduid to non-interacitivly add a new - user id to an existing key. - * gpg: Do no enable honor-keyserver-url by default. Make it work - if enabled. - * gpg: Display the serial number in the --card-staus output again. - * agent: Support for external password managers. - Add option --no-allow-external-cache. - * scdaemon: Improved handling of extended APDUs. - * Make HTTP proxies work again. - * All network access including DNS as been moved to Dirmngr. - * Allow building without LDAP support. - * Fixed lots of smaller bugs. - -------------------------------------------------------------------- -Sat Apr 11 18:59:42 UTC 2015 - astieger@suse.com - -- update to 2.1.3: - * gpg: LDAP keyservers are now supported by 2.1. - * gpg: New option --with-icao-spelling. - * gpg: New option --print-pka-records. Changed the PKA method to - use CERT records and hashed names. - * gpg: New command --list-gcrypt-config. New parameter "curve" - for --list-config. - * gpg: Print a NEWSIG status line like gpgsm always did. - * gpg: Print MPI values with --list-packets and --verbose. - * gpg: Write correct MPI lengths with ECC keys. - * gpg: Skip legacy PGP-2 keys while searching. - (drop 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch - now upstream) - * gpg: Improved searching for mail addresses when using a keybox. - * gpgsm: Changed default algos to AES-128 and SHA-256. - * gpgtar: Fixed extracting files with sizes of a multiple of 512. - * dirmngr: Fixed SNI handling for hkps pools. - (drop hkps-fix-host-name-verification-when-using-pools.patch - now upstream) - * dirmngr: extra-certs and trusted-certs are now always loaded - from the sysconfig dir instead of the homedir. - * Fixed possible problems due to compiler optimization, two minor - regressions, and other bugs. -- refreshed for context changes: - * gnupg-2.0.18-files-are-digests.patch - * gnupg-add_legacy_FIPS_mode_option.patch - -------------------------------------------------------------------- -Mon Mar 23 11:48:24 UTC 2015 - idonmez@suse.com - -- Add hkps-fix-host-name-verification-when-using-pools.patch to - fix hkps support w/ pools. Upstream commit dc10d46. - -------------------------------------------------------------------- -Thu Mar 19 15:56:12 UTC 2015 - astieger@suse.com - -- Ensure secure memory can be used with default 64k memlock limit - Fixes [boo#915931], removes gnupg-large_keys.patch -- Removed gnupg-remove_development_version_warning.patch, obsolete -- Removed gnupg-2.0.4-install_tools.diff, replaced by spec install -- Removed autoconf requirement and autoreconf calls thus obsoleted - -------------------------------------------------------------------- -Tue Feb 24 08:10:22 UTC 2015 - astieger@suse.com - -- Fix invalid packet read error when reading keyrings [boo#914625] - add 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch - -------------------------------------------------------------------- -Wed Feb 11 21:48:13 UTC 2015 - astieger@suse.com - -- update to 2.1.2: - * gpg: The parameter 'Passphrase' for batch key generation works - again. - * gpg: Using a passphrase option in batch mode now has the - expected effect on --quick-gen-key. - * gpg: Improved reporting of unsupported PGP-2 keys. - * gpg: Added support for algo names when generating keys using - --command-fd. - * gpg: Fixed DoS based on bogus and overlong key packets. - * agent: When setting --default-cache-ttl the value - for --max-cache-ttl is adjusted to be not lower than the former. - * agent: Fixed problems with the new --extra-socket. - * agent: Made --allow-loopback-pinentry changeable with gpgconf. - * agent: Fixed importing of unprotected openpgp keys. - * agent: Now tries to use a fallback pinentry if the standard - pinentry is not installed. - * scd: Added support for ECDH. - * Fixed several bugs related to bogus keyrings and improved some - other code. -- in gnupg-2.0.18-files-are-digests.patch, change buffer_to_u32 to - buf32_to_u32 from host2net.h to match upstream changes -- now requires automake 1.14 - -------------------------------------------------------------------- -Fri Dec 26 21:15:55 UTC 2014 - andreas.stieger@gmx.de - -- update to 2.1.1: - * gpg: Detect faulty use of --verify on detached signatures. - * gpg: New import option "keep-ownertrust". - * gpg: New sub-command "factory-reset" for --card-edit. - * gpg: A stub key for smartcards is now created by --card-status. - * gpg: Fixed regression in --refresh-keys. - * gpg: Fixed regresion in %g and %p codes for --sig-notation. - * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. - * gpg: Improved perceived speed of secret key listisngs. - * gpg: Print number of skipped PGP-2 keys on import. - * gpg: Removed the option aliases --throw-keyid and --notation-data; - use --throw-keyids and --set-notation instead. - * gpg: New import option "keep-ownertrust". - * gpg: Skip too large keys during import. - * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or - dirmngr. - * gpg-agent: New option --extra-socket to provide a restricted - command set for use with remote clients. - * gpgconf --kill does not anymore start a service only to kill it. - * gpg-pconnect-agent: Add convenience option --uiserver. - * More translations (but most of them are not complete). - * To support remotely mounted home directories, the IPC sockets may - now be redirected. This feature requires Libassuan 2.2.0. - * Improved portability and the usual bunch of bug fixes. -- removed patch not part of upstream release: - gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch -- refresh for context changes: - gnupg-2.0.18-files-are-digests.patch - gnupg-2.0.4-install_tools.diff -- refresh for upstream code changes: - gnupg-add_legacy_FIPS_mode_option.patch - gnupg-detect_FIPS_mode.patch (MD5 removed) - -------------------------------------------------------------------- -Thu Dec 25 18:09:11 UTC 2014 - dev@stellardeath.org - -- Support for large RSA keys - This involves compiling with --enable-large-rsa and - --enable-large-secmem, as well as patching the number - of secmem bytes and IPC bytes to slightly larger values. - See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 - * added gnupg-large_keys.patch - -------------------------------------------------------------------- -Wed Dec 3 22:37:59 UTC 2014 - andreas.stieger@gmx.de - -- update build requirement versions that changed with 2.1.0 - -------------------------------------------------------------------- -Wed Nov 26 19:21:15 UTC 2014 - andreas.stieger@gmx.de - -- fix buffer overflow in OID to string conversion function - [boo#907198], adding - gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch - -------------------------------------------------------------------- -Tue Nov 11 16:10:04 UTC 2014 - vcizek@suse.com - -- obsolete dirmngr (shipped with gpg since 2.1.0) -- spec cleanup after previous update -- get rid of "THIS IS A DEVELOPMENT VERSION" warning - http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html - * added gnupg-remove_development_version_warning.patch - -------------------------------------------------------------------- -Thu Nov 6 17:32:39 UTC 2014 - vcizek@suse.com - -- upgrade to 2.1.0 (modern) - - The file "secring.gpg" is not anymore used to store the secret - keys. Merging of secret keys is now supported. - - All support for PGP-2 keys has been removed for security reasons. - - The standard key generation interface is now much leaner. This - will help a new user to quickly generate a suitable key. - - Support for Elliptic Curve Cryptography (ECC) is now available. - - Commands to create and sign keys from the command line without any - extra prompts are now available. - - The Pinentry may now show the new passphrase entry and the - passphrase confirmation entry in one dialog. - - There is no more need to manually start the gpg-agent. It is now - started by any part of GnuPG as needed. - - Problems with importing keys with the same long key id have been - addressed. - - The Dirmngr is now part of GnuPG proper and also takes care of - accessing keyserver. - - Keyserver pools are now handled in a smarter way. - - A new format for locally storing the public keys is now used. - This considerable speeds up operations on large keyrings. - - Revocation certificates are now created by default. - - Card support has been updated, new readers and token types are - supported. - - The format of the key listing has been changed to better identify - the properties of a key. - - The gpg-agent may now be used on Windows as a Pageant replacement - for Putty in the same way it is used for years on Unix as - ssh-agent replacement. - - Creation of X.509 certificates has been improved. It is now also - possible to export them directly in PKCS#8 and PEM format for use - on TLS servers. -- dropped patches: - * gnupg-2.0.20-automake113.diff - * gnupg-2.0.18-tmpdir.diff (socket is created in homedir now) -- refresh most of the remaining patches -- added new BuildRequires: gnutls-devel, pkg-config, npth-devel - -------------------------------------------------------------------- -Tue Aug 12 20:19:45 UTC 2014 - andreas.stieger@gmx.de - -- update to 2.0.26: - * gpg: Fix a regression in 2.0.24 if a subkey id is given - to --recv-keys et al. - * gpg: Cap attribute packets at 16MB. - * gpgsm: Auto-create the ".gnupg" home directory in the same - way gpg does. - * scdaemon: Allow for certificates > 1024 when using PC/SC. -- remove URL from package keyring, upstream file metadata changes - -------------------------------------------------------------------- -Tue Jul 1 21:05:55 UTC 2014 - andreas.stieger@gmx.de - -- gnupg-add_legacy_FIPS_mode_option.patch (part of [bnc#856312]) - mentions GCRYCTL_INACTIVATE_FIPS_FLAG, raising the requirement - for gcrypt from 1.4.0 (from configure) to 1.6.1 where said flag - was introduced. Require this version to build. - -------------------------------------------------------------------- -Mon Jun 30 18:52:36 UTC 2014 - andreas.stieger@gmx.de - -- update to 2.0.25: - * gpg: Fix a regression in 2.0.24 if more than one keyid is given - to --recv-keys et al. - * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended - key generation. - * gpgsm: Fix a DISPLAY related problem with - --export-secret-key-p12. - * scdaemon: Support reader Gemalto IDBridge CT30. - -------------------------------------------------------------------- -Tue Jun 24 22:25:12 UTC 2014 - andreas.stieger@gmx.de - -- update to 2.0.24 - Contains a security fix to stop a possible DoS using garbled - compressed data packets which can be used to put gpg into an - infinite loop. [bnc#884130] [CVE-2014-4617] - * gpg: Avoid DoS due to garbled compressed data packets. -- further: - * gpg: Screen keyserver responses to avoid importing unwanted - keys from rogue servers. - * gpg: The validity of user ids is now shown by default. To - revert this add "list-options no-show-uid-validity" to gpg.conf - * gpg: Print more specific reason codes with the INV_RECP status. - * gpg: Allow loading of a cert only key to an OpenPGP card. - * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt - 1.6. - -------------------------------------------------------------------- -Tue Jun 3 21:55:34 UTC 2014 - andreas.stieger@gmx.de - -- update to 2.0.23: - * gpg: Reject signatures made using the MD5 hash algorithm unless the - new option --allow-weak-digest-algos or --pgp2 are given. - * gpg: Do not create a trustdb file if --trust-model=always is used. - * gpg: Only the major version number is by default included in the - armored output. - * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the - communication with the gpg-agent. - * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more - aligned to the regular key listing ("gpg -k"). - * gpg: The option--show-session-key prints its output now before the - decryption of the bulk message starts. - * gpg: New %U expando for the photo viewer. - * gpgsm: Improved handling of re-issued CA certificates. - * scdaemon: Various fixes for pinpad equipped card readers. - * Minor bug fixes. -- Packaging changes: - * add gpgtar utility - * update and use use source URL for tarball signing key - * removed gnupg-2.0.9-RSA_ES.patch, applied upstream - * updated for context changes: - gnupg-add_legacy_FIPS_mode_option.patch - gnupg-2.0.18-files-are-digests.patch - gnupg-dont-fail-with-seahorse-agent.patch - -------------------------------------------------------------------- -Tue Apr 29 12:06:03 UTC 2014 - vcizek@suse.com - -- add patch by Stephan Mueller which adds an option to enable - legacy ciphers in FIPS mode - * added gnupg-add_legacy_FIPS_mode_option.patch - (part of bnc#856312) -- added BuildRequires: makeinfo (to build info pages from the - patched gnupg.texi) - -------------------------------------------------------------------- -Fri Feb 14 16:14:14 UTC 2014 - vcizek@suse.com - -- install scdaemon to /usr/bin (bnc#863645) - -------------------------------------------------------------------- -Sat Oct 5 11:44:42 UTC 2013 - andreas.stieger@gmx.de - -- update to 2.0.22 [bnc#844175] - * Fixed possible infinite recursion in the compressed packet - parser. [CVE-2013-4402] - * Improved support for some card readers. - * Prepared building with the forthcoming Libgcrypt 1.6. - * Protect against rogue keyservers sending secret keys. -- remove gpg2-CVE-2013-4351.patch, committed upstream - -------------------------------------------------------------------- -Mon Sep 16 11:08:55 UTC 2013 - vcizek@suse.com - -- fix CVE-2013-4351 (bnc#840510) - -------------------------------------------------------------------- -Mon Aug 19 17:59:48 UTC 2013 - andreas.stieger@gmx.de - -- update to 2.0.21 - * gpg-agent: By default the users are now asked via the Pinentry - whether they trust an X.509 root key. To prohibit interactive - marking of such keys, the new option --no-allow-mark-trusted may - be used. - * gpg-agent: The command KEYINFO has options to add info from - sshcontrol. - * The included ssh agent does now support ECDSA keys. -- now requires libgpg-error 1.11 -- update gnupg-2.0.9-langinfo.patch for upstream whitespace changes -- drop gnupg-broken-curl-test.patch, no longer required - -------------------------------------------------------------------- -Mon Jun 17 12:48:24 UTC 2013 - coolo@suse.com - -- revert usage of gpg-offline to avoid cycles - -------------------------------------------------------------------- -Mon Jun 17 12:40:10 UTC 2013 - coolo@suse.com - -- add gnupg-2.0.20-automake113.diff to fix build with automake 1.13 - -------------------------------------------------------------------- -Tue May 14 14:00:45 UTC 2013 - vcizek@suse.com - -- set safe umask before creating a plaintext file (bnc#780943) - added gpg2-set_umask_before_open_outfile.patch -- select proper ciphers when running in FIPS mode (bnc#808958) - added gnupg-detect_FIPS_mode.patch - -------------------------------------------------------------------- -Fri May 10 19:33:24 UTC 2013 - andreas.stieger@gmx.de - -- update to 2.0.20 - * Decryption using smartcards keys > 3072 bit does now work. - * New meta option ignore-invalid-option to allow using the same - option file by other GnuPG versions. - * gpg: The hash algorithm is now printed for sig records in key listings. - * gpg: Skip invalid keyblock packets during import to avoid a DoS. - * gpg: Correctly handle ports from DNS SRV records. - * keyserver: Improve use of SRV records - * gpg-agent: Avoid tty corruption when killing pinentry. - * scdaemon: Improve detection of card insertion and removal. - * scdaemon: Rename option --disable-keypad to --disable-pinpad. - * scdaemon: Better support for CCID readers. Now, the internal CCID - driver supports readers without the auto configuration feature. - * scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and - it supports variable length PIN input, and you specify - --enable-pinpad-varlen option. - * scdaemon: New option --enable-pinpad-varlen. - * scdaemon: Install into libexecdir to avoid accidental execution - from the command line. - * Assorted bug fixes. -- refresh gnupg-2.0.9-RSA_ES.patch -- verify gpg signature of source tarball - -------------------------------------------------------------------- -Wed Mar 27 12:16:19 UTC 2013 - mmeister@suse.com - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -------------------------------------------------------------------- -Fri Jan 11 20:26:50 UTC 2013 - lazy.kent@opensuse.org - -- BuildRequires: libbz2-devel (support BZIP2 compression - algorithm) (bnc#798175). - -------------------------------------------------------------------- -Wed Apr 18 10:55:34 UTC 2012 - vcizek@suse.com - -- Mention some of the changes in Greg's version update - -------------------------------------------------------------------- -Tue Mar 27 20:38:27 UTC 2012 - gregkh@opensuse.org - -- update to upstream 2.0.19 - * GPG now accepts a space separated fingerprint as a user ID. This - allows to copy and paste the fingerprint from the key listing. - * GPG now uses the longest key ID available. Removed support for the - original HKP keyserver which is not anymore used by any site. - * Rebuild the trustdb after changing the option --min-cert-level. - * Ukrainian translation. - * Honor option --cert-digest-algo when creating a cert. - * Emit a DECRYPTION_INFO status line. - * Improved detection of JPEG files. - -------------------------------------------------------------------- -Tue Dec 6 10:58:36 UTC 2011 - vcizek@suse.com - -- fixed licence to GPL-3.0+ (bnc#734878) - -------------------------------------------------------------------- -Wed Nov 30 09:55:47 UTC 2011 - coolo@suse.com - -- add automake as buildrequire to avoid implicit dependency - -------------------------------------------------------------------- -Sat Oct 1 15:53:04 UTC 2011 - crrodriguez@opensuse.org - -- Test suite hangs in qemu-arm, workaround. - -------------------------------------------------------------------- -Wed Aug 31 10:00:35 UTC 2011 - puzel@suse.com - -- link with -pie - -------------------------------------------------------------------- -Fri Aug 19 01:11:42 UTC 2011 - crrodriguez@opensuse.org - -- libcurl.m4 tests were broken, resulting in the usage - of a "fake" internal libcurl. - -------------------------------------------------------------------- -Sat Aug 6 20:19:09 UTC 2011 - andreas.stieger@gmx.de - -- update to upstream 2.0.18 - * Bug fix for newer versions of Libgcrypt. - * Support the SSH confirm flag and show SSH fingerprints in ssh - related pinentries. - * Improved dirmngr/gpgsm interaction for OCSP. - * Allow generation of card keys up to 4096 bit. -- refresh patch gnupg-2.0.10-tmpdir.diff -> gnupg-2.0.18-tmpdir.diff -- refresh patch gnupg-files-are-digests.patch -> gnupg-2.0.18-files-are-digests.patch - -------------------------------------------------------------------- -Tue Mar 15 09:29:42 UTC 2011 - puzel@novell.com - -- update to gnupg-2.0.17 - * Allow more hash algorithms with the OpenPGP v2 card. - * The gpg-agent now tests for a new gpg-agent.conf on a HUP. - * Fixed output of "gpgconf --check-options". - * Fixed a bug where Scdaemon sends a signal to Gpg-agent running - in non-daemon mode. - * Fixed TTY management for pinentries and session variable update - problem. -- drop gnupg-CVE-2010-2547.patch (in upstream) - -------------------------------------------------------------------- -Fri Jan 7 13:24:17 CET 2011 - sbrabec@suse.cz - -- Removed obsolete BuildRequires of opensc-devel. - -------------------------------------------------------------------- -Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de - -- Use %_smp_mflags - -------------------------------------------------------------------- -Wed Jul 28 09:39:00 UTC 2010 - puzel@novell.com - -- gnupg-CVE-2010-2547.patch (bnc#625947) -- renumber patches - -------------------------------------------------------------------- -Mon Jul 19 21:49:40 UTC 2010 - puzel@novell.com - -- update to gnupg-2.0.16 - * If the agent's --use-standard-socket option is active, all tools - try to start and daemonize the agent on the fly. In the past this - was only supported on W32; on non-W32 systems the new configure - option --use-standard-socket may now be used to use this feature by - default. - * The gpg-agent commands KILLAGENT and RELOADAGENT are now available - on all platforms. - * Minor bug fixes. -- drop gnupg-2.0.14-s2kcount.patch (builds fine without it now) - -------------------------------------------------------------------- -Mon Jun 7 09:40:32 UTC 2010 - adrian@suse.de - -- add special provides to make sure that obs signd gets correct gpg version - -------------------------------------------------------------------- -Fri Apr 9 12:47:11 UTC 2010 - chris@computersalat.de - -- fix deps - o libassuan-devel >= 2.0.0 - o pth / libpth-devel >= 1.3.7 -- added BuildReq libcurl-devel >= 7.10 -- removed BuildReq openldap2 - is already solved by openldap2-devel -- removed unrecognized configure options - --enable-external-hkp, --enable-shared, --enable-static-rnd - -------------------------------------------------------------------- -Wed Apr 7 14:19:11 UTC 2010 - puzel@novell.com - -- add gnupg-dont-fail-with-seahorse-agent.patch (bnc#589994) - -------------------------------------------------------------------- -Wed Mar 31 13:47:00 UTC 2010 - puzel@novell.com - -- update to gnupg-2.0.15 - * New command --passwd for GPG. - * Fixes a regression in 2.0.14 which prevented unprotection of new - or changed gpg-agent passphrases. - * Make use of libassuan 2.0 which is available as a DSO. - -------------------------------------------------------------------- -Mon Mar 22 15:09:24 UTC 2010 - puzel@novell.com - -- fix files-are-digests patch (bnc#469229) - -------------------------------------------------------------------- -Wed Feb 17 13:29:18 CET 2010 - dimstar@opensuse.org - -- Update to version 2.0.14: - + The default for --include-cert is now to include all - certificates in the chain except for the root certificate. - + Numerical values may now be used as an alternative to the - debug-level keywords. - + The GPGSM --audit-log feature is now more complete. - + GPG now supports DNS lookups for SRV, PKA and CERT on W32. - + New GPGSM option --ignore-cert-extension. - + New and changed passphrases are now created with an iteration - count requiring about 100ms of CPU work. -- Add gnupg-2.0.14-s2kcount.patch: use fixed s2k-count number - otherwise the gpg2 would want to consult gpg-agent which is not - yet installed in the mock chroot (Patch shamelessly stolen from - Fedora). - -------------------------------------------------------------------- -Thu Jan 28 14:15:24 UTC 2010 - puzel@novell.com - -- fix build for older distributions - -------------------------------------------------------------------- -Wed Jan 27 16:30:41 UTC 2010 - puzel@novell.com - -- port files-are-digests patch from gpg1 (bnc#469229) - -------------------------------------------------------------------- -Tue Dec 15 20:56:35 CET 2009 - jengelh@medozas.de - -- enable parallel building -- SPARC needs large PIE model - -------------------------------------------------------------------- -Sun Dec 6 08:52:32 UTC 2009 - coolo@novell.com - -- change -lang require to recommended - -------------------------------------------------------------------- -Fri Nov 13 14:37:58 UTC 2009 - puzel@novell.com - -- update to gnupg-2.0.13 - * GPG now generates 2048 bit RSA keys by default. The default hash - algorithm preferences has changed to prefer SHA-256 over SHA-1. - 2048 bit DSA keys are now generated to use a 256 bit hash algorithm - * The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now - passed to the Pinentry to make SCIM work. - * The GPGSM command --gen-key features a --batch mode and implements - all features of gpgsm-gencert.sh in standard mode. - * New option --re-import for GPGSM's IMPORT server command. - * Enhanced writing of existing keys to OpenPGP v2 cards. - * Add hack to the internal CCID driver to allow the use of some - Omnikey based card readers with 2048 bit keys. - * GPG now repeatly asks the user to insert the requested OpenPGP - card. This can be disabled with --limit-card-insert-tries=1. - * Minor bug fixes. -- drop gnupg-2.0.4-default-tty.diff - -------------------------------------------------------------------- -Thu Jun 18 13:22:00 CEST 2009 - puzel@novell.com - -- update to gnupg-2.0.12 - * GPGSM now always lists ephemeral certificates if specified by - fingerprint or keygrip. - * New command "KEYINFO" for GPG_AGENT. GPGSM now also returns - information about smartcards. - * Made sure not to leak file descriptors if running gpg-agent with a - command. Restore the signal mask to solve a problem in Mono. - * Changed order of the confirmation questions for root certificates - and store negative answers in trustlist.txt. - * Better synchronization of concurrent smartcard sessions. - * Support 2048 bit OpenPGP cards. - * Support Telesec Netkey 3 cards. - * The gpg-protect-tool now uses gpg-agent via libassuan. - * Changed code to avoid a possible Mac OS X system freeze. -- drop gpg2-fix-rtsignals.patch (fixed upstream) -- drop gnupg-1.9.22-ccid-driver-fix.diff (unused) - -------------------------------------------------------------------- -Thu Jun 11 11:19:58 CEST 2009 - puzel@suse.cz - -- change BuildRequires: (pth-devel -> libpth-devel) - -------------------------------------------------------------------- -Mon Jun 1 11:26:12 CEST 2009 - puzel@suse.cz - -- BuildRequires: pth-devel - -------------------------------------------------------------------- -Wed Mar 18 13:51:30 CET 2009 - puzel@suse.cz - -- add gpg2-fix-rtsignals.patch (bnc#481463) - -------------------------------------------------------------------- -Thu Mar 5 13:39:42 CET 2009 - puzel@suse.cz - -- update to 2.0.11 - * Fixed a problem in SCDAEMON which caused unexpected card resets. - * SCDAEMON is now aware of the Geldkarte. - * The SCDAEMON option --allow-admin is now used by default. - * GPGCONF now restarts SCdaemon if necessary. - * The default cipher algorithm in GPGSM is now again 3DES. This is - due to interoperability problems with Outlook 2003 which still - can't cope with AES. -- dropped gnupg-2.0.10-fix-convert.patch (upstream) -- dropped gnupg-2.0.10-fix-missing-option.patch (upstream) -- disabled gnupg-1.9.22-ccid-driver-fix.diff (does not apply and it is - not clear what it is good for) - -------------------------------------------------------------------- -Mon Mar 2 15:53:22 CET 2009 - puzel@suse.cz - -- gnupg-2.0.10-fix-missing-option.patch (bnc#477362) - -------------------------------------------------------------------- -Mon Jan 19 16:16:11 CET 2009 - puzel@suse.cz - -- add gnupg-2.0.10-fix-convert.patch - - fix broken 'make check' on ppc, s390 and s390x - -------------------------------------------------------------------- -Tue Jan 13 10:38:38 CET 2009 - puzel@suse.cz - -- update to 2.0.10 - * New keyserver helper gpg2keys_kdns as generic DNS CERT - lookup. - * New mechanisms "local" and "nodefault" for --auto-key-locate. - Fixed a few problems with this option. - * New command --locate-keys. - * New options --with-sig-list and --with-sig-check. - * The option "-sat" is no longer an alias for --clearsign. - * The option --fixed-list-mode is now implicitly used and obsolete. - * New control statement %ask-passphrase for the unattended key - generation. - * The algorithm to compute the SIG_ID status has been changed. - * [gpgsm] Now uses AES by default. - * [gpgsm] Made --output option work with --export-secret-key-p12. - * [gpg-agent] Terminate process if the own listening socket is not - anymore served by ourself. - * [gpg-connect-agent] Accept commands given as command line arguments. - * The gpg-preset-passphrase mechanism works again. An arbitrary - string may now be used for a custom cache ID. - * Admin PINs are cached again (bug in 2.0.9). - * Support for version 2 OpenPGP cards. - -- specfile changes: - * require libadns - * explicit versions for some BuildRequires - * BuildRequires libgpg-error - * changed license to GPL v3 - * /etc/gnupg/gnupg.conf is now (noreplace) - * documentation is installed with install - -------------------------------------------------------------------- -Wed Jun 11 11:06:09 CEST 2008 - puzel@suse.cz - -- fix [bnc#305725] - UTF-8 problems - * non latin characters displayed incorrectly by pinentry-* - -------------------------------------------------------------------- -Wed May 21 14:01:14 CEST 2008 - puzel@suse.cz - -- added missing gpgconf.conf (bnc#391347) - -------------------------------------------------------------------- -Fri Mar 28 16:14:33 CET 2008 - pcerny@suse.cz - -- update to 2.0.9 - * fixes CVE-2008-1530 (bnc#374254) - * removing gnupg-2.0.8-from-upstream.diff (included in release) - * removing gnupg-2.0.4-oldkey.diff (accepted by upstream) - * removing gnupg-2.0.8-warningfixes.diff - (also appears in upstream) -- patch gnupg-2.0.9-RSA_ES.patch - * adding back support for deprecated RSA_E, RSA_S algorithms - (bnc#342979) - -------------------------------------------------------------------- -Wed Mar 26 22:07:29 CET 2008 - coolo@suse.de - -- require the split out lang package - -------------------------------------------------------------------- -Sun Mar 23 12:10:56 CET 2008 - coolo@suse.de - -- splitting out a third of the package by using a lang subpack - -------------------------------------------------------------------- -Tue Feb 12 19:24:37 CET 2008 - bk@suse.de - -- install gpg-zip and gpgsplit again and use -pie for randomisation - -------------------------------------------------------------------- -Wed Feb 6 18:16:34 CET 2008 - bk@suse.de - -- add selected upstream fixes and fix gcc and rpmlint warnings - -------------------------------------------------------------------- -Tue Jan 8 10:48:30 CET 2008 - sassmann@suse.de - -- update to GnuPG-2.0.8 -- adapted patches to apply properly - * gnupg-1.9.18-tmpdir.diff - * gnupg-2.0.4-install_tools.diff -- gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, - included in upstream 2.0.8 -- use optflags during build - -------------------------------------------------------------------- -Wed Sep 12 22:40:46 CEST 2007 - ltinkl@suse.cz - -- fix #304749 - gpg2 unable to use old secret key - -------------------------------------------------------------------- -Mon Sep 10 20:13:07 CEST 2007 - ltinkl@suse.cz - -- fix gpg2 crash on accessing key (#307666) -- fix gpg doesn't work on the console (#302323) - -------------------------------------------------------------------- -Fri Aug 10 11:50:20 CEST 2007 - bk@suse.de - -- update to GnuPG-2.0.5 - requries libassuan-1.0.2! - * Switched license to GPLv3. - * Fixed bug when using the --p12-charset without --armor. - * The command --gen-key may now be used instead of the - gpgsm-gencert.sh script. - * Changed key generation to reveal less information about the - machine. Bug fixes for gpg2's card key generation. -- enable make check to test against build issues in the crypto engine -- cleanup disabled nld patch for linking with -lgpg-error-nld -- use %find_lang to label the locale files properly with %lang -- add opensc-devel to BuildRequrires to enanble smartcard support -- del Makefile.in patches where we patch Makefile.am and run automake -- cleanup the standrd GNU INSTALL and the empty VERSION from %doc - -------------------------------------------------------------------- -Thu Jul 26 13:16:22 CEST 2007 - sbrabec@suse.cz - -- Build with libassuan-devel. - -------------------------------------------------------------------- -Thu Jun 21 20:31:44 CEST 2007 - ro@suse.de - -- install compat symlinks for gpg2 and gpgv2 -- install gpg-zip and gpgsplit -- added openldap2 to buildrequires (for gpgkeys_ldap) -- added fPIE/pie to CFLAGS/LDFLAGS for gpgsplit - -------------------------------------------------------------------- -Wed May 23 19:02:45 CEST 2007 - dmueller@suse.de - -- add libusb-devel build requires - -------------------------------------------------------------------- -Wed May 16 14:27:28 CEST 2007 - ltinkl@suse.cz - -- remove gpg from Require's (#273491) - -------------------------------------------------------------------- -Fri May 11 13:20:19 CEST 2007 - ltinkl@suse.cz - -- updated to 2.0.4 stable snapshot - -------------------------------------------------------------------- -Wed Apr 4 12:42:06 CEST 2007 - ltinkl@suse.cz - -- update to 2.0.3 -- fixed #251605 - VUL-0: signing issues within GNUPG -- removed outdated patches - -------------------------------------------------------------------- -Fri Mar 30 01:58:56 CEST 2007 - ro@suse.de - -- added zlib-devel to buildreq - -------------------------------------------------------------------- -Wed Feb 14 15:14:44 CET 2007 - ltinkl@suse.cz - -- fix file conflicts with gpg (#242133) - -------------------------------------------------------------------- -Tue Jan 30 00:34:50 CET 2007 - ro@suse.de - -- fix build (exclude possible debuginfo directory) - -------------------------------------------------------------------- -Mon Jan 29 16:22:15 CET 2007 - ltinkl@suse.cz - -- fix #221212 - gpg2 is not updated and do not contain documentation -- fix #233525 - gpg1/2: bug in vasprintf() implementation - ------------------------------------------------------------------- Thu Nov 30 16:59:25 CET 2006 - anicka@suse.cz diff --git a/gpg2.keyring b/gpg2.keyring deleted file mode 100644 index dd3bb0b..0000000 --- a/gpg2.keyring +++ /dev/null @@ -1,86 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531 -3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB -a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb -LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO -MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD -ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ -hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ -F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV -+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o -BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL -/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg -dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg -xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ -hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K -ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z -QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn -ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz -iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47 -CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+ -FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ -CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs -IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl -fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ -6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu -ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo -sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x -/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/ -Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE -o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv -5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP -4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7 -b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ -bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk -icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo -GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj -m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/ -IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp -/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB -BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l -ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ -AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe -BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0 -EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh -BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv -V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37 -c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR -OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ -l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q -Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W -HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi -UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8 -7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8 -wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP -C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V -bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO -Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt -VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd -fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu -dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F -AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO -my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX -7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c -3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS -QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF -vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe -vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM -YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ -t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY -eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM -4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+ -7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X -D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm -MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy -MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x -14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa -jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV -WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF -AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR -RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W -IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS -N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw -eiInsGZ/+h5XYrpXTgA= -=4+Sn ------END PGP PUBLIC KEY BLOCK----- diff --git a/gpg2.spec b/gpg2.spec index 7ffb33c..1f576a7 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,201 +1,199 @@ # -# spec file for package gpg2 +# spec file for package gpg2 (Version 1.9.22) # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. # -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# norootforbuild Name: gpg2 -Version: 2.4.1 -Release: 0 -Summary: File encryption, decryption, signature creation and verification utility -License: GPL-3.0-or-later +BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite +URL: http://www.gnupg.org/aegypten2/ +License: GNU General Public License (GPL) Group: Productivity/Networking/Security -URL: https://www.gnupg.org -Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 -Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig -# https://www.gnupg.org/signature_key.html -Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring -Source4: scdaemon.udev -Source99: %{name}.changes -Patch1: gnupg-gpg-agent-ulimit.patch -Patch2: gnupg-2.0.9-langinfo.patch -Patch3: gnupg-dont-fail-with-seahorse-agent.patch -Patch4: gnupg-set_umask_before_open_outfile.patch -Patch5: gnupg-detect_FIPS_mode.patch -Patch6: gnupg-add_legacy_FIPS_mode_option.patch -Patch7: gnupg-2.2.16-secmem.patch -Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch -Patch9: gnupg-add-test-cases-for-import-without-uid.patch -Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set -Patch11: gnupg-allow-large-rsa.patch -#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation -Patch12: gnupg-revert-rfc4880bis.patch -BuildRequires: expect -BuildRequires: fdupes -BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.46 -BuildRequires: libksba-devel >= 1.6.3 -BuildRequires: makeinfo -BuildRequires: npth-devel >= 1.2 -BuildRequires: openldap2-devel -BuildRequires: pkgconfig -BuildRequires: readline-devel -BuildRequires: swtpm -BuildRequires: tpm2-0-tss-devel -BuildRequires: pkgconfig(bzip2) -BuildRequires: pkgconfig(gnutls) >= 3.0 -BuildRequires: pkgconfig(libusb-1.0) -BuildRequires: pkgconfig(sqlite3) >= 3.27 -BuildRequires: pkgconfig(zlib) -# runtime dependency to support devel repository users - boo#955982 -Requires: libassuan0 >= 2.5.0 -Requires: libgcrypt20 >= 1.9.1 -Requires: libgpg-error >= 1.46 -Requires: libksba >= 1.3.4 -Requires: pinentry -Recommends: dirmngr = %{version} -Provides: gnupg = %{version} -Provides: gpg = 1.4.9 +PreReq: %install_info_prereq +Autoreqprov: on +Requires: pinentry, dirmngr, gpg Provides: newpg -Obsoletes: gpg < 1.4.9 +Obsoletes: newpg +Summary: GnuPG 2 +Version: 1.9.22 +Release: 20 +%define pthversion 2.0.7 +Source: gnupg-%{version}.tar.bz2 +Source1: pth-%{pthversion}.tar.bz2 +%define nld_build 0 +Patch2: nld-build.diff +Patch4: gnupg-1.9.22-warnings-fix.diff +Patch5: gnupg-1.9.22-ccid-driver-fix.diff +Patch6: gnupg-1.9.18-tmpdir.diff +Patch7: %{name}-%{version}-CVE-2006-6169.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -GnuPG is a hybrid-encryption software program; it uses a combination -of symmetric-key and public-key cryptography to encrypt/decrypt -messages and/or to sign and verify them. +GnuPG 2 is the successor of "GnuPG" or GPG. It provides: GPGSM, +gpg-agent, and a keybox library. -gpg2 provides GPGSM, gpg-agent, and a keybox library. -%package -n dirmngr -Summary: Keyserver, CRL, and OCSP access for GnuPG -Group: Productivity/Networking/Security -%description -n dirmngr -Since version 2.1 of GnuPG, dirmngr takes care of accessing the OpenPGP -keyservers. As with previous versions it is also used as a server for managing -and downloading certificate -revocation lists (CRLs) for X.509 certificates, downloading X.509 certificates, -and providing access to OCSP providers. Dirmngr is invoked internally by gpg, -gpgsm, or via the gpg-connect-agent tool. - -%package tpm -Summary: TPM2 support for GnuPG -Group: Productivity/Networking/Security - -%description tpm -Version 2.3 of GnuPG introduced support for converting GPG private -keys to TPM2 wrapped form. This package enables that support. The -keytotpm command will not function unless this package is installed. - -%lang_package +Authors: +-------- + Werner Koch + Neal H. Walfield %prep -%autosetup -p1 -n gnupg-%{version} - -# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch -# to not have man pages and info files have the build date (boo#1047218) -touch -d 2018-05-04 doc/gpg.texi +%setup -q -n gnupg-%{version} -b 1 +%if %nld_build +%patch2 +%endif +%patch4 +%patch5 +%patch6 +%patch7 %build -date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) -%configure \ - --libexecdir=%{_libdir} \ - --docdir=%{_docdir}/%{name} \ - --with-agent-pgm=%{_bindir}/gpg-agent \ - --with-pinentry-pgm=%{_bindir}/pinentry \ - --with-dirmngr-pgm=%{_bindir}/dirmngr \ - --with-scdaemon-pgm=%{_bindir}/scdaemon \ - --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ - --disable-rpath \ - --enable-ldap \ - --enable-gpgsm=yes \ - --enable-gpgtar \ - --enable-g13 \ - --enable-large-secmem \ - --enable-wks-tools \ - --with-gnu-ld \ - --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ - --with-tss=intel \ - --enable-all-tests \ - --enable-build-timestamp=${date} \ - --enable-gpg-is-gpg2 - -%make_build +export CFLAGS="$RPM_OPT_FLAGS" +cd ../pth-%pthversion +./configure --disable-shared +make +make test +cd - +# opensc should be added to neededforbuild, but the support +# in gpg2 is broken atm. +export CFLAGS="$RPM_OPT_FLAGS -I$PWD/../pth-%pthversion" +export LDFLAGS="-L$PWD/../pth-%pthversion/.libs" +export PATH="$PWD/../pth-%pthversion/:$PATH" +autoreconf -fi +./configure \ + --prefix=%{_prefix} \ + --sysconfdir=/etc \ + --libdir=%{_libdir} \ + --infodir=%{_infodir} \ + --with-agent-pgm=%{_prefix}/bin/gpg-agent \ + --with-pinentry-pgm=%{_prefix}/bin/pinentry \ + --with-dirmngr-pgm=%{_prefix}/bin/dirmngr \ + --enable-ldap \ + --enable-external-hkp \ + --enable-shared \ + --enable-gpgsm=yes \ + --enable-gpg \ + --enable-static-rnd=linux \ + --with-gnu-ld \ + --mandir=%{_mandir} \ + --libexecdir=%{_libdir} \ + --program-prefix="" %{_target_cpu}-suse-linux \ + --with-scdaemon-pgm=%{_prefix}/bin/scdaemon + +make %install -%make_install -mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ -# install gpgconf.conf bnc#391347 -install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg -# delete to prevent fdupes from creating cross-partition hardlink -rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf -# remove info dir -rm %{buildroot}%{_infodir}/dir -# compat symlinks -ln -sf gpg2 %{buildroot}%{_bindir}/gpg -ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv -ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 -ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 -# fix rpmlint invalid-lc-messages-dir: -rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot -# install scdaemon to %%{_bindir} (bnc#863645) -mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} -mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} -# install tpm2daemon -mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir} -# install udev rules for scdaemon -install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules - -%find_lang gnupg2 -%fdupes -s %{buildroot} - -%check -%make_build check || : +make DESTDIR=$RPM_BUILD_ROOT install +rm $RPM_BUILD_ROOT/usr/share/info/dir %post -%udev_rules_update +%install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz -%files lang -f gnupg2.lang +%postun +%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz %files -%license COPYING* -%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ -%{_infodir}/gnupg* -%exclude %{_mandir}/*/dirmngr*%{ext_man} -%{_mandir}/*/*%{ext_man} -%doc %{_docdir}/%{name} -%exclude %{_bindir}/dirmngr* -%exclude %{_bindir}/tpm2daemon* -%{_bindir}/* -%{_libdir}/[^d]* -%{_sbindir}/addgnupghome -%{_sbindir}/applygnupgdefaults -%{_sbindir}/g13-syshelp -%{_udevrulesdir}/60-scdaemon.rules -%{_datadir}/gnupg -%dir %{_sysconfdir}/gnupg -%config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf +%defattr(-,root,root) +%doc ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO VERSION +%doc %_infodir/gnupg* +/usr/bin/* +%{_libdir}/gnupg +%{_libdir}/gpg-protect-tool +%{_libdir}/gpg-preset-passphrase +/usr/sbin/addgnupghome +/usr/share/locale/de/LC_MESSAGES/gnupg2.mo +/usr/share/gnupg -%files -n dirmngr -%license COPYING* -%{_mandir}/*/dirmngr*%{ext_man} -%{_bindir}/dirmngr* - -%files tpm -%{_bindir}/tpm2daemon* - -%changelog +%changelog -n gpg2 +* Thu Nov 30 2006 - anicka@suse.cz +- fix overflow in openfile.c (CVE-2006-6169, #224108) +* Mon Sep 11 2006 - pnemec@suse.cz +- updated gnupg to new version 1.9.22 + Enhanced pkcs#12 support + Support for the CardMan 4040 PCMCIA + Collected bug fixes +- updated pth library to 2.0.7 +- changed using pinetry-qt to pinentry +- removed -cfb.diff -signature.patch -cap_large_uid.patch patches + they are no longer needed +- change patch -warnings-fix.diff -ccid-driver-fix.diff +* Thu Aug 17 2006 - pnemec@suse.de +- remove unused package in build requires +* Wed Aug 09 2006 - pnemec@suse.cz +- fix spec file to build with new gettext 0.15 +* Mon Aug 07 2006 - pnemec@suse.cz +- fixed security fix with large uid CVE-2006-3746 [#195569] +* Thu Feb 23 2006 - pnemec@suse.cz +- fixed signature security problem CVE-2006-0455 (bugzilla#150742) +* Thu Feb 02 2006 - pnemec@suse.cz +- fixed install info in spec file +* Thu Jan 26 2006 - sbrabec@suse.cz +- Added missing %%install_info. +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Aug 05 2005 - postadal@suse.cz +- updated to version to 1.9.18 +- removed obsoleted gcc patch +- added patch tmpdir.diff for using $TMPDIR by gpg-agent [#bug95732] +* Tue Jul 12 2005 - postadal@suse.cz +- updated to version to 1.9.17 +- updated pth to version 2.0.4 +- removed obsoleted patch agent-cache-fix.diff +- fixed ccid-driver.c +- fixed gcc4 +- explicitly enabled gpg building in configure +* Thu Mar 24 2005 - postadal@suse.cz +- fixed caching passphrase in gpg-agent [#71975] +* Tue Mar 22 2005 - postadal@suse.cz +- fixed on 64bit archs [#72440] +* Wed Feb 23 2005 - postadal@suse.cz +- security fix for cfb-cipher issue [#65862] +* Wed Jan 12 2005 - postadal@suse.cz +- update to version 1.9.14 +- removed obsoleted patch automake-fixes.diff +* Tue Sep 28 2004 - adrian@suse.de +- link against libpth staticaly to make S/MIME support in kmail + usable. Hopefully we can convert this to a native thread implementation + later. (#46260) +* Sat Jul 31 2004 - adrian@suse.de +- update to version 1.9.10 +* Tue Jul 20 2004 - adrian@suse.de +- remove openct and opensc packages from nfb + (we will need thread support, when enabling card reader support, + but it isn't anyway implemented yet in gpg2) +* Mon Jul 12 2004 - adrian@suse.de +- use GnuPG 2 sources version 1.9.9 +- opensc support misses some functions atm, support disabled for now +- threading is disabled, since we do not have a pth package for now +- prepare for nld +* Thu Feb 26 2004 - postadal@suse.cz +- adapted some functions to the libgcrypt version 1.1.91 [#34987] +- added libgpg-error to needforbuild flag +* Wed Feb 18 2004 - kukuk@suse.de +- Don't build against libpth. +* Tue Feb 10 2004 - postadal@suse.cz +- fixed code that broke strict aliasing +* Fri Dec 05 2003 - garloff@suse.de +- disable core dumpe in child after forking. [#33499] +* Mon Aug 11 2003 - adrian@suse.de +- cleanup #neededforbuild and requires +* Mon Aug 04 2003 - ro@suse.de +- added openct to neededforbuild +* Fri Jul 18 2003 - mc@suse.de +- build against opensc +* Thu Jun 19 2003 - schwab@suse.de +- Add %%install_info. +* Mon Mar 17 2003 - adrian@suse.de +- add signal handler to check if the parent is still alive and + exit if not +- use pinentry-qt by default (/usr/bin/pinentry do not exist) +* Tue Feb 11 2003 - mc@suse.de +- initial release diff --git a/nld-build.diff b/nld-build.diff new file mode 100644 index 0000000..4702d50 --- /dev/null +++ b/nld-build.diff @@ -0,0 +1,82 @@ +--- agent/Makefile.am ++++ agent/Makefile.am +@@ -46,7 +46,7 @@ + + gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \ + $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) \ +- -lgpg-error @LIBINTL@ ++ -lgpg-error-nld @LIBINTL@ + + gpg_protect_tool_SOURCES = \ + protect-tool.c \ +@@ -55,7 +55,7 @@ + + gpg_protect_tool_LDADD = ../common/libsimple-pwquery.a \ + ../jnlib/libjnlib.a ../common/libcommon.a \ +- $(LIBGCRYPT_LIBS) -lgpg-error @LIBINTL@ ++ $(LIBGCRYPT_LIBS) -lgpg-error-nld @LIBINTL@ + if HAVE_W32_SYSTEM + gpg_protect_tool_LDADD += -lwsock32 + endif +@@ -65,7 +65,7 @@ + + gpg_preset_passphrase_LDADD = ../common/libsimple-pwquery.a \ + ../jnlib/libjnlib.a ../common/libcommon.a \ +- $(LIBGCRYPT_LIBS) -lgpg-error @LIBINTL@ ++ $(LIBGCRYPT_LIBS) -lgpg-error-nld @LIBINTL@ + if HAVE_W32_SYSTEM + gpg_preset_passphrase_LDADD += -lwsock32 + endif +--- g10/Makefile.am ++++ g10/Makefile.am +@@ -109,8 +109,8 @@ + # $(common_source) + + LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ @W32LIBS@ +-gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error +-gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error ++gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error-nld ++gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error-nld + + $(PROGRAMS): $(needed_libs) + +--- kbx/Makefile.am ++++ kbx/Makefile.am +@@ -46,5 +46,5 @@ + # Note that libcommon is only required to resolve the LIBOBJS. + kbxutil_SOURCES = kbxutil.c $(common_sources) + kbxutil_LDADD = ../jnlib/libjnlib.a $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \ +- -lgpg-error $(LIBINTL) ../common/libcommon.a ++ -lgpg-error-nld $(LIBINTL) ../common/libcommon.a + +--- scd/Makefile.am ++++ scd/Makefile.am +@@ -54,7 +54,7 @@ + + scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \ + $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(pth_libs) $(LIBASSUAN_LIBS) \ +- $(LIBUSB_LIBS) $(OPENSC_LIBS) -lgpg-error $(LIBINTL) $(DL_LIBS) ++ $(LIBUSB_LIBS) $(OPENSC_LIBS) -lgpg-error-nld $(LIBINTL) $(DL_LIBS) + + sc_copykeys_SOURCES = \ + sc-copykeys.c scdaemon.h \ +@@ -70,7 +70,7 @@ + ../common/libsimple-pwquery.a \ + $(LIBGCRYPT_LIBS) $(pth_libs) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \ + $(LIBUSB_LIBS) $(OPENSC_LIBS) \ +- -lgpg-error @LIBINTL@ @DL_LIBS@ ++ -lgpg-error-nld @LIBINTL@ @DL_LIBS@ + + pcsc_wrapper_SOURCES = pcsc-wrapper.c + pcsc_wrapper_LDADD = $(DL_LIBS) +--- sm/Makefile.am ++++ sm/Makefile.am +@@ -53,7 +53,7 @@ + + gpgsm_LDADD = ../jnlib/libjnlib.a ../kbx/libkeybox.a \ + ../common/libcommon.a \ +- $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error \ ++ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error-nld \ + $(LIBINTL) + + diff --git a/pth-2.0.7.tar.bz2 b/pth-2.0.7.tar.bz2 new file mode 100644 index 0000000..c2a072b --- /dev/null +++ b/pth-2.0.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:075705004ec9a6b19fe8b00af4f2c45ec2a0008d78cedea571265d0b544c7a90 +size 507473 diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/scdaemon.udev b/scdaemon.udev deleted file mode 100644 index 1c9e1e2..0000000 --- a/scdaemon.udev +++ /dev/null @@ -1,65 +0,0 @@ -# do not edit this file, it will be overwritten on update - -SUBSYSTEM!="usb", GOTO="gnupg_rules_end" -ACTION!="add", GOTO="gnupg_rules_end" - -# USB SmartCard Readers -## Cherry GmbH (XX33, ST2000) -SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and SPR532) -SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Omnikey AG (CardMan 3821, CardMan 6121) -SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Gemalto -SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Reiner (SCT cyberJack) -SUBSYSTEM=="usb", ATTR{idVendor}=="0c4b", ATTR{idProduct}=="0500", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Kobil (KAAN) -SUBSYSTEM=="usb", ATTR{idVendor}=="0d46", ATTR{idProduct}=="2012", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## VASCO (DIGIPASS 920) -SUBSYSTEM=="usb", ATTR{idVendor}=="1a44", ATTR{idProduct}=="0920", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Crypto Stick -SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Nitrokey -SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Gnuk Token -SUBSYSTEM=="usb", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Alcor Micro Corp cardreader (in ThinkPad X250) -SUBSYSTEM=="usb", ATTR{idVendor}=="058f", ATTR{idProduct}=="9540", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Fujitsu Siemens -SUBSYSTEM=="usb", ATTR{idVendor}=="0bf8", ATTR{idProduct}=="1006", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Yubico -# Yubikey NEO OTP+CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -# Yubikey NEO CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0112", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -# Yubikey NEO U2F+CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -# Yubikey NEO OTP+U2F+CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -# Yubikey 4 CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0404", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -# Yubikey 4 OTP+CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -# Yubikey 4 U2F+CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -# Yubikey 4 OTP+U2F+CCID -SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" -## Trustica Cryptoucan -SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", ATTR{idProduct}=="81e6", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" - -LABEL="gnupg_rules_end" From 5d7e27a32560b474d87a4335e95271345f74049698933d545426804a8590ba39 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 29 Jan 2007 15:59:51 +0000 Subject: [PATCH 002/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=2 --- gnupg-1.9.22-warnings-fix.diff | 66 ---------------------------------- gnupg-1.9.22.tar.bz2 | 3 -- gnupg-2.0.1rc1.tar.bz2 | 3 ++ gnupg-vasprintf.diff | 12 +++++++ gpg2.changes | 6 ++++ gpg2.spec | 36 ++++++++----------- pth-2.0.7.tar.bz2 | 3 -- 7 files changed, 35 insertions(+), 94 deletions(-) delete mode 100644 gnupg-1.9.22-warnings-fix.diff delete mode 100644 gnupg-1.9.22.tar.bz2 create mode 100644 gnupg-2.0.1rc1.tar.bz2 create mode 100644 gnupg-vasprintf.diff delete mode 100644 pth-2.0.7.tar.bz2 diff --git a/gnupg-1.9.22-warnings-fix.diff b/gnupg-1.9.22-warnings-fix.diff deleted file mode 100644 index 6ad5a7c..0000000 --- a/gnupg-1.9.22-warnings-fix.diff +++ /dev/null @@ -1,66 +0,0 @@ -Index: agent/gpg-agent.c -=================================================================== ---- agent/gpg-agent.c.orig -+++ agent/gpg-agent.c -@@ -1621,7 +1621,7 @@ check_for_running_agent (int mode) - int rc; - char *infostr, *p; - assuan_context_t ctx; -- int prot, pid; -+ int prot=0, pid=0; - - if (!mode) - { -Index: g10/pubkey-enc.c -=================================================================== ---- g10/pubkey-enc.c.orig -+++ g10/pubkey-enc.c -@@ -154,7 +154,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, P - int rc; - gcry_mpi_t plain_dek = NULL; - byte *frame = NULL; -- unsigned n, nframe; -+ size_t n, nframe; - u16 csum, csum2; - - int card = 0; -@@ -166,7 +166,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, P - size_t rbuflen; - char *snbuf; - unsigned char *indata = NULL; -- unsigned int indatalen; -+ size_t int indatalen; - - snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk); - -Index: g10/seckey-cert.c -=================================================================== ---- g10/seckey-cert.c.orig -+++ g10/seckey-cert.c -@@ -107,7 +107,7 @@ do_check( PKT_secret_key *sk, const char - - csum = 0; - if( sk->version >= 4 ) { -- int ndata; -+ size_t ndata; - unsigned int ndatabits; - byte *p, *data; - u16 csumc = 0; -@@ -337,7 +337,7 @@ protect_secret_key( PKT_secret_key *sk, - { - int i,j, rc = 0; - byte *buffer; -- unsigned nbytes; -+ size_t nbytes; - u16 csum; - - if( !dek ) -@@ -370,7 +370,7 @@ protect_secret_key( PKT_secret_key *sk, - gcry_cipher_setiv (cipher_hd, sk->protect.iv, sk->protect.ivlen); - if( sk->version >= 4 ) { - byte *bufarr[PUBKEY_MAX_NSKEY]; -- unsigned narr[PUBKEY_MAX_NSKEY]; -+ size_t narr[PUBKEY_MAX_NSKEY]; - unsigned nbits[PUBKEY_MAX_NSKEY]; - int ndata=0; - byte *p, *data; diff --git a/gnupg-1.9.22.tar.bz2 b/gnupg-1.9.22.tar.bz2 deleted file mode 100644 index a96a6fd..0000000 --- a/gnupg-1.9.22.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2e4472e00c14c881ee1f93deddbe91d3c520311839f30d336ca48a51939e45cf -size 1908546 diff --git a/gnupg-2.0.1rc1.tar.bz2 b/gnupg-2.0.1rc1.tar.bz2 new file mode 100644 index 0000000..a9e2793 --- /dev/null +++ b/gnupg-2.0.1rc1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a7b24f620eff77f929510b248877c2135e716cdfb01a434dc0761f87b70f331d +size 3926131 diff --git a/gnupg-vasprintf.diff b/gnupg-vasprintf.diff new file mode 100644 index 0000000..7331987 --- /dev/null +++ b/gnupg-vasprintf.diff @@ -0,0 +1,12 @@ +diff -ur gnupg-1.4.6-orig/g10/parse-packet.c gnupg-1.4.6/g10/parse-packet.c +--- g10/parse-packet.c 2006-10-23 15:45:54.000000000 +0200 ++++ g10/parse-packet.c 2007-01-14 03:59:11.089877376 +0100 +@@ -1533,7 +1533,7 @@ + buf = p = xmalloc (2 + nbytes); + *p++ = nbits >> 8; + *p++ = nbits; +- for (; nbytes && length; nbytes--, --*length) ++ for (; nbytes && *length; nbytes--, --*length) + *p++ = iobuf_get (inp); + if (nbytes) + { diff --git a/gpg2.changes b/gpg2.changes index e75054f..4708c55 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jan 29 16:22:15 CET 2007 - ltinkl@suse.cz + +- fix #221212 - gpg2 is not updated and do not contain documentation +- fix #233525 - gpg1/2: bug in vasprintf() implementation + ------------------------------------------------------------------- Thu Nov 30 16:59:25 CET 2006 - anicka@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 1f576a7..198decb 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # -# spec file for package gpg2 (Version 1.9.22) +# spec file for package gpg2 (Version 2.0.1rc1) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -11,7 +11,7 @@ # norootforbuild Name: gpg2 -BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite +BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite pth readline-devel URL: http://www.gnupg.org/aegypten2/ License: GNU General Public License (GPL) Group: Productivity/Networking/Security @@ -21,17 +21,15 @@ Requires: pinentry, dirmngr, gpg Provides: newpg Obsoletes: newpg Summary: GnuPG 2 -Version: 1.9.22 -Release: 20 -%define pthversion 2.0.7 +Version: 2.0.1rc1 +Release: 1 Source: gnupg-%{version}.tar.bz2 -Source1: pth-%{pthversion}.tar.bz2 %define nld_build 0 Patch2: nld-build.diff -Patch4: gnupg-1.9.22-warnings-fix.diff +Patch4: gnupg-vasprintf.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff -Patch7: %{name}-%{version}-CVE-2006-6169.diff +Patch7: %{name}-1.9.22-CVE-2006-6169.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -46,7 +44,7 @@ Authors: Neal H. Walfield %prep -%setup -q -n gnupg-%{version} -b 1 +%setup -q -n gnupg-%{version} %if %nld_build %patch2 %endif @@ -57,16 +55,8 @@ Authors: %build export CFLAGS="$RPM_OPT_FLAGS" -cd ../pth-%pthversion -./configure --disable-shared -make -make test -cd - # opensc should be added to neededforbuild, but the support # in gpg2 is broken atm. -export CFLAGS="$RPM_OPT_FLAGS -I$PWD/../pth-%pthversion" -export LDFLAGS="-L$PWD/../pth-%pthversion/.libs" -export PATH="$PWD/../pth-%pthversion/:$PATH" autoreconf -fi ./configure \ --prefix=%{_prefix} \ @@ -104,15 +94,17 @@ rm $RPM_BUILD_ROOT/usr/share/info/dir %defattr(-,root,root) %doc ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO VERSION %doc %_infodir/gnupg* +%doc %{_mandir}/*/*.gz /usr/bin/* -%{_libdir}/gnupg -%{_libdir}/gpg-protect-tool -%{_libdir}/gpg-preset-passphrase +%{_libdir}/* /usr/sbin/addgnupghome -/usr/share/locale/de/LC_MESSAGES/gnupg2.mo +/usr/share/locale/*/LC_MESSAGES/gnupg2.mo /usr/share/gnupg %changelog -n gpg2 +* Mon Jan 29 2007 - ltinkl@suse.cz +- fix #221212 - gpg2 is not updated and do not contain documentation +- fix #233525 - gpg1/2: bug in vasprintf() implementation * Thu Nov 30 2006 - anicka@suse.cz - fix overflow in openfile.c (CVE-2006-6169, #224108) * Mon Sep 11 2006 - pnemec@suse.cz diff --git a/pth-2.0.7.tar.bz2 b/pth-2.0.7.tar.bz2 deleted file mode 100644 index c2a072b..0000000 --- a/pth-2.0.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:075705004ec9a6b19fe8b00af4f2c45ec2a0008d78cedea571265d0b544c7a90 -size 507473 From 29186f1901d7b0100502e1c8cba32e14256d1202b7c0b8e31a735553fffe1a2f Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 29 Jan 2007 23:52:49 +0000 Subject: [PATCH 003/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=3 --- gpg2.changes | 5 +++++ gpg2.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 4708c55..8ca3050 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Jan 30 00:34:50 CET 2007 - ro@suse.de + +- fix build (exclude possible debuginfo directory) + ------------------------------------------------------------------- Mon Jan 29 16:22:15 CET 2007 - ltinkl@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 198decb..f802031 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -22,7 +22,7 @@ Provides: newpg Obsoletes: newpg Summary: GnuPG 2 Version: 2.0.1rc1 -Release: 1 +Release: 2 Source: gnupg-%{version}.tar.bz2 %define nld_build 0 Patch2: nld-build.diff @@ -96,12 +96,14 @@ rm $RPM_BUILD_ROOT/usr/share/info/dir %doc %_infodir/gnupg* %doc %{_mandir}/*/*.gz /usr/bin/* -%{_libdir}/* +%{_libdir}/[^d]* /usr/sbin/addgnupghome /usr/share/locale/*/LC_MESSAGES/gnupg2.mo /usr/share/gnupg %changelog -n gpg2 +* Tue Jan 30 2007 - ro@suse.de +- fix build (exclude possible debuginfo directory) * Mon Jan 29 2007 - ltinkl@suse.cz - fix #221212 - gpg2 is not updated and do not contain documentation - fix #233525 - gpg1/2: bug in vasprintf() implementation From e4875aeba8cb5fec2c3538507e38439a2e71a5be64f03558ae476b0c0f0c9116 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 15 Feb 2007 17:18:20 +0000 Subject: [PATCH 004/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=4 --- gpg2.changes | 5 +++++ gpg2.spec | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 8ca3050..990df12 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 14 15:14:44 CET 2007 - ltinkl@suse.cz + +- fix file conflicts with gpg (#242133) + ------------------------------------------------------------------- Tue Jan 30 00:34:50 CET 2007 - ro@suse.de diff --git a/gpg2.spec b/gpg2.spec index f802031..d523ae5 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -22,7 +22,7 @@ Provides: newpg Obsoletes: newpg Summary: GnuPG 2 Version: 2.0.1rc1 -Release: 2 +Release: 5 Source: gnupg-%{version}.tar.bz2 %define nld_build 0 Patch2: nld-build.diff @@ -83,6 +83,8 @@ make %install make DESTDIR=$RPM_BUILD_ROOT install rm $RPM_BUILD_ROOT/usr/share/info/dir +rm $RPM_BUILD_ROOT/usr/share/gnupg/FAQ +rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz @@ -92,7 +94,7 @@ rm $RPM_BUILD_ROOT/usr/share/info/dir %files %defattr(-,root,root) -%doc ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO VERSION +%doc ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO VERSION doc/FAQ doc/faq.html %doc %_infodir/gnupg* %doc %{_mandir}/*/*.gz /usr/bin/* @@ -102,6 +104,8 @@ rm $RPM_BUILD_ROOT/usr/share/info/dir /usr/share/gnupg %changelog -n gpg2 +* Wed Feb 14 2007 - ltinkl@suse.cz +- fix file conflicts with gpg (#242133) * Tue Jan 30 2007 - ro@suse.de - fix build (exclude possible debuginfo directory) * Mon Jan 29 2007 - ltinkl@suse.cz From 0280a2d1326f35ac7eb3877929b1e3fce61dea2aee2017991d160a6b98697118 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 30 Mar 2007 00:08:34 +0000 Subject: [PATCH 005/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=5 --- gpg2.changes | 5 +++++ gpg2.spec | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 990df12..0ae0a71 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Mar 30 01:58:56 CEST 2007 - ro@suse.de + +- added zlib-devel to buildreq + ------------------------------------------------------------------- Wed Feb 14 15:14:44 CET 2007 - ltinkl@suse.cz diff --git a/gpg2.spec b/gpg2.spec index d523ae5..340a7a3 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -11,7 +11,7 @@ # norootforbuild Name: gpg2 -BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite pth readline-devel +BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite pth readline-devel zlib-devel URL: http://www.gnupg.org/aegypten2/ License: GNU General Public License (GPL) Group: Productivity/Networking/Security @@ -22,7 +22,7 @@ Provides: newpg Obsoletes: newpg Summary: GnuPG 2 Version: 2.0.1rc1 -Release: 5 +Release: 10 Source: gnupg-%{version}.tar.bz2 %define nld_build 0 Patch2: nld-build.diff @@ -103,7 +103,9 @@ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html /usr/share/locale/*/LC_MESSAGES/gnupg2.mo /usr/share/gnupg -%changelog -n gpg2 +%changelog +* Fri Mar 30 2007 - ro@suse.de +- added zlib-devel to buildreq * Wed Feb 14 2007 - ltinkl@suse.cz - fix file conflicts with gpg (#242133) * Tue Jan 30 2007 - ro@suse.de From 20069d6d5fab7c9de83a7be3e6bc0ecb905bad5234a4579c8b63827e7673168c Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 4 Apr 2007 18:30:29 +0000 Subject: [PATCH 006/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=6 --- gnupg-2.0.1rc1.tar.bz2 | 3 --- gnupg-2.0.3.tar.bz2 | 3 +++ gnupg-vasprintf.diff | 12 ------------ gpg2-1.9.22-CVE-2006-6169.diff | 13 ------------- gpg2.changes | 7 +++++++ gpg2.spec | 15 ++++++++------- 6 files changed, 18 insertions(+), 35 deletions(-) delete mode 100644 gnupg-2.0.1rc1.tar.bz2 create mode 100644 gnupg-2.0.3.tar.bz2 delete mode 100644 gnupg-vasprintf.diff delete mode 100644 gpg2-1.9.22-CVE-2006-6169.diff diff --git a/gnupg-2.0.1rc1.tar.bz2 b/gnupg-2.0.1rc1.tar.bz2 deleted file mode 100644 index a9e2793..0000000 --- a/gnupg-2.0.1rc1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a7b24f620eff77f929510b248877c2135e716cdfb01a434dc0761f87b70f331d -size 3926131 diff --git a/gnupg-2.0.3.tar.bz2 b/gnupg-2.0.3.tar.bz2 new file mode 100644 index 0000000..5ed6e22 --- /dev/null +++ b/gnupg-2.0.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d6c45386458d04cd56ceedad998f5aaf67e46e18d408a8e3658160aaf7751a86 +size 3965529 diff --git a/gnupg-vasprintf.diff b/gnupg-vasprintf.diff deleted file mode 100644 index 7331987..0000000 --- a/gnupg-vasprintf.diff +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur gnupg-1.4.6-orig/g10/parse-packet.c gnupg-1.4.6/g10/parse-packet.c ---- g10/parse-packet.c 2006-10-23 15:45:54.000000000 +0200 -+++ g10/parse-packet.c 2007-01-14 03:59:11.089877376 +0100 -@@ -1533,7 +1533,7 @@ - buf = p = xmalloc (2 + nbytes); - *p++ = nbits >> 8; - *p++ = nbits; -- for (; nbytes && length; nbytes--, --*length) -+ for (; nbytes && *length; nbytes--, --*length) - *p++ = iobuf_get (inp); - if (nbytes) - { diff --git a/gpg2-1.9.22-CVE-2006-6169.diff b/gpg2-1.9.22-CVE-2006-6169.diff deleted file mode 100644 index 80311f2..0000000 --- a/gpg2-1.9.22-CVE-2006-6169.diff +++ /dev/null @@ -1,13 +0,0 @@ ---- g10/openfile.c -+++ g10/openfile.c -@@ -144,8 +144,8 @@ - - s = _("Enter new filename"); - -- n = strlen(s) + namelen + 10; - defname = name && namelen? make_printable_string( name, namelen, 0): NULL; -+ n = strlen(s) + (defname?strlen (defname):0) + 10; - prompt = xmalloc(n); - if( defname ) - sprintf(prompt, "%s [%s]: ", s, defname ); - diff --git a/gpg2.changes b/gpg2.changes index 0ae0a71..ba8eabd 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Apr 4 12:42:06 CEST 2007 - ltinkl@suse.cz + +- update to 2.0.3 +- fixed #251605 - VUL-0: signing issues within GNUPG +- removed outdated patches + ------------------------------------------------------------------- Fri Mar 30 01:58:56 CEST 2007 - ro@suse.de diff --git a/gpg2.spec b/gpg2.spec index 340a7a3..1bc42d1 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.1rc1) +# spec file for package gpg2 (Version 2.0.3) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -21,15 +21,13 @@ Requires: pinentry, dirmngr, gpg Provides: newpg Obsoletes: newpg Summary: GnuPG 2 -Version: 2.0.1rc1 -Release: 10 +Version: 2.0.3 +Release: 1 Source: gnupg-%{version}.tar.bz2 %define nld_build 0 Patch2: nld-build.diff -Patch4: gnupg-vasprintf.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff -Patch7: %{name}-1.9.22-CVE-2006-6169.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -48,10 +46,8 @@ Authors: %if %nld_build %patch2 %endif -%patch4 %patch5 %patch6 -%patch7 %build export CFLAGS="$RPM_OPT_FLAGS" @@ -100,10 +96,15 @@ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html /usr/bin/* %{_libdir}/[^d]* /usr/sbin/addgnupghome +/usr/sbin/applygnupgdefaults /usr/share/locale/*/LC_MESSAGES/gnupg2.mo /usr/share/gnupg %changelog +* Wed Apr 04 2007 - ltinkl@suse.cz +- update to 2.0.3 +- fixed #251605 - VUL-0: signing issues within GNUPG +- removed outdated patches * Fri Mar 30 2007 - ro@suse.de - added zlib-devel to buildreq * Wed Feb 14 2007 - ltinkl@suse.cz From 7234d5adcc129605c0c31df071954a9f84ebd8542c858422503da6d87a223862 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 11 May 2007 13:35:54 +0000 Subject: [PATCH 007/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=7 --- gnupg-2.0.3.tar.bz2 | 3 --- gnupg-2.0.4-svn4472.tar.bz2 | 3 +++ gpg2.changes | 5 +++++ gpg2.spec | 10 ++++++---- 4 files changed, 14 insertions(+), 7 deletions(-) delete mode 100644 gnupg-2.0.3.tar.bz2 create mode 100644 gnupg-2.0.4-svn4472.tar.bz2 diff --git a/gnupg-2.0.3.tar.bz2 b/gnupg-2.0.3.tar.bz2 deleted file mode 100644 index 5ed6e22..0000000 --- a/gnupg-2.0.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d6c45386458d04cd56ceedad998f5aaf67e46e18d408a8e3658160aaf7751a86 -size 3965529 diff --git a/gnupg-2.0.4-svn4472.tar.bz2 b/gnupg-2.0.4-svn4472.tar.bz2 new file mode 100644 index 0000000..5cbed79 --- /dev/null +++ b/gnupg-2.0.4-svn4472.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4fdcba0d8df14e4ab0d963a9314858974fff43d223ecc42e1cfc339fd23884e4 +size 3530028 diff --git a/gpg2.changes b/gpg2.changes index ba8eabd..1b25797 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri May 11 13:20:19 CEST 2007 - ltinkl@suse.cz + +- updated to 2.0.4 stable snapshot + ------------------------------------------------------------------- Wed Apr 4 12:42:06 CEST 2007 - ltinkl@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 1bc42d1..d1ebb1f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.3) +# spec file for package gpg2 (Version 2.0.4) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -21,9 +21,9 @@ Requires: pinentry, dirmngr, gpg Provides: newpg Obsoletes: newpg Summary: GnuPG 2 -Version: 2.0.3 +Version: 2.0.4 Release: 1 -Source: gnupg-%{version}.tar.bz2 +Source: gnupg-%{version}-svn4472.tar.bz2 %define nld_build 0 Patch2: nld-build.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff @@ -42,7 +42,7 @@ Authors: Neal H. Walfield %prep -%setup -q -n gnupg-%{version} +%setup -q -n gnupg-%{version}-svn4472 %if %nld_build %patch2 %endif @@ -101,6 +101,8 @@ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html /usr/share/gnupg %changelog +* Fri May 11 2007 - ltinkl@suse.cz +- updated to 2.0.4 stable snapshot * Wed Apr 04 2007 - ltinkl@suse.cz - update to 2.0.3 - fixed #251605 - VUL-0: signing issues within GNUPG From a81a7536b26749a1227ef5fbc807ed0e9f8182638b01ec2312a3fefa02f386ca Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 16 May 2007 14:20:18 +0000 Subject: [PATCH 008/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=8 --- gpg2.changes | 5 +++++ gpg2.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 1b25797..76ea382 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 16 14:27:28 CEST 2007 - ltinkl@suse.cz + +- remove gpg from Require's (#273491) + ------------------------------------------------------------------- Fri May 11 13:20:19 CEST 2007 - ltinkl@suse.cz diff --git a/gpg2.spec b/gpg2.spec index d1ebb1f..f22eccd 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,12 +17,12 @@ License: GNU General Public License (GPL) Group: Productivity/Networking/Security PreReq: %install_info_prereq Autoreqprov: on -Requires: pinentry, dirmngr, gpg +Requires: pinentry, dirmngr Provides: newpg Obsoletes: newpg Summary: GnuPG 2 Version: 2.0.4 -Release: 1 +Release: 3 Source: gnupg-%{version}-svn4472.tar.bz2 %define nld_build 0 Patch2: nld-build.diff @@ -101,6 +101,8 @@ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html /usr/share/gnupg %changelog +* Wed May 16 2007 - ltinkl@suse.cz +- remove gpg from Require's (#273491) * Fri May 11 2007 - ltinkl@suse.cz - updated to 2.0.4 stable snapshot * Wed Apr 04 2007 - ltinkl@suse.cz From ff211a1658037c5e8d7e2284928ef7d5707ee49f8adbf2b7d4b9039381eecc6e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 23 May 2007 21:18:51 +0000 Subject: [PATCH 009/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=9 --- gpg2.changes | 5 +++++ gpg2.spec | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 76ea382..5e9f4e9 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 23 19:02:45 CEST 2007 - dmueller@suse.de + +- add libusb-devel build requires + ------------------------------------------------------------------- Wed May 16 14:27:28 CEST 2007 - ltinkl@suse.cz diff --git a/gpg2.spec b/gpg2.spec index f22eccd..a9a9d94 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -11,7 +11,8 @@ # norootforbuild Name: gpg2 -BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite pth readline-devel zlib-devel +BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite +BuildRequires: libusb-devel pth readline-devel zlib-devel URL: http://www.gnupg.org/aegypten2/ License: GNU General Public License (GPL) Group: Productivity/Networking/Security @@ -22,7 +23,7 @@ Provides: newpg Obsoletes: newpg Summary: GnuPG 2 Version: 2.0.4 -Release: 3 +Release: 8 Source: gnupg-%{version}-svn4472.tar.bz2 %define nld_build 0 Patch2: nld-build.diff @@ -101,6 +102,8 @@ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html /usr/share/gnupg %changelog +* Wed May 23 2007 - dmueller@suse.de +- add libusb-devel build requires * Wed May 16 2007 - ltinkl@suse.cz - remove gpg from Require's (#273491) * Fri May 11 2007 - ltinkl@suse.cz From a4a91758f736eb84fd79a99518efa0a8213f42b588feb78b56e5e79e127dcdb3 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 21 Jun 2007 19:56:01 +0000 Subject: [PATCH 010/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=10 --- gnupg-2.0.4-install_tools.diff | 146 +++++++++++++++++++++++++++++++++ gpg2.changes | 8 ++ gpg2.spec | 21 ++++- 3 files changed, 171 insertions(+), 4 deletions(-) create mode 100644 gnupg-2.0.4-install_tools.diff diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff new file mode 100644 index 0000000..33d7cc0 --- /dev/null +++ b/gnupg-2.0.4-install_tools.diff @@ -0,0 +1,146 @@ +--- common/Makefile.am ++++ common/Makefile.am +@@ -26,7 +26,7 @@ + + AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl + +-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) ++AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -fPIC + + common_sources = \ + common-defs.h \ +--- common/Makefile.in ++++ common/Makefile.in +@@ -409,7 +409,7 @@ + noinst_LIBRARIES = libcommon.a libcommonpth.a libsimple-pwquery.a libgpgrl.a + TESTS = $(module_tests) + AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl +-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) ++AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -fPIC + common_sources = \ + common-defs.h \ + util.h i18n.h \ +--- gl/Makefile.am ++++ gl/Makefile.am +@@ -13,6 +13,8 @@ + + AUTOMAKE_OPTIONS = 1.5 gnits no-dependencies + ++AM_CFLAGS = -fPIC ++ + noinst_LIBRARIES = libgnu.a + + libgnu_a_SOURCES = +--- gl/Makefile.in ++++ gl/Makefile.in +@@ -339,6 +339,7 @@ + target_os = @target_os@ + target_vendor = @target_vendor@ + AUTOMAKE_OPTIONS = 1.5 gnits no-dependencies ++AM_CFLAGS = -fPIC + noinst_LIBRARIES = libgnu.a + libgnu_a_SOURCES = allocsa.h allocsa.c mkdtemp.h setenv.h \ + printf-args.h printf-parse.h vasnprintf.h vasprintf.h xsize.h +--- jnlib/Makefile.am ++++ jnlib/Makefile.am +@@ -27,7 +27,7 @@ + AM_CPPFLAGS = -I$(top_srcdir)/intl + + # We need libgcrypt because libjnlib-config includes gcrypt.h +-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) ++AM_CFLAGS = $(LIBGCRYPT_CFLAGS) -fPIC + + noinst_LIBRARIES = libjnlib.a + +--- jnlib/Makefile.in ++++ jnlib/Makefile.in +@@ -353,7 +353,7 @@ + AM_CPPFLAGS = -I$(top_srcdir)/intl + + # We need libgcrypt because libjnlib-config includes gcrypt.h +-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) ++AM_CFLAGS = $(LIBGCRYPT_CFLAGS) -fPIC + noinst_LIBRARIES = libjnlib.a + + #libjnlib_a_LDFLAGS = +--- tools/Makefile.am ++++ tools/Makefile.am +@@ -27,14 +27,14 @@ + AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common + include $(top_srcdir)/am/cmacros.am + +-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) ++AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) -fPIE + + sbin_SCRIPTS = addgnupghome applygnupgdefaults + + bin_SCRIPTS = gpgsm-gencert.sh + if HAVE_USTAR +-# bin_SCRIPTS += gpg-zip +-noinst_SCRIPTS = gpg-zip ++bin_SCRIPTS += gpg-zip ++#noinst_SCRIPTS = gpg-zip + endif + + if BUILD_SYMCRYPTRUN +@@ -44,19 +44,19 @@ + endif + + bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} \ +- gpgparsemail ++ gpgparsemail gpgsplit + if !HAVE_W32_SYSTEM + bin_PROGRAMS += watchgnupg + endif + +-noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit ++noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert + + common_libs = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a + pwquery_libs = ../common/libsimple-pwquery.a + + gpgsplit_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ + $(ZLIBS) $(LIBINTL) $(LIBICONV) +- ++gpgsplit_LDFLAGS = -pie + gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c + + # jnlib/common sucks in gpg-error, will they, nil they (some compilers +--- tools/Makefile.in ++++ tools/Makefile.in +@@ -93,10 +93,10 @@ + @GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\"" + bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \ + gpgkey2ssh$(EXEEXT) $(am__EXEEXT_1) gpgparsemail$(EXEEXT) \ +- $(am__EXEEXT_2) ++ $(am__EXEEXT_2) gpgsplit$(EXEEXT) + @HAVE_W32_SYSTEM_FALSE@am__append_7 = watchgnupg + noinst_PROGRAMS = clean-sat$(EXEEXT) mk-tdata$(EXEEXT) \ +- make-dns-cert$(EXEEXT) gpgsplit$(EXEEXT) ++ make-dns-cert$(EXEEXT) + subdir = tools + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/gl/m4/alloca.m4 \ +@@ -447,18 +447,18 @@ + -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \ + $(am__append_1) $(am__append_2) $(am__append_3) \ + $(am__append_4) $(am__append_5) $(am__append_6) +-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) ++AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) -fPIE + sbin_SCRIPTS = addgnupghome applygnupgdefaults + bin_SCRIPTS = gpgsm-gencert.sh +-# bin_SCRIPTS += gpg-zip +-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip ++@HAVE_USTAR_TRUE@bin_SCRIPTS = gpg-zip ++# noinst_SCRIPTS = gpg-zip + @BUILD_SYMCRYPTRUN_FALSE@symcryptrun = + @BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun + common_libs = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a + pwquery_libs = ../common/libsimple-pwquery.a + gpgsplit_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ + $(ZLIBS) $(LIBINTL) $(LIBICONV) +- ++gpgsplit_LDFLAGS = -pie + gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c + + # jnlib/common sucks in gpg-error, will they, nil they (some compilers diff --git a/gpg2.changes b/gpg2.changes index 5e9f4e9..67fa2ff 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jun 21 20:31:44 CEST 2007 - ro@suse.de + +- install compat symlinks for gpg2 and gpgv2 +- install gpg-zip and gpgsplit +- added openldap2 to buildrequires (for gpgkeys_ldap) +- added fPIE/pie to CFLAGS/LDFLAGS for gpgsplit + ------------------------------------------------------------------- Wed May 23 19:02:45 CEST 2007 - dmueller@suse.de diff --git a/gpg2.spec b/gpg2.spec index a9a9d94..2e32f1f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -13,22 +13,24 @@ Name: gpg2 BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite BuildRequires: libusb-devel pth readline-devel zlib-devel +BuildRequires: openldap2 openldap2-devel URL: http://www.gnupg.org/aegypten2/ License: GNU General Public License (GPL) Group: Productivity/Networking/Security PreReq: %install_info_prereq Autoreqprov: on Requires: pinentry, dirmngr -Provides: newpg -Obsoletes: newpg +Provides: newpg gpg = 1.4.7 gnupg = %{version} +Obsoletes: newpg gpg <= 1.4.7 Summary: GnuPG 2 Version: 2.0.4 -Release: 8 +Release: 18 Source: gnupg-%{version}-svn4472.tar.bz2 %define nld_build 0 Patch2: nld-build.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff +Patch7: gnupg-2.0.4-install_tools.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -49,9 +51,10 @@ Authors: %endif %patch5 %patch6 +%patch7 %build -export CFLAGS="$RPM_OPT_FLAGS" +gcc_version=`gcc -dumpversion 2>&1 | sed 's/^\([0-9]\+\)\..*/\1/'` # opensc should be added to neededforbuild, but the support # in gpg2 is broken atm. autoreconf -fi @@ -82,6 +85,11 @@ make DESTDIR=$RPM_BUILD_ROOT install rm $RPM_BUILD_ROOT/usr/share/info/dir rm $RPM_BUILD_ROOT/usr/share/gnupg/FAQ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html +# compat symlinks +ln -sf gpg2 $RPM_BUILD_ROOT/usr/bin/gpg +ln -sf gpgv2 $RPM_BUILD_ROOT/usr/bin/gpgv +ln -sf gpg2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpg.1 +ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz @@ -102,6 +110,11 @@ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html /usr/share/gnupg %changelog +* Thu Jun 21 2007 - ro@suse.de +- install compat symlinks for gpg2 and gpgv2 +- install gpg-zip and gpgsplit +- added openldap2 to buildrequires (for gpgkeys_ldap) +- added fPIE/pie to CFLAGS/LDFLAGS for gpgsplit * Wed May 23 2007 - dmueller@suse.de - add libusb-devel build requires * Wed May 16 2007 - ltinkl@suse.cz From 9c5ad871d13cddc009c0504f52c7911f6a4539f95f44eaa4d341fd652a9b5063 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 26 Jul 2007 23:43:04 +0000 Subject: [PATCH 011/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=11 --- gpg2.changes | 5 +++++ gpg2.spec | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 67fa2ff..f434619 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jul 26 13:16:22 CEST 2007 - sbrabec@suse.cz + +- Build with libassuan-devel. + ------------------------------------------------------------------- Thu Jun 21 20:31:44 CEST 2007 - ro@suse.de diff --git a/gpg2.spec b/gpg2.spec index 2e32f1f..e16015f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -11,11 +11,11 @@ # norootforbuild Name: gpg2 -BuildRequires: expect krb5 libassuan libgcrypt-devel libksba-devel pcsc-lite +BuildRequires: expect krb5 libassuan-devel libgcrypt-devel libksba-devel pcsc-lite BuildRequires: libusb-devel pth readline-devel zlib-devel BuildRequires: openldap2 openldap2-devel URL: http://www.gnupg.org/aegypten2/ -License: GNU General Public License (GPL) +License: GPL v2 or later Group: Productivity/Networking/Security PreReq: %install_info_prereq Autoreqprov: on @@ -24,7 +24,7 @@ Provides: newpg gpg = 1.4.7 gnupg = %{version} Obsoletes: newpg gpg <= 1.4.7 Summary: GnuPG 2 Version: 2.0.4 -Release: 18 +Release: 25 Source: gnupg-%{version}-svn4472.tar.bz2 %define nld_build 0 Patch2: nld-build.diff @@ -110,6 +110,8 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 /usr/share/gnupg %changelog +* Thu Jul 26 2007 - sbrabec@suse.cz +- Build with libassuan-devel. * Thu Jun 21 2007 - ro@suse.de - install compat symlinks for gpg2 and gpgv2 - install gpg-zip and gpgsplit From 0b0cdf291b0cb331614e751970b0d152ed311d857cb7efef73abd09d6f255475 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 11 Sep 2007 16:18:39 +0000 Subject: [PATCH 012/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=12 --- gnupg-2.0.4-default-tty.diff | 22 ++++++++++++++++++++ gnupg-2.0.4-sig-check.diff | 40 ++++++++++++++++++++++++++++++++++++ gpg2.changes | 6 ++++++ gpg2.spec | 9 +++++++- 4 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 gnupg-2.0.4-default-tty.diff create mode 100644 gnupg-2.0.4-sig-check.diff diff --git a/gnupg-2.0.4-default-tty.diff b/gnupg-2.0.4-default-tty.diff new file mode 100644 index 0000000..e4191f7 --- /dev/null +++ b/gnupg-2.0.4-default-tty.diff @@ -0,0 +1,22 @@ +--- common/asshelp.c ++++ common/asshelp.c +@@ -90,6 +90,8 @@ + dft_ttyname = getenv ("GPG_TTY"); + if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) + dft_ttyname = ttyname (0); ++ if (!dft_ttyname) ++ dft_ttyname = "/dev/tty"; + } + if (opt_ttyname || dft_ttyname) + { +--- common/simple-pwquery.c ++++ common/simple-pwquery.c +@@ -217,6 +217,8 @@ + #ifndef HAVE_W32_SYSTEM + if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) + dft_ttyname = ttyname (0); ++ if (!dft_ttyname) ++ dft_ttyname = "/dev/tty"; + #endif + if (dft_ttyname && *dft_ttyname) + { diff --git a/gnupg-2.0.4-sig-check.diff b/gnupg-2.0.4-sig-check.diff new file mode 100644 index 0000000..b198f65 --- /dev/null +++ b/gnupg-2.0.4-sig-check.diff @@ -0,0 +1,40 @@ +--- g10/sig-check.c 2006/08/01 12:23:34 4216 ++++ g10/sig-check.c 2007/05/16 11:10:07 4504 +@@ -438,22 +438,25 @@ + gcry_md_hd_t md; + int rc; + ++ /* Always check whether the algorithm is available. Although ++ gcry_md_open woyuld throw an error, some libgcrypt versions will ++ print a debug message in that case too. */ ++ if ((rc=openpgp_md_test_algo (backsig->digest_algo))) ++ return rc; ++ + if(!opt.no_sig_cache && backsig->flags.checked) +- { +- if((rc=openpgp_md_test_algo (backsig->digest_algo))) +- return rc; ++ return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE); + +- return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE); ++ rc = gcry_md_open (&md, backsig->digest_algo,0); ++ if (!rc) ++ { ++ hash_public_key(md,main_pk); ++ hash_public_key(md,sub_pk); ++ rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL); ++ cache_sig_result(backsig,rc); ++ gcry_md_close(md); + } + +- if (gcry_md_open (&md, backsig->digest_algo,0)) +- BUG (); +- hash_public_key(md,main_pk); +- hash_public_key(md,sub_pk); +- rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL); +- cache_sig_result(backsig,rc); +- gcry_md_close(md); +- + return rc; + } + diff --git a/gpg2.changes b/gpg2.changes index f434619..b5f9e2f 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Sep 10 20:13:07 CEST 2007 - ltinkl@suse.cz + +- fix gpg2 crash on accessing key (#307666) +- fix gpg doesn't work on the console (#302323) + ------------------------------------------------------------------- Thu Jul 26 13:16:22 CEST 2007 - sbrabec@suse.cz diff --git a/gpg2.spec b/gpg2.spec index e16015f..0bc22be 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -24,13 +24,15 @@ Provides: newpg gpg = 1.4.7 gnupg = %{version} Obsoletes: newpg gpg <= 1.4.7 Summary: GnuPG 2 Version: 2.0.4 -Release: 25 +Release: 42 Source: gnupg-%{version}-svn4472.tar.bz2 %define nld_build 0 Patch2: nld-build.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff +Patch8: gnupg-2.0.4-sig-check.diff +Patch9: gnupg-2.0.4-default-tty.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -52,6 +54,8 @@ Authors: %patch5 %patch6 %patch7 +%patch8 +%patch9 %build gcc_version=`gcc -dumpversion 2>&1 | sed 's/^\([0-9]\+\)\..*/\1/'` @@ -110,6 +114,9 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 /usr/share/gnupg %changelog +* Mon Sep 10 2007 - ltinkl@suse.cz +- fix gpg2 crash on accessing key (#307666) +- fix gpg doesn't work on the console (#302323) * Thu Jul 26 2007 - sbrabec@suse.cz - Build with libassuan-devel. * Thu Jun 21 2007 - ro@suse.de From 9e3617ebc6c0389ebcb16d82e81cf71bf8029e9e30eda07eb9a390c95a5e9ef6 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 13 Sep 2007 16:44:44 +0000 Subject: [PATCH 013/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=13 --- gnupg-2.0.4-oldkey.diff | 11 +++++++++++ gpg2.changes | 5 +++++ gpg2.spec | 6 +++++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 gnupg-2.0.4-oldkey.diff diff --git a/gnupg-2.0.4-oldkey.diff b/gnupg-2.0.4-oldkey.diff new file mode 100644 index 0000000..0856e2a --- /dev/null +++ b/gnupg-2.0.4-oldkey.diff @@ -0,0 +1,11 @@ +--- g10/seckey-cert.c ++++ g10/seckey-cert.c +@@ -212,7 +212,7 @@ do_check( PKT_secret_key *sk, const char + csum += checksum (buffer, ndata); + gcry_mpi_release (sk->skey[i]); + +- err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_USG, ++ err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP, + buffer, ndata, &ndata ); + xfree (buffer); + if (err) diff --git a/gpg2.changes b/gpg2.changes index b5f9e2f..438d83e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Sep 12 22:40:46 CEST 2007 - ltinkl@suse.cz + +- fix #304749 - gpg2 unable to use old secret key + ------------------------------------------------------------------- Mon Sep 10 20:13:07 CEST 2007 - ltinkl@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 0bc22be..003d062 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -24,10 +24,11 @@ Provides: newpg gpg = 1.4.7 gnupg = %{version} Obsoletes: newpg gpg <= 1.4.7 Summary: GnuPG 2 Version: 2.0.4 -Release: 42 +Release: 44 Source: gnupg-%{version}-svn4472.tar.bz2 %define nld_build 0 Patch2: nld-build.diff +Patch3: gnupg-2.0.4-oldkey.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff @@ -51,6 +52,7 @@ Authors: %if %nld_build %patch2 %endif +%patch3 %patch5 %patch6 %patch7 @@ -114,6 +116,8 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 /usr/share/gnupg %changelog +* Wed Sep 12 2007 - ltinkl@suse.cz +- fix #304749 - gpg2 unable to use old secret key * Mon Sep 10 2007 - ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) - fix gpg doesn't work on the console (#302323) From be36e08e2b646b91c271273d58b1008a0a7ab6bcc90ba2286428ca6c58f9f01e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 25 Oct 2007 23:46:05 +0000 Subject: [PATCH 014/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=14 --- gnupg-2.0.4-install_tools.diff | 83 ++---------------------- gnupg-2.0.4-sig-check.diff | 40 ------------ gnupg-2.0.4-svn4472.tar.bz2 | 3 - gnupg-2.0.5.fixes-from-svn-20070812.diff | 44 +++++++++++++ gnupg-2.0.5.tar.bz2 | 3 + gpg2.changes | 17 +++++ gpg2.spec | 66 ++++++++++++------- nld-build.diff | 82 ----------------------- 8 files changed, 111 insertions(+), 227 deletions(-) delete mode 100644 gnupg-2.0.4-sig-check.diff delete mode 100644 gnupg-2.0.4-svn4472.tar.bz2 create mode 100644 gnupg-2.0.5.fixes-from-svn-20070812.diff create mode 100644 gnupg-2.0.5.tar.bz2 delete mode 100644 nld-build.diff diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index 33d7cc0..bb56da6 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -9,17 +9,6 @@ common_sources = \ common-defs.h \ ---- common/Makefile.in -+++ common/Makefile.in -@@ -409,7 +409,7 @@ - noinst_LIBRARIES = libcommon.a libcommonpth.a libsimple-pwquery.a libgpgrl.a - TESTS = $(module_tests) - AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl --AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -fPIC - common_sources = \ - common-defs.h \ - util.h i18n.h \ --- gl/Makefile.am +++ gl/Makefile.am @@ -13,6 +13,8 @@ @@ -31,16 +20,6 @@ noinst_LIBRARIES = libgnu.a libgnu_a_SOURCES = ---- gl/Makefile.in -+++ gl/Makefile.in -@@ -339,6 +339,7 @@ - target_os = @target_os@ - target_vendor = @target_vendor@ - AUTOMAKE_OPTIONS = 1.5 gnits no-dependencies -+AM_CFLAGS = -fPIC - noinst_LIBRARIES = libgnu.a - libgnu_a_SOURCES = allocsa.h allocsa.c mkdtemp.h setenv.h \ - printf-args.h printf-parse.h vasnprintf.h vasprintf.h xsize.h --- jnlib/Makefile.am +++ jnlib/Makefile.am @@ -27,7 +27,7 @@ @@ -52,17 +31,6 @@ noinst_LIBRARIES = libjnlib.a ---- jnlib/Makefile.in -+++ jnlib/Makefile.in -@@ -353,7 +353,7 @@ - AM_CPPFLAGS = -I$(top_srcdir)/intl - - # We need libgcrypt because libjnlib-config includes gcrypt.h --AM_CFLAGS = $(LIBGCRYPT_CFLAGS) -+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) -fPIC - noinst_LIBRARIES = libjnlib.a - - #libjnlib_a_LDFLAGS = --- tools/Makefile.am +++ tools/Makefile.am @@ -27,14 +27,14 @@ @@ -84,60 +52,21 @@ if BUILD_SYMCRYPTRUN @@ -44,19 +44,19 @@ - endif - bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} \ -- gpgparsemail -+ gpgparsemail gpgsplit + bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} if !HAVE_W32_SYSTEM - bin_PROGRAMS += watchgnupg +-bin_PROGRAMS += watchgnupg gpgparsemail ++bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit endif -noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit +noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert - common_libs = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a + common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a pwquery_libs = ../common/libsimple-pwquery.a - gpgsplit_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ - $(ZLIBS) $(LIBINTL) $(LIBICONV) -- -+gpgsplit_LDFLAGS = -pie - gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c - - # jnlib/common sucks in gpg-error, will they, nil they (some compilers ---- tools/Makefile.in -+++ tools/Makefile.in -@@ -93,10 +93,10 @@ - @GNUPG_PROTECT_TOOL_PGM_TRUE@am__append_6 = -DGNUPG_DEFAULT_PROTECT_TOOL="\"@GNUPG_PROTECT_TOOL_PGM@\"" - bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \ - gpgkey2ssh$(EXEEXT) $(am__EXEEXT_1) gpgparsemail$(EXEEXT) \ -- $(am__EXEEXT_2) -+ $(am__EXEEXT_2) gpgsplit$(EXEEXT) - @HAVE_W32_SYSTEM_FALSE@am__append_7 = watchgnupg - noinst_PROGRAMS = clean-sat$(EXEEXT) mk-tdata$(EXEEXT) \ -- make-dns-cert$(EXEEXT) gpgsplit$(EXEEXT) -+ make-dns-cert$(EXEEXT) - subdir = tools - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/gl/m4/alloca.m4 \ -@@ -447,18 +447,18 @@ - -I$(top_srcdir)/common -DLOCALEDIR=\"$(localedir)\" \ - $(am__append_1) $(am__append_2) $(am__append_3) \ - $(am__append_4) $(am__append_5) $(am__append_6) --AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) -+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) -fPIE - sbin_SCRIPTS = addgnupghome applygnupgdefaults - bin_SCRIPTS = gpgsm-gencert.sh --# bin_SCRIPTS += gpg-zip --@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip -+@HAVE_USTAR_TRUE@bin_SCRIPTS = gpg-zip -+# noinst_SCRIPTS = gpg-zip - @BUILD_SYMCRYPTRUN_FALSE@symcryptrun = - @BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun - common_libs = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a - pwquery_libs = ../common/libsimple-pwquery.a - gpgsplit_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ + gpgsplit_LDADD = $(common_libs) \ + $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(ZLIBS) $(LIBINTL) $(LIBICONV) - +gpgsplit_LDFLAGS = -pie diff --git a/gnupg-2.0.4-sig-check.diff b/gnupg-2.0.4-sig-check.diff deleted file mode 100644 index b198f65..0000000 --- a/gnupg-2.0.4-sig-check.diff +++ /dev/null @@ -1,40 +0,0 @@ ---- g10/sig-check.c 2006/08/01 12:23:34 4216 -+++ g10/sig-check.c 2007/05/16 11:10:07 4504 -@@ -438,22 +438,25 @@ - gcry_md_hd_t md; - int rc; - -+ /* Always check whether the algorithm is available. Although -+ gcry_md_open woyuld throw an error, some libgcrypt versions will -+ print a debug message in that case too. */ -+ if ((rc=openpgp_md_test_algo (backsig->digest_algo))) -+ return rc; -+ - if(!opt.no_sig_cache && backsig->flags.checked) -- { -- if((rc=openpgp_md_test_algo (backsig->digest_algo))) -- return rc; -+ return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE); - -- return backsig->flags.valid? 0 : gpg_error (GPG_ERR_BAD_SIGNATURE); -+ rc = gcry_md_open (&md, backsig->digest_algo,0); -+ if (!rc) -+ { -+ hash_public_key(md,main_pk); -+ hash_public_key(md,sub_pk); -+ rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL); -+ cache_sig_result(backsig,rc); -+ gcry_md_close(md); - } - -- if (gcry_md_open (&md, backsig->digest_algo,0)) -- BUG (); -- hash_public_key(md,main_pk); -- hash_public_key(md,sub_pk); -- rc=do_check(sub_pk,backsig,md,NULL,NULL,NULL); -- cache_sig_result(backsig,rc); -- gcry_md_close(md); -- - return rc; - } - diff --git a/gnupg-2.0.4-svn4472.tar.bz2 b/gnupg-2.0.4-svn4472.tar.bz2 deleted file mode 100644 index 5cbed79..0000000 --- a/gnupg-2.0.4-svn4472.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4fdcba0d8df14e4ab0d963a9314858974fff43d223ecc42e1cfc339fd23884e4 -size 3530028 diff --git a/gnupg-2.0.5.fixes-from-svn-20070812.diff b/gnupg-2.0.5.fixes-from-svn-20070812.diff new file mode 100644 index 0000000..c0a027a --- /dev/null +++ b/gnupg-2.0.5.fixes-from-svn-20070812.diff @@ -0,0 +1,44 @@ +# This fixes the t-gettime testcase: +--- gnupg-2.0.5/common/ChangeLog 2007-07-05 11:57:28.000000000 +0200 ++++ gnupg/common/ChangeLog +@@ -1,3 +1,7 @@ ++2007-07-09 Werner Koch ++ ++ * t-gettime.c (test_isotime2epoch): Use time_t and not u32. ++ + 2007-07-05 Werner Koch + + * t-gettime.c: New. +--- gnupg-2.0.5/common/t-gettime.c 2007-07-05 12:05:01.000000000 +0200 ++++ gnupg/common/t-gettime.c 2007-08-12 18:32:51.000000000 +0200 +@@ -57,7 +57,7 @@ + { NULL, 0 } + }; + int idx; +- u32 val; ++ time_t val; + gnupg_isotime_t tbuf; + + for (idx=0; array[idx].string; idx++) +# Looks right....: +--- gnupg-2.0.5/tools/ChangeLog 2007-07-05 18:56:24.000000000 +0200 ++++ gnupg/tools/ChangeLog +@@ -1,3 +1,7 @@ ++2007-07-16 Marcus Brinkmann ++ ++ * gpg-connect-agent.c (main): Bail out if write fails. ++ + 2007-07-05 Marcus Brinkmann + + * symcryptrun.c (confucius_get_pass): Define orig_codeset if +--- gnupg-2.0.5/tools/gpg-connect-agent.c 2007-07-04 15:06:00.000000000 +0200 ++++ gnupg/tools/gpg-connect-agent.c +@@ -464,7 +463,7 @@ + if (rc) + { + log_info (_("sending line failed: %s\n"), gpg_strerror (rc) ); +- continue; ++ break; + } + if (*line == '#' || !*line) + continue; /* Don't expect a response for a comment line. */ diff --git a/gnupg-2.0.5.tar.bz2 b/gnupg-2.0.5.tar.bz2 new file mode 100644 index 0000000..a9882d5 --- /dev/null +++ b/gnupg-2.0.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9c5133eb8bee56013c851f9c7da2c4823ac4de8f6b00bd9f9b97a75c8494ad69 +size 3513529 diff --git a/gpg2.changes b/gpg2.changes index 438d83e..5f04bf5 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -9,6 +9,23 @@ Mon Sep 10 20:13:07 CEST 2007 - ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) - fix gpg doesn't work on the console (#302323) +------------------------------------------------------------------- +Fri Aug 10 11:50:20 CEST 2007 - bk@suse.de + +- update to GnuPG-2.0.5 - requries libassuan-1.0.2! + * Switched license to GPLv3. + * Fixed bug when using the --p12-charset without --armor. + * The command --gen-key may now be used instead of the + gpgsm-gencert.sh script. + * Changed key generation to reveal less information about the + machine. Bug fixes for gpg2's card key generation. +- enable make check to test against build issues in the crypto engine +- cleanup disabled nld patch for linking with -lgpg-error-nld +- use %find_lang to label the locale files properly with %lang +- add opensc-devel to BuildRequrires to enanble smartcard support +- del Makefile.in patches where we patch Makefile.am and run automake +- cleanup the standrd GNU INSTALL and the empty VERSION from %doc + ------------------------------------------------------------------- Thu Jul 26 13:16:22 CEST 2007 - sbrabec@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 003d062..38f9757 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.4) +# spec file for package gpg2 (Version 2.0.5) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -11,28 +11,27 @@ # norootforbuild Name: gpg2 -BuildRequires: expect krb5 libassuan-devel libgcrypt-devel libksba-devel pcsc-lite -BuildRequires: libusb-devel pth readline-devel zlib-devel +BuildRequires: expect krb5 libassuan-devel pth +BuildRequires: libgcrypt-devel libksba-devel opensc-devel pcsc-lite +BuildRequires: libusb-devel readline-devel zlib-devel BuildRequires: openldap2 openldap2-devel -URL: http://www.gnupg.org/aegypten2/ +Url: http://www.gnupg.org/aegypten2/ License: GPL v2 or later Group: Productivity/Networking/Security PreReq: %install_info_prereq -Autoreqprov: on +AutoReqProv: on Requires: pinentry, dirmngr Provides: newpg gpg = 1.4.7 gnupg = %{version} Obsoletes: newpg gpg <= 1.4.7 Summary: GnuPG 2 -Version: 2.0.4 -Release: 44 -Source: gnupg-%{version}-svn4472.tar.bz2 -%define nld_build 0 -Patch2: nld-build.diff +Version: 2.0.5 +Release: 2 +Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.5.tar.bz2 +Patch1: gnupg-2.0.5.fixes-from-svn-20070812.diff Patch3: gnupg-2.0.4-oldkey.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff -Patch8: gnupg-2.0.4-sig-check.diff Patch9: gnupg-2.0.4-default-tty.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -48,22 +47,22 @@ Authors: Neal H. Walfield %prep -%setup -q -n gnupg-%{version}-svn4472 -%if %nld_build -%patch2 -%endif +%setup -q -n gnupg-%version +%patch1 -p1 %patch3 %patch5 %patch6 +# Note: this patch only patches Makefile.am files, so it needs automake to run. %patch7 -%patch8 %patch9 +# Allow building GnuPG-2.05 with gettext-0.16, there fix why +# it was added was a small fix in gettext.m4, but gpg builds +# also find with gettext-0.16, and our gettext-0.16 should +# have # the fix also soon: +sed -i '/AM_GNU_GETTEXT_VERSION/s/0.16.1/0.16/' configure.ac +autoreconf -fi %build -gcc_version=`gcc -dumpversion 2>&1 | sed 's/^\([0-9]\+\)\..*/\1/'` -# opensc should be added to neededforbuild, but the support -# in gpg2 is broken atm. -autoreconf -fi ./configure \ --prefix=%{_prefix} \ --sysconfdir=/etc \ @@ -83,7 +82,6 @@ autoreconf -fi --libexecdir=%{_libdir} \ --program-prefix="" %{_target_cpu}-suse-linux \ --with-scdaemon-pgm=%{_prefix}/bin/scdaemon - make %install @@ -96,6 +94,12 @@ ln -sf gpg2 $RPM_BUILD_ROOT/usr/bin/gpg ln -sf gpgv2 $RPM_BUILD_ROOT/usr/bin/gpgv ln -sf gpg2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpg.1 ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 +# fix rpmlint invalid-lc-messages-dir: +rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot +%find_lang gnupg2 + +%check +make check %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz @@ -103,24 +107,36 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 %postun %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz -%files +%files -f gnupg2.lang %defattr(-,root,root) -%doc ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS README THANKS TODO VERSION doc/FAQ doc/faq.html +%doc ABOUT-NLS AUTHORS COPYING ChangeLog NEWS README THANKS TODO doc/FAQ doc/faq.html %doc %_infodir/gnupg* %doc %{_mandir}/*/*.gz /usr/bin/* %{_libdir}/[^d]* /usr/sbin/addgnupghome /usr/sbin/applygnupgdefaults -/usr/share/locale/*/LC_MESSAGES/gnupg2.mo /usr/share/gnupg - %changelog * Wed Sep 12 2007 - ltinkl@suse.cz - fix #304749 - gpg2 unable to use old secret key * Mon Sep 10 2007 - ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) - fix gpg doesn't work on the console (#302323) +* Fri Aug 10 2007 - bk@suse.de +- update to GnuPG-2.0.5 - requries libassuan-1.0.2! + * Switched license to GPLv3. + * Fixed bug when using the --p12-charset without --armor. + * The command --gen-key may now be used instead of the + gpgsm-gencert.sh script. + * Changed key generation to reveal less information about the + machine. Bug fixes for gpg2's card key generation. +- enable make check to test against build issues in the crypto engine +- cleanup disabled nld patch for linking with -lgpg-error-nld +- use %%find_lang to label the locale files properly with %%lang +- add opensc-devel to BuildRequrires to enanble smartcard support +- del Makefile.in patches where we patch Makefile.am and run automake +- cleanup the standrd GNU INSTALL and the empty VERSION from %%doc * Thu Jul 26 2007 - sbrabec@suse.cz - Build with libassuan-devel. * Thu Jun 21 2007 - ro@suse.de diff --git a/nld-build.diff b/nld-build.diff deleted file mode 100644 index 4702d50..0000000 --- a/nld-build.diff +++ /dev/null @@ -1,82 +0,0 @@ ---- agent/Makefile.am -+++ agent/Makefile.am -@@ -46,7 +46,7 @@ - - gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \ - $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) \ -- -lgpg-error @LIBINTL@ -+ -lgpg-error-nld @LIBINTL@ - - gpg_protect_tool_SOURCES = \ - protect-tool.c \ -@@ -55,7 +55,7 @@ - - gpg_protect_tool_LDADD = ../common/libsimple-pwquery.a \ - ../jnlib/libjnlib.a ../common/libcommon.a \ -- $(LIBGCRYPT_LIBS) -lgpg-error @LIBINTL@ -+ $(LIBGCRYPT_LIBS) -lgpg-error-nld @LIBINTL@ - if HAVE_W32_SYSTEM - gpg_protect_tool_LDADD += -lwsock32 - endif -@@ -65,7 +65,7 @@ - - gpg_preset_passphrase_LDADD = ../common/libsimple-pwquery.a \ - ../jnlib/libjnlib.a ../common/libcommon.a \ -- $(LIBGCRYPT_LIBS) -lgpg-error @LIBINTL@ -+ $(LIBGCRYPT_LIBS) -lgpg-error-nld @LIBINTL@ - if HAVE_W32_SYSTEM - gpg_preset_passphrase_LDADD += -lwsock32 - endif ---- g10/Makefile.am -+++ g10/Makefile.am -@@ -109,8 +109,8 @@ - # $(common_source) - - LDADD = $(needed_libs) @LIBINTL@ @CAPLIBS@ @W32LIBS@ --gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error --gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error -+gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error-nld -+gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error-nld - - $(PROGRAMS): $(needed_libs) - ---- kbx/Makefile.am -+++ kbx/Makefile.am -@@ -46,5 +46,5 @@ - # Note that libcommon is only required to resolve the LIBOBJS. - kbxutil_SOURCES = kbxutil.c $(common_sources) - kbxutil_LDADD = ../jnlib/libjnlib.a $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \ -- -lgpg-error $(LIBINTL) ../common/libcommon.a -+ -lgpg-error-nld $(LIBINTL) ../common/libcommon.a - ---- scd/Makefile.am -+++ scd/Makefile.am -@@ -54,7 +54,7 @@ - - scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \ - $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(pth_libs) $(LIBASSUAN_LIBS) \ -- $(LIBUSB_LIBS) $(OPENSC_LIBS) -lgpg-error $(LIBINTL) $(DL_LIBS) -+ $(LIBUSB_LIBS) $(OPENSC_LIBS) -lgpg-error-nld $(LIBINTL) $(DL_LIBS) - - sc_copykeys_SOURCES = \ - sc-copykeys.c scdaemon.h \ -@@ -70,7 +70,7 @@ - ../common/libsimple-pwquery.a \ - $(LIBGCRYPT_LIBS) $(pth_libs) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \ - $(LIBUSB_LIBS) $(OPENSC_LIBS) \ -- -lgpg-error @LIBINTL@ @DL_LIBS@ -+ -lgpg-error-nld @LIBINTL@ @DL_LIBS@ - - pcsc_wrapper_SOURCES = pcsc-wrapper.c - pcsc_wrapper_LDADD = $(DL_LIBS) ---- sm/Makefile.am -+++ sm/Makefile.am -@@ -53,7 +53,7 @@ - - gpgsm_LDADD = ../jnlib/libjnlib.a ../kbx/libkeybox.a \ - ../common/libcommon.a \ -- $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error \ -+ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error-nld \ - $(LIBINTL) - - From b448943713254ef4b441f5b64a9f9ab7dc81dd75b675896363e2f3fc6acc130d Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 10 Jan 2008 13:14:30 +0000 Subject: [PATCH 015/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=15 --- gnupg-1.9.18-tmpdir.diff | 22 +++++++++--------- gnupg-2.0.4-install_tools.diff | 41 +++++++++++++++++++++------------- gnupg-2.0.5.tar.bz2 | 3 --- gnupg-2.0.8.tar.bz2 | 3 +++ gpg2.changes | 11 +++++++++ gpg2.spec | 23 ++++++++++++++----- 6 files changed, 69 insertions(+), 34 deletions(-) delete mode 100644 gnupg-2.0.5.tar.bz2 create mode 100644 gnupg-2.0.8.tar.bz2 diff --git a/gnupg-1.9.18-tmpdir.diff b/gnupg-1.9.18-tmpdir.diff index 6f22e0b..85ae375 100644 --- a/gnupg-1.9.18-tmpdir.diff +++ b/gnupg-1.9.18-tmpdir.diff @@ -1,7 +1,9 @@ ---- agent/gpg-agent.c +Index: agent/gpg-agent.c +=================================================================== +--- agent/gpg-agent.c.orig +++ agent/gpg-agent.c -@@ -789,6 +789,10 @@ - int fd_ssh; +@@ -874,6 +874,10 @@ main (int argc, char **argv ) + gnupg_fd_t fd_ssh; pid_t pid; + char *tmp1, *tmp; @@ -11,7 +13,7 @@ /* Remove the DISPLAY variable so that a pinentry does not default to a specific display. There is still a default display when gpg-agent was started using --display or a -@@ -800,16 +804,26 @@ +@@ -885,16 +889,25 @@ main (int argc, char **argv ) unsetenv ("DISPLAY"); #endif @@ -21,23 +23,23 @@ + len = strlen(tmp1) + strlen(tmp2) + 10; + tmp = malloc(len); + -+ snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); ++ snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); /* Create the sockets. */ - socket_name = create_socket_name (standard_socket, + socket_name = create_socket_name (use_standard_socket, "S.gpg-agent", - "/tmp/gpg-XXXXXX/S.gpg-agent"); - if (opt.ssh_support) + tmp); + if (opt.ssh_support) { + snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); - socket_name_ssh = create_socket_name (standard_socket, + socket_name_ssh = create_socket_name (use_standard_socket, "S.gpg-agent.ssh", - "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); +- + tmp); + } - + free(tmp); - fd = create_server_socket (standard_socket, socket_name); + fd = create_server_socket (use_standard_socket, socket_name, 0, + &socket_nonce); if (opt.ssh_support) - fd_ssh = create_server_socket (standard_socket, socket_name_ssh); diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index bb56da6..8ac3976 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,28 +1,34 @@ ---- common/Makefile.am +Index: common/Makefile.am +=================================================================== +--- common/Makefile.am.orig +++ common/Makefile.am -@@ -26,7 +26,7 @@ +@@ -31,7 +31,7 @@ CLEANFILES = audit-events.h status-codes AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) +AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -fPIC - common_sources = \ - common-defs.h \ ---- gl/Makefile.am + include $(top_srcdir)/am/cmacros.am + +Index: gl/Makefile.am +=================================================================== +--- gl/Makefile.am.orig +++ gl/Makefile.am @@ -13,6 +13,8 @@ - AUTOMAKE_OPTIONS = 1.5 gnits no-dependencies + AUTOMAKE_OPTIONS = 1.5 gnits +AM_CFLAGS = -fPIC + noinst_LIBRARIES = libgnu.a libgnu_a_SOURCES = ---- jnlib/Makefile.am +Index: jnlib/Makefile.am +=================================================================== +--- jnlib/Makefile.am.orig +++ jnlib/Makefile.am -@@ -27,7 +27,7 @@ +@@ -27,7 +27,7 @@ TESTS = $(module_tests) AM_CPPFLAGS = -I$(top_srcdir)/intl # We need libgcrypt because libjnlib-config includes gcrypt.h @@ -31,9 +37,11 @@ noinst_LIBRARIES = libjnlib.a ---- tools/Makefile.am +Index: tools/Makefile.am +=================================================================== +--- tools/Makefile.am.orig +++ tools/Makefile.am -@@ -27,14 +27,14 @@ +@@ -25,14 +25,14 @@ EXTRA_DIST = \ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am @@ -51,7 +59,7 @@ endif if BUILD_SYMCRYPTRUN -@@ -44,19 +44,19 @@ +@@ -43,14 +43,14 @@ endif bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} if !HAVE_W32_SYSTEM @@ -59,16 +67,19 @@ +bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit endif + if !DISABLE_REGEX + libexec_PROGRAMS = gpg-check-pattern + endif + -noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit +noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a pwquery_libs = ../common/libsimple-pwquery.a - - gpgsplit_LDADD = $(common_libs) \ - $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ +@@ -59,6 +59,7 @@ gpgsplit_LDADD = $(common_libs) \ + $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(ZLIBS) $(LIBINTL) $(LIBICONV) -- + +gpgsplit_LDFLAGS = -pie gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c diff --git a/gnupg-2.0.5.tar.bz2 b/gnupg-2.0.5.tar.bz2 deleted file mode 100644 index a9882d5..0000000 --- a/gnupg-2.0.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9c5133eb8bee56013c851f9c7da2c4823ac4de8f6b00bd9f9b97a75c8494ad69 -size 3513529 diff --git a/gnupg-2.0.8.tar.bz2 b/gnupg-2.0.8.tar.bz2 new file mode 100644 index 0000000..4b57014 --- /dev/null +++ b/gnupg-2.0.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:16f310afe4740a26475c7273f585861a4bdefecbde27c214cc30c0db45d26913 +size 3654523 diff --git a/gpg2.changes b/gpg2.changes index 5f04bf5..3d64a73 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Jan 8 10:48:30 CET 2008 - sassmann@suse.de + +- update to GnuPG-2.0.8 +- adapted patches to apply properly + * gnupg-1.9.18-tmpdir.diff + * gnupg-2.0.4-install_tools.diff +- gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, + included in upstream 2.0.8 +- use optflags during build + ------------------------------------------------------------------- Wed Sep 12 22:40:46 CEST 2007 - ltinkl@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 38f9757..705eecb 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # -# spec file for package gpg2 (Version 2.0.5) +# spec file for package gpg2 (Version 2.0.8) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -24,9 +24,9 @@ Requires: pinentry, dirmngr Provides: newpg gpg = 1.4.7 gnupg = %{version} Obsoletes: newpg gpg <= 1.4.7 Summary: GnuPG 2 -Version: 2.0.5 -Release: 2 -Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.5.tar.bz2 +Version: 2.0.8 +Release: 1 +Source: gnupg-2.0.8.tar.bz2 Patch1: gnupg-2.0.5.fixes-from-svn-20070812.diff Patch3: gnupg-2.0.4-oldkey.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff @@ -48,7 +48,8 @@ Authors: %prep %setup -q -n gnupg-%version -%patch1 -p1 +#%patch1 -p1 +#included in upstream 2.0.8 %patch3 %patch5 %patch6 @@ -63,6 +64,7 @@ sed -i '/AM_GNU_GETTEXT_VERSION/s/0.16.1/0.16/' configure.ac autoreconf -fi %build +CFLAGS="%{optflags}" \ ./configure \ --prefix=%{_prefix} \ --sysconfdir=/etc \ @@ -117,7 +119,16 @@ make check /usr/sbin/addgnupghome /usr/sbin/applygnupgdefaults /usr/share/gnupg + %changelog +* Tue Jan 08 2008 - sassmann@suse.de +- update to GnuPG-2.0.8 +- adapted patches to apply properly + * gnupg-1.9.18-tmpdir.diff + * gnupg-2.0.4-install_tools.diff +- gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, + included in upstream 2.0.8 +- use optflags during build * Wed Sep 12 2007 - ltinkl@suse.cz - fix #304749 - gpg2 unable to use old secret key * Mon Sep 10 2007 - ltinkl@suse.cz From 7bc0733e98473e893e7ece7788b6ec88ea584582cfabf0620492e1cb89a4e727 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 8 Feb 2008 17:45:44 +0000 Subject: [PATCH 016/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=16 --- gnupg-2.0.5.fixes-from-svn-20070812.diff | 44 ------- gnupg-2.0.8-from-upstream.diff | 142 +++++++++++++++++++++++ gnupg-2.0.8-warningfixes.diff | 31 +++++ gpg2.changes | 5 + gpg2.spec | 118 ++++++++++--------- 5 files changed, 238 insertions(+), 102 deletions(-) delete mode 100644 gnupg-2.0.5.fixes-from-svn-20070812.diff create mode 100644 gnupg-2.0.8-from-upstream.diff create mode 100644 gnupg-2.0.8-warningfixes.diff diff --git a/gnupg-2.0.5.fixes-from-svn-20070812.diff b/gnupg-2.0.5.fixes-from-svn-20070812.diff deleted file mode 100644 index c0a027a..0000000 --- a/gnupg-2.0.5.fixes-from-svn-20070812.diff +++ /dev/null @@ -1,44 +0,0 @@ -# This fixes the t-gettime testcase: ---- gnupg-2.0.5/common/ChangeLog 2007-07-05 11:57:28.000000000 +0200 -+++ gnupg/common/ChangeLog -@@ -1,3 +1,7 @@ -+2007-07-09 Werner Koch -+ -+ * t-gettime.c (test_isotime2epoch): Use time_t and not u32. -+ - 2007-07-05 Werner Koch - - * t-gettime.c: New. ---- gnupg-2.0.5/common/t-gettime.c 2007-07-05 12:05:01.000000000 +0200 -+++ gnupg/common/t-gettime.c 2007-08-12 18:32:51.000000000 +0200 -@@ -57,7 +57,7 @@ - { NULL, 0 } - }; - int idx; -- u32 val; -+ time_t val; - gnupg_isotime_t tbuf; - - for (idx=0; array[idx].string; idx++) -# Looks right....: ---- gnupg-2.0.5/tools/ChangeLog 2007-07-05 18:56:24.000000000 +0200 -+++ gnupg/tools/ChangeLog -@@ -1,3 +1,7 @@ -+2007-07-16 Marcus Brinkmann -+ -+ * gpg-connect-agent.c (main): Bail out if write fails. -+ - 2007-07-05 Marcus Brinkmann - - * symcryptrun.c (confucius_get_pass): Define orig_codeset if ---- gnupg-2.0.5/tools/gpg-connect-agent.c 2007-07-04 15:06:00.000000000 +0200 -+++ gnupg/tools/gpg-connect-agent.c -@@ -464,7 +463,7 @@ - if (rc) - { - log_info (_("sending line failed: %s\n"), gpg_strerror (rc) ); -- continue; -+ break; - } - if (*line == '#' || !*line) - continue; /* Don't expect a response for a comment line. */ diff --git a/gnupg-2.0.8-from-upstream.diff b/gnupg-2.0.8-from-upstream.diff new file mode 100644 index 0000000..37011c7 --- /dev/null +++ b/gnupg-2.0.8-from-upstream.diff @@ -0,0 +1,142 @@ + +This patch contains hand-selected fixes from upstream, some are needed +to make 'make check' of gpgme succeed without errors. - bk@suse.de + +--- gnupg-2.0.8//doc/qualified.txt 2007-12-13 16:13:10.000000000 +0100 ++++ gnupg-r4688//doc/qualified.txt 2008-02-06 16:58:10.000000000 +0100 +@@ -4,9 +4,9 @@ + # signatures are. Comments like this one and empty lines are allowed + # Lines do have a length limit but this is not a serious limitation as + # the format of the entries is fixed and checked by gpgsm: A +-# non-comment line starts with optional white spaces, followed by +-# exactly 40 hex character, white space and a lowercased 2 letter +-# country code. Additional data delimited with by a white space is ++# non-comment line starts with optional whitespaces, followed by ++# exactly 40 hex character, whitespace and a lowercased 2 letter ++# country code. Additional data delimited with by a whitespace is + # current ignored but might late be used for other purposes. + # + # Note: The subversion copy of this file carries a gpg:signature +@@ -193,7 +193,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:3 + #[checked: 2007-12-13 via received ZIP file with qualified signature from + # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag + # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg] +-C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA ++C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de + + # ID: 0x3A7D979B + # S/N: 00C4216083F35C54F67B09A80C3C55FE7D +@@ -208,7 +208,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:7 + #[checked: 2007-12-13 via received ZIP file with qualified signature from + # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag + # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"] +-D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B ++D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de + + + #******************************************* +--- gnupg-2.0.8//g10/card-util.c 2007-07-17 14:59:52.000000000 +0200 ++++ gnupg-r4688//g10/card-util.c 2008-02-06 16:58:14.000000000 +0100 +@@ -156,6 +156,8 @@ get_manufacturer (unsigned int no) + case 0x0001: return "PPC Card Systems"; + case 0x0002: return "Prism"; + case 0x0003: return "OpenFortress"; ++ case 0x0004: return "Wewid AB"; ++ + /* 0x00000 and 0xFFFF are defined as test cards per spec, + 0xFFF00 to 0xFFFE are assigned for use with randomly created + serial numbers. */ +--- gnupg-2.0.8//g10/gpg.c 2007-12-14 12:08:13.000000000 +0100 ++++ gnupg-r4688//g10/gpg.c 2008-02-06 16:58:14.000000000 +0100 +@@ -623,6 +623,7 @@ static ARGPARSE_OPTS opts[] = { + { oLockNever, "lock-never", 0, "@" }, + { oLoggerFD, "logger-fd",1, "@" }, + { oLoggerFile, "log-file",2, "@" }, ++ { oLoggerFile, "logger-file",2, "@" }, /* For 1.4 compatibility. */ + { oUseEmbeddedFilename, "use-embedded-filename", 0, "@" }, + { oNoUseEmbeddedFilename, "no-use-embedded-filename", 0, "@" }, + { oUtf8Strings, "utf8-strings", 0, "@" }, +--- gnupg-2.0.8//tools/ChangeLog 2007-12-14 16:56:04.000000000 +0100 ++++ gnupg-r4688//tools/ChangeLog 2008-02-06 16:58:09.000000000 +0100 +@@ -1,3 +1,18 @@ ++2008-02-01 Marcus Brinkmann ++ ++ * gpgconf-comp.c (gc_component_list_options): Fix memcpy. ++ Reported by Marc Mutz. ++ ++2008-01-22 Werner Koch ++ ++ * gpgconf-comp.c: Use gnupg domain for honor-http-proxy. Make ++ "LDAP server list" group title translatable. ++ ++2008-01-17 Marcus Brinkmann ++ ++ * gpgconf-comp.c (change_options_program): Strip duplicated ++ utf8-strings entries for gnupg backend. Don't create them either. ++ + 2007-12-10 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_options): Fix up expert level +--- gnupg-2.0.8//tools/gpgconf-comp.c 2007-12-14 16:56:04.000000000 +0100 ++++ gnupg-r4688//tools/gpgconf-comp.c 2008-02-06 16:58:10.000000000 +0100 +@@ -840,7 +840,7 @@ static gc_option_t gc_options_dirmngr[] + "dirmngr", "|URL|redirect all HTTP requests to URL", + GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR }, + { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, +- "dirmngr", N_("use system's HTTP proxy setting"), ++ "gnupg", N_("use system's HTTP proxy setting"), + GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + + { "LDAP", +@@ -874,7 +874,7 @@ static gc_option_t gc_options_dirmngr[] + GC_BACKEND_DIRMNGR in this component, so that the entry for + "ldapserverlist-file will be initialized before this one. */ + { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC, +- NULL, "LDAP server list", ++ "gnupg", N_("LDAP server list"), + GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST }, + { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, + "dirmngr", "|N|do not return more than N items in one query", +@@ -1568,7 +1568,7 @@ gc_component_list_options (int component + gc_option_t opt_copy; + + /* Fix up the group level. */ +- memcpy (&opt_copy, option, sizeof (opt)); ++ memcpy (&opt_copy, option, sizeof (opt_copy)); + opt_copy.level = level; + list_one_option (&opt_copy, out); + } +@@ -2467,6 +2467,8 @@ change_options_program (gc_component_t c + char *src_filename; + char *dest_filename; + char *orig_filename; ++ /* Special hack for gpg, see below. */ ++ int utf8strings_seen = 0; + + /* FIXME. Throughout the function, do better error reporting. */ + dest_filename = xstrdup (get_config_pathname (component, backend)); +@@ -2526,6 +2528,15 @@ change_options_program (gc_component_t c + else + break; + } ++ else if (backend == GC_BACKEND_GPG && in_marker ++ && ! strcmp ("utf8-strings\n", line)) ++ { ++ /* Strip duplicated entries. */ ++ if (utf8strings_seen) ++ disable = 1; ++ else ++ utf8strings_seen = 1; ++ } + + start = line; + while (*start == ' ' || *start == '\t') +@@ -2591,7 +2602,7 @@ change_options_program (gc_component_t c + followed by the rest of the original file. */ + + /* We have to turn on UTF8 strings for GnuPG. */ +- if (backend == GC_BACKEND_GPG) ++ if (backend == GC_BACKEND_GPG && ! utf8strings_seen) + fprintf (src_file, "utf8-strings\n"); + + option = gc_component[component].options; diff --git a/gnupg-2.0.8-warningfixes.diff b/gnupg-2.0.8-warningfixes.diff new file mode 100644 index 0000000..a9b57c3 --- /dev/null +++ b/gnupg-2.0.8-warningfixes.diff @@ -0,0 +1,31 @@ +Fixes these two warnings: + +certdump.c:938: warning: the address of 't' will always evaluate as 'true' +dotlock.c:457: warning: 'pid' may be used uninitialized in this function + +Index: sm/certdump.c +=================================================================== +--- sm/certdump.c (revision 4688) ++++ sm/certdump.c (working copy) +@@ -935,7 +935,7 @@ + ksba_free (sexp); + + ksba_cert_get_validity (cert, 0, t); +- if (t && *t) ++ if (*t) + sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6); + else + *created = 0; +Index: jnlib/dotlock.c +=================================================================== +--- jnlib/dotlock.c (revision 4688) ++++ jnlib/dotlock.c (working copy) +@@ -454,7 +454,7 @@ + #else + char buffer_space[10+1+70+1]; /* 70 is just an estimated value; node + name are usually shorter. */ +- int fd, pid; ++ int fd, pid = -1; + char *buffer, *p; + size_t expected_len; + int res, nread; diff --git a/gpg2.changes b/gpg2.changes index 3d64a73..699d539 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 6 18:16:34 CET 2008 - bk@suse.de + +- add selected upstream fixes and fix gcc and rpmlint warnings + ------------------------------------------------------------------- Tue Jan 8 10:48:30 CET 2008 - sassmann@suse.de diff --git a/gpg2.spec b/gpg2.spec index 705eecb..e0d0dbd 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -11,8 +11,12 @@ # norootforbuild Name: gpg2 -BuildRequires: expect krb5 libassuan-devel pth -BuildRequires: libgcrypt-devel libksba-devel opensc-devel pcsc-lite +Version: 2.0.8 +Release: 11 +#krb5 +BuildRequires: expect fdupes libassuan-devel pth +BuildRequires: libgcrypt-devel libksba-devel opensc-devel +#pcsc-lite BuildRequires: libusb-devel readline-devel zlib-devel BuildRequires: openldap2 openldap2-devel Url: http://www.gnupg.org/aegypten2/ @@ -21,14 +25,13 @@ Group: Productivity/Networking/Security PreReq: %install_info_prereq AutoReqProv: on Requires: pinentry, dirmngr -Provides: newpg gpg = 1.4.7 gnupg = %{version} -Obsoletes: newpg gpg <= 1.4.7 +Provides: newpg gpg = 1.4.8 gnupg = %{version} +Obsoletes: newpg gpg <= 1.4.8 Summary: GnuPG 2 -Version: 2.0.8 -Release: 1 Source: gnupg-2.0.8.tar.bz2 -Patch1: gnupg-2.0.5.fixes-from-svn-20070812.diff +Patch2: gnupg-2.0.8-from-upstream.diff Patch3: gnupg-2.0.4-oldkey.diff +Patch4: gnupg-2.0.8-warningfixes.diff Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff @@ -48,20 +51,14 @@ Authors: %prep %setup -q -n gnupg-%version -#%patch1 -p1 -#included in upstream 2.0.8 +%patch2 -p1 %patch3 +%patch4 %patch5 %patch6 # Note: this patch only patches Makefile.am files, so it needs automake to run. %patch7 %patch9 -# Allow building GnuPG-2.05 with gettext-0.16, there fix why -# it was added was a small fix in gettext.m4, but gpg builds -# also find with gettext-0.16, and our gettext-0.16 should -# have # the fix also soon: -sed -i '/AM_GNU_GETTEXT_VERSION/s/0.16.1/0.16/' configure.ac -autoreconf -fi %build CFLAGS="%{optflags}" \ @@ -99,6 +96,9 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot %find_lang gnupg2 +%if 0%suse_version > 1020 +%fdupes %buildroot +%endif %check make check @@ -121,7 +121,9 @@ make check /usr/share/gnupg %changelog -* Tue Jan 08 2008 - sassmann@suse.de +* Wed Feb 06 2008 bk@suse.de +- add selected upstream fixes and fix gcc and rpmlint warnings +* Tue Jan 08 2008 sassmann@suse.de - update to GnuPG-2.0.8 - adapted patches to apply properly * gnupg-1.9.18-tmpdir.diff @@ -129,12 +131,12 @@ make check - gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, included in upstream 2.0.8 - use optflags during build -* Wed Sep 12 2007 - ltinkl@suse.cz +* Wed Sep 12 2007 ltinkl@suse.cz - fix #304749 - gpg2 unable to use old secret key -* Mon Sep 10 2007 - ltinkl@suse.cz +* Mon Sep 10 2007 ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) - fix gpg doesn't work on the console (#302323) -* Fri Aug 10 2007 - bk@suse.de +* Fri Aug 10 2007 bk@suse.de - update to GnuPG-2.0.5 - requries libassuan-1.0.2! * Switched license to GPLv3. * Fixed bug when using the --p12-charset without --armor. @@ -148,35 +150,35 @@ make check - add opensc-devel to BuildRequrires to enanble smartcard support - del Makefile.in patches where we patch Makefile.am and run automake - cleanup the standrd GNU INSTALL and the empty VERSION from %%doc -* Thu Jul 26 2007 - sbrabec@suse.cz +* Thu Jul 26 2007 sbrabec@suse.cz - Build with libassuan-devel. -* Thu Jun 21 2007 - ro@suse.de +* Thu Jun 21 2007 ro@suse.de - install compat symlinks for gpg2 and gpgv2 - install gpg-zip and gpgsplit - added openldap2 to buildrequires (for gpgkeys_ldap) - added fPIE/pie to CFLAGS/LDFLAGS for gpgsplit -* Wed May 23 2007 - dmueller@suse.de +* Wed May 23 2007 dmueller@suse.de - add libusb-devel build requires -* Wed May 16 2007 - ltinkl@suse.cz +* Wed May 16 2007 ltinkl@suse.cz - remove gpg from Require's (#273491) -* Fri May 11 2007 - ltinkl@suse.cz +* Fri May 11 2007 ltinkl@suse.cz - updated to 2.0.4 stable snapshot -* Wed Apr 04 2007 - ltinkl@suse.cz +* Wed Apr 04 2007 ltinkl@suse.cz - update to 2.0.3 - fixed #251605 - VUL-0: signing issues within GNUPG - removed outdated patches -* Fri Mar 30 2007 - ro@suse.de +* Fri Mar 30 2007 ro@suse.de - added zlib-devel to buildreq -* Wed Feb 14 2007 - ltinkl@suse.cz +* Wed Feb 14 2007 ltinkl@suse.cz - fix file conflicts with gpg (#242133) -* Tue Jan 30 2007 - ro@suse.de +* Tue Jan 30 2007 ro@suse.de - fix build (exclude possible debuginfo directory) -* Mon Jan 29 2007 - ltinkl@suse.cz +* Mon Jan 29 2007 ltinkl@suse.cz - fix #221212 - gpg2 is not updated and do not contain documentation - fix #233525 - gpg1/2: bug in vasprintf() implementation -* Thu Nov 30 2006 - anicka@suse.cz +* Thu Nov 30 2006 anicka@suse.cz - fix overflow in openfile.c (CVE-2006-6169, #224108) -* Mon Sep 11 2006 - pnemec@suse.cz +* Mon Sep 11 2006 pnemec@suse.cz - updated gnupg to new version 1.9.22 Enhanced pkcs#12 support Support for the CardMan 4040 PCMCIA @@ -186,75 +188,75 @@ make check - removed -cfb.diff -signature.patch -cap_large_uid.patch patches they are no longer needed - change patch -warnings-fix.diff -ccid-driver-fix.diff -* Thu Aug 17 2006 - pnemec@suse.de +* Thu Aug 17 2006 pnemec@suse.de - remove unused package in build requires -* Wed Aug 09 2006 - pnemec@suse.cz +* Wed Aug 09 2006 pnemec@suse.cz - fix spec file to build with new gettext 0.15 -* Mon Aug 07 2006 - pnemec@suse.cz +* Mon Aug 07 2006 pnemec@suse.cz - fixed security fix with large uid CVE-2006-3746 [#195569] -* Thu Feb 23 2006 - pnemec@suse.cz +* Thu Feb 23 2006 pnemec@suse.cz - fixed signature security problem CVE-2006-0455 (bugzilla#150742) -* Thu Feb 02 2006 - pnemec@suse.cz +* Thu Feb 02 2006 pnemec@suse.cz - fixed install info in spec file -* Thu Jan 26 2006 - sbrabec@suse.cz +* Thu Jan 26 2006 sbrabec@suse.cz - Added missing %%install_info. -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Fri Aug 05 2005 - postadal@suse.cz +* Fri Aug 05 2005 postadal@suse.cz - updated to version to 1.9.18 - removed obsoleted gcc patch - added patch tmpdir.diff for using $TMPDIR by gpg-agent [#bug95732] -* Tue Jul 12 2005 - postadal@suse.cz +* Tue Jul 12 2005 postadal@suse.cz - updated to version to 1.9.17 - updated pth to version 2.0.4 - removed obsoleted patch agent-cache-fix.diff - fixed ccid-driver.c - fixed gcc4 - explicitly enabled gpg building in configure -* Thu Mar 24 2005 - postadal@suse.cz +* Thu Mar 24 2005 postadal@suse.cz - fixed caching passphrase in gpg-agent [#71975] -* Tue Mar 22 2005 - postadal@suse.cz +* Tue Mar 22 2005 postadal@suse.cz - fixed on 64bit archs [#72440] -* Wed Feb 23 2005 - postadal@suse.cz +* Wed Feb 23 2005 postadal@suse.cz - security fix for cfb-cipher issue [#65862] -* Wed Jan 12 2005 - postadal@suse.cz +* Wed Jan 12 2005 postadal@suse.cz - update to version 1.9.14 - removed obsoleted patch automake-fixes.diff -* Tue Sep 28 2004 - adrian@suse.de +* Tue Sep 28 2004 adrian@suse.de - link against libpth staticaly to make S/MIME support in kmail usable. Hopefully we can convert this to a native thread implementation later. (#46260) -* Sat Jul 31 2004 - adrian@suse.de +* Sat Jul 31 2004 adrian@suse.de - update to version 1.9.10 -* Tue Jul 20 2004 - adrian@suse.de +* Tue Jul 20 2004 adrian@suse.de - remove openct and opensc packages from nfb (we will need thread support, when enabling card reader support, but it isn't anyway implemented yet in gpg2) -* Mon Jul 12 2004 - adrian@suse.de +* Mon Jul 12 2004 adrian@suse.de - use GnuPG 2 sources version 1.9.9 - opensc support misses some functions atm, support disabled for now - threading is disabled, since we do not have a pth package for now - prepare for nld -* Thu Feb 26 2004 - postadal@suse.cz +* Thu Feb 26 2004 postadal@suse.cz - adapted some functions to the libgcrypt version 1.1.91 [#34987] - added libgpg-error to needforbuild flag -* Wed Feb 18 2004 - kukuk@suse.de +* Wed Feb 18 2004 kukuk@suse.de - Don't build against libpth. -* Tue Feb 10 2004 - postadal@suse.cz +* Tue Feb 10 2004 postadal@suse.cz - fixed code that broke strict aliasing -* Fri Dec 05 2003 - garloff@suse.de +* Fri Dec 05 2003 garloff@suse.de - disable core dumpe in child after forking. [#33499] -* Mon Aug 11 2003 - adrian@suse.de +* Mon Aug 11 2003 adrian@suse.de - cleanup #neededforbuild and requires -* Mon Aug 04 2003 - ro@suse.de +* Mon Aug 04 2003 ro@suse.de - added openct to neededforbuild -* Fri Jul 18 2003 - mc@suse.de +* Fri Jul 18 2003 mc@suse.de - build against opensc -* Thu Jun 19 2003 - schwab@suse.de +* Thu Jun 19 2003 schwab@suse.de - Add %%install_info. -* Mon Mar 17 2003 - adrian@suse.de +* Mon Mar 17 2003 adrian@suse.de - add signal handler to check if the parent is still alive and exit if not - use pinentry-qt by default (/usr/bin/pinentry do not exist) -* Tue Feb 11 2003 - mc@suse.de +* Tue Feb 11 2003 mc@suse.de - initial release From 04d43f964463b3c03706e01254b9ba03f491b5cc819b5210cf5ba525207c2d95 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 15 Feb 2008 00:20:58 +0000 Subject: [PATCH 017/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=17 --- gnupg-2.0.4-install_tools.diff | 58 +--------------------------------- gpg2.changes | 5 +++ gpg2.spec | 20 ++++++++++-- 3 files changed, 23 insertions(+), 60 deletions(-) diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index 8ac3976..40cb322 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,54 +1,6 @@ -Index: common/Makefile.am -=================================================================== ---- common/Makefile.am.orig -+++ common/Makefile.am -@@ -31,7 +31,7 @@ CLEANFILES = audit-events.h status-codes - - AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl - --AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -fPIC - - include $(top_srcdir)/am/cmacros.am - -Index: gl/Makefile.am -=================================================================== ---- gl/Makefile.am.orig -+++ gl/Makefile.am -@@ -13,6 +13,8 @@ - - AUTOMAKE_OPTIONS = 1.5 gnits - -+AM_CFLAGS = -fPIC -+ - noinst_LIBRARIES = libgnu.a - - libgnu_a_SOURCES = -Index: jnlib/Makefile.am -=================================================================== ---- jnlib/Makefile.am.orig -+++ jnlib/Makefile.am -@@ -27,7 +27,7 @@ TESTS = $(module_tests) - AM_CPPFLAGS = -I$(top_srcdir)/intl - - # We need libgcrypt because libjnlib-config includes gcrypt.h --AM_CFLAGS = $(LIBGCRYPT_CFLAGS) -+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) -fPIC - - noinst_LIBRARIES = libjnlib.a - -Index: tools/Makefile.am -=================================================================== --- tools/Makefile.am.orig +++ tools/Makefile.am -@@ -25,14 +25,14 @@ EXTRA_DIST = \ - AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common - include $(top_srcdir)/am/cmacros.am - --AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) -+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) -fPIE - - sbin_SCRIPTS = addgnupghome applygnupgdefaults +@@ -25,8 +25,8 @@ EXTRA_DIST = \ bin_SCRIPTS = gpgsm-gencert.sh if HAVE_USTAR @@ -76,11 +28,3 @@ Index: tools/Makefile.am common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a pwquery_libs = ../common/libsimple-pwquery.a -@@ -59,6 +59,7 @@ gpgsplit_LDADD = $(common_libs) \ - $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ - $(ZLIBS) $(LIBINTL) $(LIBICONV) - -+gpgsplit_LDFLAGS = -pie - gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c - - # jnlib/common sucks in gpg-error, will they, nil they (some compilers diff --git a/gpg2.changes b/gpg2.changes index 699d539..49ae9b9 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Feb 12 19:24:37 CET 2008 - bk@suse.de + +- install gpg-zip and gpgsplit again and use -pie for randomisation + ------------------------------------------------------------------- Wed Feb 6 18:16:34 CET 2008 - bk@suse.de diff --git a/gpg2.spec b/gpg2.spec index e0d0dbd..0e959fd 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -10,9 +10,10 @@ # norootforbuild + Name: gpg2 Version: 2.0.8 -Release: 11 +Release: 14 #krb5 BuildRequires: expect fdupes libassuan-devel pth BuildRequires: libgcrypt-devel libksba-devel opensc-devel @@ -61,7 +62,16 @@ Authors: %patch9 %build -CFLAGS="%{optflags}" \ +# Required for patch7: +autoreconf -fi +# build PIEs (position independent executables) for address space randomisation: +# en.wikipedia.org/wiki/Position_independent_code#Position-independent_executables +%ifarch s390x +# s390x needs to use the large PIE model (at least for gpg.c): +CFLAGS="%{optflags} -fPIE" LDFLAGS=-pie \ +%else +CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ +%endif ./configure \ --prefix=%{_prefix} \ --sysconfdir=/etc \ @@ -96,12 +106,14 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot %find_lang gnupg2 -%if 0%suse_version > 1020 +%if 0%{?suse_version} > 1020 %fdupes %buildroot %endif %check make check +$RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p pubsplit- --uncompress Date: Wed, 26 Mar 2008 15:13:07 +0000 Subject: [PATCH 018/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=18 --- gpg2.changes | 5 +++++ gpg2.spec | 9 +++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 49ae9b9..7771fda 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sun Mar 23 12:10:56 CET 2008 - coolo@suse.de + +- splitting out a third of the package by using a lang subpack + ------------------------------------------------------------------- Tue Feb 12 19:24:37 CET 2008 - bk@suse.de diff --git a/gpg2.spec b/gpg2.spec index 0e959fd..818d191 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -13,7 +13,7 @@ Name: gpg2 Version: 2.0.8 -Release: 14 +Release: 26 #krb5 BuildRequires: expect fdupes libassuan-devel pth BuildRequires: libgcrypt-devel libksba-devel opensc-devel @@ -50,6 +50,7 @@ Authors: Werner Koch Neal H. Walfield +%lang_package %prep %setup -q -n gnupg-%version %patch2 -p1 @@ -121,7 +122,9 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %postun %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz -%files -f gnupg2.lang +%files lang -f gnupg2.lang + +%files %defattr(-,root,root) %doc ABOUT-NLS AUTHORS COPYING ChangeLog NEWS README THANKS TODO doc/FAQ doc/faq.html %doc %_infodir/gnupg* @@ -133,6 +136,8 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress /usr/share/gnupg %changelog +* Sun Mar 23 2008 coolo@suse.de +- splitting out a third of the package by using a lang subpack * Tue Feb 12 2008 bk@suse.de - install gpg-zip and gpgsplit again and use -pie for randomisation * Wed Feb 06 2008 bk@suse.de From e4daaf149cd2ef79ba9c9362e945f8f0598f6d9aaa04ac69a3a3e4751b627472 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 27 Mar 2008 21:01:48 +0000 Subject: [PATCH 019/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=19 --- gpg2.changes | 5 +++++ gpg2.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 7771fda..c54aa82 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 26 22:07:29 CET 2008 - coolo@suse.de + +- require the split out lang package + ------------------------------------------------------------------- Sun Mar 23 12:10:56 CET 2008 - coolo@suse.de diff --git a/gpg2.spec b/gpg2.spec index 818d191..16418ee 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -13,7 +13,7 @@ Name: gpg2 Version: 2.0.8 -Release: 26 +Release: 29 #krb5 BuildRequires: expect fdupes libassuan-devel pth BuildRequires: libgcrypt-devel libksba-devel opensc-devel @@ -25,7 +25,7 @@ License: GPL v2 or later Group: Productivity/Networking/Security PreReq: %install_info_prereq AutoReqProv: on -Requires: pinentry, dirmngr +Requires: pinentry dirmngr %name-lang = %{version} Provides: newpg gpg = 1.4.8 gnupg = %{version} Obsoletes: newpg gpg <= 1.4.8 Summary: GnuPG 2 @@ -136,6 +136,8 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress /usr/share/gnupg %changelog +* Wed Mar 26 2008 coolo@suse.de +- require the split out lang package * Sun Mar 23 2008 coolo@suse.de - splitting out a third of the package by using a lang subpack * Tue Feb 12 2008 bk@suse.de From 79a552d0bf9884f77bdc6db9aa91ac7884bd0f59e3bbb281b8e3b83e7a6fdd83 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sun, 6 Apr 2008 03:55:31 +0000 Subject: [PATCH 020/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=20 --- gnupg-1.9.18-tmpdir.diff | 1 + gnupg-2.0.4-default-tty.diff | 5 +- gnupg-2.0.4-oldkey.diff | 11 --- gnupg-2.0.8-from-upstream.diff | 142 --------------------------------- gnupg-2.0.8-warningfixes.diff | 31 ------- gnupg-2.0.8.tar.bz2 | 3 - gnupg-2.0.9-RSA_ES.patch | 39 +++++++++ gnupg-2.0.9.tar.bz2 | 3 + gpg2.changes | 13 +++ gpg2.spec | 66 ++++++++------- 10 files changed, 95 insertions(+), 219 deletions(-) delete mode 100644 gnupg-2.0.4-oldkey.diff delete mode 100644 gnupg-2.0.8-from-upstream.diff delete mode 100644 gnupg-2.0.8-warningfixes.diff delete mode 100644 gnupg-2.0.8.tar.bz2 create mode 100644 gnupg-2.0.9-RSA_ES.patch create mode 100644 gnupg-2.0.9.tar.bz2 diff --git a/gnupg-1.9.18-tmpdir.diff b/gnupg-1.9.18-tmpdir.diff index 85ae375..c62cfd6 100644 --- a/gnupg-1.9.18-tmpdir.diff +++ b/gnupg-1.9.18-tmpdir.diff @@ -1,3 +1,4 @@ +# create gpg-agent socket in TMPDIR Index: agent/gpg-agent.c =================================================================== --- agent/gpg-agent.c.orig diff --git a/gnupg-2.0.4-default-tty.diff b/gnupg-2.0.4-default-tty.diff index e4191f7..806ed2c 100644 --- a/gnupg-2.0.4-default-tty.diff +++ b/gnupg-2.0.4-default-tty.diff @@ -1,6 +1,7 @@ +# sets default tty to /dev/tty --- common/asshelp.c +++ common/asshelp.c -@@ -90,6 +90,8 @@ +@@ -95,6 +95,8 @@ dft_ttyname = getenv ("GPG_TTY"); if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) dft_ttyname = ttyname (0); @@ -11,7 +12,7 @@ { --- common/simple-pwquery.c +++ common/simple-pwquery.c -@@ -217,6 +217,8 @@ +@@ -222,6 +222,8 @@ #ifndef HAVE_W32_SYSTEM if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) dft_ttyname = ttyname (0); diff --git a/gnupg-2.0.4-oldkey.diff b/gnupg-2.0.4-oldkey.diff deleted file mode 100644 index 0856e2a..0000000 --- a/gnupg-2.0.4-oldkey.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- g10/seckey-cert.c -+++ g10/seckey-cert.c -@@ -212,7 +212,7 @@ do_check( PKT_secret_key *sk, const char - csum += checksum (buffer, ndata); - gcry_mpi_release (sk->skey[i]); - -- err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_USG, -+ err = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP, - buffer, ndata, &ndata ); - xfree (buffer); - if (err) diff --git a/gnupg-2.0.8-from-upstream.diff b/gnupg-2.0.8-from-upstream.diff deleted file mode 100644 index 37011c7..0000000 --- a/gnupg-2.0.8-from-upstream.diff +++ /dev/null @@ -1,142 +0,0 @@ - -This patch contains hand-selected fixes from upstream, some are needed -to make 'make check' of gpgme succeed without errors. - bk@suse.de - ---- gnupg-2.0.8//doc/qualified.txt 2007-12-13 16:13:10.000000000 +0100 -+++ gnupg-r4688//doc/qualified.txt 2008-02-06 16:58:10.000000000 +0100 -@@ -4,9 +4,9 @@ - # signatures are. Comments like this one and empty lines are allowed - # Lines do have a length limit but this is not a serious limitation as - # the format of the entries is fixed and checked by gpgsm: A --# non-comment line starts with optional white spaces, followed by --# exactly 40 hex character, white space and a lowercased 2 letter --# country code. Additional data delimited with by a white space is -+# non-comment line starts with optional whitespaces, followed by -+# exactly 40 hex character, whitespace and a lowercased 2 letter -+# country code. Additional data delimited with by a whitespace is - # current ignored but might late be used for other purposes. - # - # Note: The subversion copy of this file carries a gpg:signature -@@ -193,7 +193,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:3 - #[checked: 2007-12-13 via received ZIP file with qualified signature from - # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag - # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg] --C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA -+C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de - - # ID: 0x3A7D979B - # S/N: 00C4216083F35C54F67B09A80C3C55FE7D -@@ -208,7 +208,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:7 - #[checked: 2007-12-13 via received ZIP file with qualified signature from - # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag - # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"] --D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B -+D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de - - - #******************************************* ---- gnupg-2.0.8//g10/card-util.c 2007-07-17 14:59:52.000000000 +0200 -+++ gnupg-r4688//g10/card-util.c 2008-02-06 16:58:14.000000000 +0100 -@@ -156,6 +156,8 @@ get_manufacturer (unsigned int no) - case 0x0001: return "PPC Card Systems"; - case 0x0002: return "Prism"; - case 0x0003: return "OpenFortress"; -+ case 0x0004: return "Wewid AB"; -+ - /* 0x00000 and 0xFFFF are defined as test cards per spec, - 0xFFF00 to 0xFFFE are assigned for use with randomly created - serial numbers. */ ---- gnupg-2.0.8//g10/gpg.c 2007-12-14 12:08:13.000000000 +0100 -+++ gnupg-r4688//g10/gpg.c 2008-02-06 16:58:14.000000000 +0100 -@@ -623,6 +623,7 @@ static ARGPARSE_OPTS opts[] = { - { oLockNever, "lock-never", 0, "@" }, - { oLoggerFD, "logger-fd",1, "@" }, - { oLoggerFile, "log-file",2, "@" }, -+ { oLoggerFile, "logger-file",2, "@" }, /* For 1.4 compatibility. */ - { oUseEmbeddedFilename, "use-embedded-filename", 0, "@" }, - { oNoUseEmbeddedFilename, "no-use-embedded-filename", 0, "@" }, - { oUtf8Strings, "utf8-strings", 0, "@" }, ---- gnupg-2.0.8//tools/ChangeLog 2007-12-14 16:56:04.000000000 +0100 -+++ gnupg-r4688//tools/ChangeLog 2008-02-06 16:58:09.000000000 +0100 -@@ -1,3 +1,18 @@ -+2008-02-01 Marcus Brinkmann -+ -+ * gpgconf-comp.c (gc_component_list_options): Fix memcpy. -+ Reported by Marc Mutz. -+ -+2008-01-22 Werner Koch -+ -+ * gpgconf-comp.c: Use gnupg domain for honor-http-proxy. Make -+ "LDAP server list" group title translatable. -+ -+2008-01-17 Marcus Brinkmann -+ -+ * gpgconf-comp.c (change_options_program): Strip duplicated -+ utf8-strings entries for gnupg backend. Don't create them either. -+ - 2007-12-10 Marcus Brinkmann - - * gpgconf-comp.c (gc_component_list_options): Fix up expert level ---- gnupg-2.0.8//tools/gpgconf-comp.c 2007-12-14 16:56:04.000000000 +0100 -+++ gnupg-r4688//tools/gpgconf-comp.c 2008-02-06 16:58:10.000000000 +0100 -@@ -840,7 +840,7 @@ static gc_option_t gc_options_dirmngr[] - "dirmngr", "|URL|redirect all HTTP requests to URL", - GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR }, - { "honor-http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, -- "dirmngr", N_("use system's HTTP proxy setting"), -+ "gnupg", N_("use system's HTTP proxy setting"), - GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, - - { "LDAP", -@@ -874,7 +874,7 @@ static gc_option_t gc_options_dirmngr[] - GC_BACKEND_DIRMNGR in this component, so that the entry for - "ldapserverlist-file will be initialized before this one. */ - { "LDAP Server", GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_LIST, GC_LEVEL_BASIC, -- NULL, "LDAP server list", -+ "gnupg", N_("LDAP server list"), - GC_ARG_TYPE_LDAP_SERVER, GC_BACKEND_DIRMNGR_LDAP_SERVER_LIST }, - { "max-replies", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, - "dirmngr", "|N|do not return more than N items in one query", -@@ -1568,7 +1568,7 @@ gc_component_list_options (int component - gc_option_t opt_copy; - - /* Fix up the group level. */ -- memcpy (&opt_copy, option, sizeof (opt)); -+ memcpy (&opt_copy, option, sizeof (opt_copy)); - opt_copy.level = level; - list_one_option (&opt_copy, out); - } -@@ -2467,6 +2467,8 @@ change_options_program (gc_component_t c - char *src_filename; - char *dest_filename; - char *orig_filename; -+ /* Special hack for gpg, see below. */ -+ int utf8strings_seen = 0; - - /* FIXME. Throughout the function, do better error reporting. */ - dest_filename = xstrdup (get_config_pathname (component, backend)); -@@ -2526,6 +2528,15 @@ change_options_program (gc_component_t c - else - break; - } -+ else if (backend == GC_BACKEND_GPG && in_marker -+ && ! strcmp ("utf8-strings\n", line)) -+ { -+ /* Strip duplicated entries. */ -+ if (utf8strings_seen) -+ disable = 1; -+ else -+ utf8strings_seen = 1; -+ } - - start = line; - while (*start == ' ' || *start == '\t') -@@ -2591,7 +2602,7 @@ change_options_program (gc_component_t c - followed by the rest of the original file. */ - - /* We have to turn on UTF8 strings for GnuPG. */ -- if (backend == GC_BACKEND_GPG) -+ if (backend == GC_BACKEND_GPG && ! utf8strings_seen) - fprintf (src_file, "utf8-strings\n"); - - option = gc_component[component].options; diff --git a/gnupg-2.0.8-warningfixes.diff b/gnupg-2.0.8-warningfixes.diff deleted file mode 100644 index a9b57c3..0000000 --- a/gnupg-2.0.8-warningfixes.diff +++ /dev/null @@ -1,31 +0,0 @@ -Fixes these two warnings: - -certdump.c:938: warning: the address of 't' will always evaluate as 'true' -dotlock.c:457: warning: 'pid' may be used uninitialized in this function - -Index: sm/certdump.c -=================================================================== ---- sm/certdump.c (revision 4688) -+++ sm/certdump.c (working copy) -@@ -935,7 +935,7 @@ - ksba_free (sexp); - - ksba_cert_get_validity (cert, 0, t); -- if (t && *t) -+ if (*t) - sprintf (created, "%.4s-%.2s-%.2s", t, t+4, t+6); - else - *created = 0; -Index: jnlib/dotlock.c -=================================================================== ---- jnlib/dotlock.c (revision 4688) -+++ jnlib/dotlock.c (working copy) -@@ -454,7 +454,7 @@ - #else - char buffer_space[10+1+70+1]; /* 70 is just an estimated value; node - name are usually shorter. */ -- int fd, pid; -+ int fd, pid = -1; - char *buffer, *p; - size_t expected_len; - int res, nread; diff --git a/gnupg-2.0.8.tar.bz2 b/gnupg-2.0.8.tar.bz2 deleted file mode 100644 index 4b57014..0000000 --- a/gnupg-2.0.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:16f310afe4740a26475c7273f585861a4bdefecbde27c214cc30c0db45d26913 -size 3654523 diff --git a/gnupg-2.0.9-RSA_ES.patch b/gnupg-2.0.9-RSA_ES.patch new file mode 100644 index 0000000..febef55 --- /dev/null +++ b/gnupg-2.0.9-RSA_ES.patch @@ -0,0 +1,39 @@ +# adds back support for deprecated RSA_E, RSA_S algorithms +--- gnupg-2.0.9.orig/g10/misc.c ++++ gnupg-2.0.9/g10/misc.c +@@ -1285,6 +1285,8 @@ pubkey_get_npkey( int algo ) + + if (algo == GCRY_PK_ELG_E) + algo = GCRY_PK_ELG; ++ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) ++ algo = GCRY_PK_RSA; + if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &n)) + n = 0; + return n; +@@ -1298,6 +1300,8 @@ pubkey_get_nskey( int algo ) + + if (algo == GCRY_PK_ELG_E) + algo = GCRY_PK_ELG; ++ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) ++ algo = GCRY_PK_RSA; + if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &n )) + n = 0; + return n; +@@ -1311,6 +1315,8 @@ pubkey_get_nsig( int algo ) + + if (algo == GCRY_PK_ELG_E) + algo = GCRY_PK_ELG; ++ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) ++ algo = GCRY_PK_RSA; + if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, &n)) + n = 0; + return n; +@@ -1324,6 +1330,8 @@ pubkey_get_nenc( int algo ) + + if (algo == GCRY_PK_ELG_E) + algo = GCRY_PK_ELG; ++ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) ++ algo = GCRY_PK_RSA; + if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, &n )) + n = 0; + return n; diff --git a/gnupg-2.0.9.tar.bz2 b/gnupg-2.0.9.tar.bz2 new file mode 100644 index 0000000..382aeba --- /dev/null +++ b/gnupg-2.0.9.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2dc124908a1dfa3b79d2b0a82aa1a31817128feb14e84a26226beaab13179686 +size 3718925 diff --git a/gpg2.changes b/gpg2.changes index c54aa82..89c7eeb 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Mar 28 16:14:33 CET 2008 - pcerny@suse.cz + +- update to 2.0.9 + * fixes CVE-2008-1530 (bnc#374254) + * removing gnupg-2.0.8-from-upstream.diff (included in release) + * removing gnupg-2.0.4-oldkey.diff (accepted by upstream) + * removing gnupg-2.0.8-warningfixes.diff + (also appears in upstream) +- patch gnupg-2.0.9-RSA_ES.patch + * adding back support for deprecated RSA_E, RSA_S algorithms + (bnc#342979) + ------------------------------------------------------------------- Wed Mar 26 22:07:29 CET 2008 - coolo@suse.de diff --git a/gpg2.spec b/gpg2.spec index 16418ee..12a2886 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.8) +# spec file for package gpg2 (Version 2.0.9) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -12,8 +12,8 @@ Name: gpg2 -Version: 2.0.8 -Release: 29 +Version: 2.0.9 +Release: 1 #krb5 BuildRequires: expect fdupes libassuan-devel pth BuildRequires: libgcrypt-devel libksba-devel opensc-devel @@ -26,17 +26,15 @@ Group: Productivity/Networking/Security PreReq: %install_info_prereq AutoReqProv: on Requires: pinentry dirmngr %name-lang = %{version} -Provides: newpg gpg = 1.4.8 gnupg = %{version} -Obsoletes: newpg gpg <= 1.4.8 +Provides: newpg gpg = 1.4.9 gnupg = %{version} +Obsoletes: newpg gpg <= 1.4.9 Summary: GnuPG 2 -Source: gnupg-2.0.8.tar.bz2 -Patch2: gnupg-2.0.8-from-upstream.diff -Patch3: gnupg-2.0.4-oldkey.diff -Patch4: gnupg-2.0.8-warningfixes.diff +Source: gnupg-2.0.9.tar.bz2 Patch5: gnupg-1.9.22-ccid-driver-fix.diff Patch6: gnupg-1.9.18-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff Patch9: gnupg-2.0.4-default-tty.diff +Patch10: gnupg-2.0.9-RSA_ES.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -53,14 +51,12 @@ Authors: %lang_package %prep %setup -q -n gnupg-%version -%patch2 -p1 -%patch3 -%patch4 %patch5 %patch6 # Note: this patch only patches Makefile.am files, so it needs automake to run. %patch7 %patch9 +%patch10 -p1 %build # Required for patch7: @@ -74,24 +70,24 @@ CFLAGS="%{optflags} -fPIE" LDFLAGS=-pie \ CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ %endif ./configure \ - --prefix=%{_prefix} \ - --sysconfdir=/etc \ - --libdir=%{_libdir} \ - --infodir=%{_infodir} \ - --with-agent-pgm=%{_prefix}/bin/gpg-agent \ - --with-pinentry-pgm=%{_prefix}/bin/pinentry \ - --with-dirmngr-pgm=%{_prefix}/bin/dirmngr \ - --enable-ldap \ - --enable-external-hkp \ - --enable-shared \ - --enable-gpgsm=yes \ - --enable-gpg \ - --enable-static-rnd=linux \ - --with-gnu-ld \ - --mandir=%{_mandir} \ - --libexecdir=%{_libdir} \ - --program-prefix="" %{_target_cpu}-suse-linux \ - --with-scdaemon-pgm=%{_prefix}/bin/scdaemon + --prefix=%{_prefix} \ + --sysconfdir=/etc \ + --libdir=%{_libdir} \ + --infodir=%{_infodir} \ + --with-agent-pgm=%{_prefix}/bin/gpg-agent \ + --with-pinentry-pgm=%{_prefix}/bin/pinentry \ + --with-dirmngr-pgm=%{_prefix}/bin/dirmngr \ + --enable-ldap \ + --enable-external-hkp \ + --enable-shared \ + --enable-gpgsm=yes \ + --enable-gpg \ + --enable-static-rnd=linux \ + --with-gnu-ld \ + --mandir=%{_mandir} \ + --libexecdir=%{_libdir} \ + --program-prefix="" %{_target_cpu}-suse-linux \ + --with-scdaemon-pgm=%{_prefix}/bin/scdaemon make %install @@ -136,6 +132,16 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress /usr/share/gnupg %changelog +* Fri Mar 28 2008 pcerny@suse.cz +- update to 2.0.9 + * fixes CVE-2008-1530 (bnc#374254) + * removing gnupg-2.0.8-from-upstream.diff (included in release) + * removing gnupg-2.0.4-oldkey.diff (accepted by upstream) + * removing gnupg-2.0.8-warningfixes.diff + (also appears in upstream) +- patch gnupg-2.0.9-RSA_ES.patch + * adding back support for deprecated RSA_E, RSA_S algorithms + (bnc#342979) * Wed Mar 26 2008 coolo@suse.de - require the split out lang package * Sun Mar 23 2008 coolo@suse.de From 39ea87331b36213d5bb1ea3b33f6af25e49bc5a39c2e925e047c6762e7e190f2 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 21 May 2008 22:04:27 +0000 Subject: [PATCH 021/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=21 --- gpg2.changes | 5 +++++ gpg2.spec | 12 +++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 89c7eeb..8bc81b5 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 21 14:01:14 CEST 2008 - puzel@suse.cz + +- added missing gpgconf.conf (bnc#391347) + ------------------------------------------------------------------- Fri Mar 28 16:14:33 CET 2008 - pcerny@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 12a2886..9a72816 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -13,7 +13,7 @@ Name: gpg2 Version: 2.0.9 -Release: 1 +Release: 17 #krb5 BuildRequires: expect fdupes libassuan-devel pth BuildRequires: libgcrypt-devel libksba-devel opensc-devel @@ -92,6 +92,8 @@ make %install make DESTDIR=$RPM_BUILD_ROOT install +mkdir -p $RPM_BUILD_ROOT/etc/gnupg/ +install -m 644 doc/examples/gpgconf.conf $RPM_BUILD_ROOT/etc/gnupg rm $RPM_BUILD_ROOT/usr/share/info/dir rm $RPM_BUILD_ROOT/usr/share/gnupg/FAQ rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html @@ -130,8 +132,12 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress /usr/sbin/addgnupghome /usr/sbin/applygnupgdefaults /usr/share/gnupg +%dir /etc/gnupg +%config /etc/gnupg/gpgconf.conf %changelog +* Wed May 21 2008 puzel@suse.cz +- added missing gpgconf.conf (bnc#391347) * Fri Mar 28 2008 pcerny@suse.cz - update to 2.0.9 * fixes CVE-2008-1530 (bnc#374254) @@ -142,7 +148,7 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress - patch gnupg-2.0.9-RSA_ES.patch * adding back support for deprecated RSA_E, RSA_S algorithms (bnc#342979) -* Wed Mar 26 2008 coolo@suse.de +* Thu Mar 27 2008 coolo@suse.de - require the split out lang package * Sun Mar 23 2008 coolo@suse.de - splitting out a third of the package by using a lang subpack @@ -158,7 +164,7 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress - gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, included in upstream 2.0.8 - use optflags during build -* Wed Sep 12 2007 ltinkl@suse.cz +* Thu Sep 13 2007 ltinkl@suse.cz - fix #304749 - gpg2 unable to use old secret key * Mon Sep 10 2007 ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) From c0c8d4a94be8c0f8f96f8d5b6dadf8d6811d440c8094b15f128e21336ebb49bb Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sun, 22 Jun 2008 00:49:11 +0000 Subject: [PATCH 022/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=22 --- gnupg-2.0.9-langinfo.patch | 11 +++++++++++ gpg2.changes | 6 ++++++ gpg2.spec | 7 ++++++- 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 gnupg-2.0.9-langinfo.patch diff --git a/gnupg-2.0.9-langinfo.patch b/gnupg-2.0.9-langinfo.patch new file mode 100644 index 0000000..87a515f --- /dev/null +++ b/gnupg-2.0.9-langinfo.patch @@ -0,0 +1,11 @@ +# fix [bnc#305725] - non latin characters displayed incorrectly by pinentry +--- jnlib/utf8conv.c ++++ jnlib/utf8conv.c +@@ -205,6 +205,7 @@ + #else /*!HAVE_W32_SYSTEM*/ + + #ifdef HAVE_LANGINFO_CODESET ++ setlocale(LC_ALL, ""); + newset = nl_langinfo (CODESET); + #else /*!HAVE_LANGINFO_CODESET*/ + /* Try to get the used charset from environment variables. */ diff --git a/gpg2.changes b/gpg2.changes index 8bc81b5..1befc3c 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 11 11:06:09 CEST 2008 - puzel@suse.cz + +- fix [bnc#305725] - UTF-8 problems + * non latin characters displayed incorrectly by pinentry-* + ------------------------------------------------------------------- Wed May 21 14:01:14 CEST 2008 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 9a72816..aaff498 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -13,7 +13,7 @@ Name: gpg2 Version: 2.0.9 -Release: 17 +Release: 25 #krb5 BuildRequires: expect fdupes libassuan-devel pth BuildRequires: libgcrypt-devel libksba-devel opensc-devel @@ -35,6 +35,7 @@ Patch6: gnupg-1.9.18-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch +Patch11: gnupg-2.0.9-langinfo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -57,6 +58,7 @@ Authors: %patch7 %patch9 %patch10 -p1 +%patch11 %build # Required for patch7: @@ -136,6 +138,9 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config /etc/gnupg/gpgconf.conf %changelog +* Wed Jun 11 2008 puzel@suse.cz +- fix [bnc#305725] - UTF-8 problems + * non latin characters displayed incorrectly by pinentry-* * Wed May 21 2008 puzel@suse.cz - added missing gpgconf.conf (bnc#391347) * Fri Mar 28 2008 pcerny@suse.cz From a8a786efdefd3ae3c6032ff69ef19b4a5abe915a3d251300dff6c155326b7786 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 13 Jan 2009 17:57:46 +0000 Subject: [PATCH 023/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=23 --- ...18-tmpdir.diff => gnupg-2.0.10-tmpdir.diff | 30 ++--- gnupg-2.0.10.tar.bz2 | 3 + gnupg-2.0.9.tar.bz2 | 3 - gpg2.changes | 33 +++++ gpg2.spec | 115 ++++++++++++------ 5 files changed, 128 insertions(+), 56 deletions(-) rename gnupg-1.9.18-tmpdir.diff => gnupg-2.0.10-tmpdir.diff (50%) create mode 100644 gnupg-2.0.10.tar.bz2 delete mode 100644 gnupg-2.0.9.tar.bz2 diff --git a/gnupg-1.9.18-tmpdir.diff b/gnupg-2.0.10-tmpdir.diff similarity index 50% rename from gnupg-1.9.18-tmpdir.diff rename to gnupg-2.0.10-tmpdir.diff index c62cfd6..e475481 100644 --- a/gnupg-1.9.18-tmpdir.diff +++ b/gnupg-2.0.10-tmpdir.diff @@ -1,9 +1,7 @@ # create gpg-agent socket in TMPDIR -Index: agent/gpg-agent.c -=================================================================== ---- agent/gpg-agent.c.orig -+++ agent/gpg-agent.c -@@ -874,6 +874,10 @@ main (int argc, char **argv ) +--- ./agent/gpg-agent.c.orig 2008-12-18 10:48:44.000000000 +0100 ++++ ./agent/gpg-agent.c 2009-01-12 13:26:21.000000000 +0100 +@@ -910,6 +910,10 @@ main (int argc, char **argv ) gnupg_fd_t fd_ssh; pid_t pid; @@ -14,7 +12,7 @@ Index: agent/gpg-agent.c /* Remove the DISPLAY variable so that a pinentry does not default to a specific display. There is still a default display when gpg-agent was started using --display or a -@@ -885,16 +889,25 @@ main (int argc, char **argv ) +@@ -921,13 +925,23 @@ main (int argc, char **argv ) unsetenv ("DISPLAY"); #endif @@ -27,20 +25,18 @@ Index: agent/gpg-agent.c + snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); /* Create the sockets. */ - socket_name = create_socket_name (use_standard_socket, - "S.gpg-agent", -- "/tmp/gpg-XXXXXX/S.gpg-agent"); + socket_name = create_socket_name +- ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); - if (opt.ssh_support) -+ tmp); +- socket_name_ssh = create_socket_name +- ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); ++ ("S.gpg-agent", tmp); + if (opt.ssh_support) { + snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); - socket_name_ssh = create_socket_name (use_standard_socket, - "S.gpg-agent.ssh", -- "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); -- -+ tmp); ++ socket_name_ssh = create_socket_name ++ ("S.gpg-agent.ssh", tmp); + } + free(tmp); - fd = create_server_socket (use_standard_socket, socket_name, 0, - &socket_nonce); + + fd = create_server_socket (socket_name, 0, &socket_nonce); if (opt.ssh_support) diff --git a/gnupg-2.0.10.tar.bz2 b/gnupg-2.0.10.tar.bz2 new file mode 100644 index 0000000..98396fe --- /dev/null +++ b/gnupg-2.0.10.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d488b7bcb9a67a8416cdd49e74d3f95912f31aa98b60580bad125ecbde14df23 +size 3825638 diff --git a/gnupg-2.0.9.tar.bz2 b/gnupg-2.0.9.tar.bz2 deleted file mode 100644 index 382aeba..0000000 --- a/gnupg-2.0.9.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2dc124908a1dfa3b79d2b0a82aa1a31817128feb14e84a26226beaab13179686 -size 3718925 diff --git a/gpg2.changes b/gpg2.changes index 1befc3c..0790ddc 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Tue Jan 13 10:38:38 CET 2009 - puzel@suse.cz + +- update to 2.0.10 + * New keyserver helper gpg2keys_kdns as generic DNS CERT + lookup. + * New mechanisms "local" and "nodefault" for --auto-key-locate. + Fixed a few problems with this option. + * New command --locate-keys. + * New options --with-sig-list and --with-sig-check. + * The option "-sat" is no longer an alias for --clearsign. + * The option --fixed-list-mode is now implicitly used and obsolete. + * New control statement %ask-passphrase for the unattended key + generation. + * The algorithm to compute the SIG_ID status has been changed. + * [gpgsm] Now uses AES by default. + * [gpgsm] Made --output option work with --export-secret-key-p12. + * [gpg-agent] Terminate process if the own listening socket is not + anymore served by ourself. + * [gpg-connect-agent] Accept commands given as command line arguments. + * The gpg-preset-passphrase mechanism works again. An arbitrary + string may now be used for a custom cache ID. + * Admin PINs are cached again (bug in 2.0.9). + * Support for version 2 OpenPGP cards. + +- specfile changes: + * require libadns + * explicit versions for some BuildRequires + * BuildRequires libgpg-error + * changed license to GPL v3 + * /etc/gnupg/gnupg.conf is now (noreplace) + * documentation is installed with install + ------------------------------------------------------------------- Wed Jun 11 11:06:09 CEST 2008 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index aaff498..d3e85db 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,10 +1,17 @@ # -# spec file for package gpg2 (Version 2.0.9) +# spec file for package gpg2 (Version 2.0.10) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -12,14 +19,20 @@ Name: gpg2 -Version: 2.0.9 -Release: 25 -#krb5 -BuildRequires: expect fdupes libassuan-devel pth -BuildRequires: libgcrypt-devel libksba-devel opensc-devel -#pcsc-lite -BuildRequires: libusb-devel readline-devel zlib-devel -BuildRequires: openldap2 openldap2-devel +Version: 2.0.10 +Release: 1 +BuildRequires: expect fdupes pth +BuildRequires: libgpg-error-devel >= 1.4 +BuildRequires: libgcrypt-devel >= 1.4.0 +BuildRequires: libksba-devel >= 1.0.2 +BuildRequires: libassuan-devel >= 1.0.4 +BuildRequires: opensc-devel +BuildRequires: libusb-devel +BuildRequires: readline-devel +BuildRequires: zlib-devel +BuildRequires: libadns-devel +BuildRequires: openldap2-devel +BuildRequires: openldap2 Url: http://www.gnupg.org/aegypten2/ License: GPL v2 or later Group: Productivity/Networking/Security @@ -29,9 +42,9 @@ Requires: pinentry dirmngr %name-lang = %{version} Provides: newpg gpg = 1.4.9 gnupg = %{version} Obsoletes: newpg gpg <= 1.4.9 Summary: GnuPG 2 -Source: gnupg-2.0.9.tar.bz2 -Patch5: gnupg-1.9.22-ccid-driver-fix.diff -Patch6: gnupg-1.9.18-tmpdir.diff +Source: gnupg-%{version}.tar.bz2 +Patch5: gnupg-2.0.10-tmpdir.diff +Patch6: gnupg-1.9.22-ccid-driver-fix.diff Patch7: gnupg-2.0.4-install_tools.diff Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch @@ -52,9 +65,8 @@ Authors: %lang_package %prep %setup -q -n gnupg-%version -%patch5 +%patch5 -p1 %patch6 -# Note: this patch only patches Makefile.am files, so it needs automake to run. %patch7 %patch9 %patch10 -p1 @@ -64,7 +76,6 @@ Authors: # Required for patch7: autoreconf -fi # build PIEs (position independent executables) for address space randomisation: -# en.wikipedia.org/wiki/Position_independent_code#Position-independent_executables %ifarch s390x # s390x needs to use the large PIE model (at least for gpg.c): CFLAGS="%{optflags} -fPIE" LDFLAGS=-pie \ @@ -76,29 +87,30 @@ CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ --sysconfdir=/etc \ --libdir=%{_libdir} \ --infodir=%{_infodir} \ + --mandir=%{_mandir} \ + --libexecdir=%{_libdir} \ + --docdir=%{_docdir}/%{name} \ --with-agent-pgm=%{_prefix}/bin/gpg-agent \ --with-pinentry-pgm=%{_prefix}/bin/pinentry \ --with-dirmngr-pgm=%{_prefix}/bin/dirmngr \ + --with-scdaemon-pgm=%{_prefix}/bin/scdaemon \ --enable-ldap \ --enable-external-hkp \ --enable-shared \ --enable-gpgsm=yes \ --enable-gpg \ --enable-static-rnd=linux \ - --with-gnu-ld \ - --mandir=%{_mandir} \ - --libexecdir=%{_libdir} \ - --program-prefix="" %{_target_cpu}-suse-linux \ - --with-scdaemon-pgm=%{_prefix}/bin/scdaemon + --with-gnu-ld make %install -make DESTDIR=$RPM_BUILD_ROOT install +%makeinstall mkdir -p $RPM_BUILD_ROOT/etc/gnupg/ +# bnc#391347 install -m 644 doc/examples/gpgconf.conf $RPM_BUILD_ROOT/etc/gnupg +# delete to prevent fdupes from creating cross-partition hardlink +rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/gpg2/examples/gpgconf.conf rm $RPM_BUILD_ROOT/usr/share/info/dir -rm $RPM_BUILD_ROOT/usr/share/gnupg/FAQ -rm $RPM_BUILD_ROOT/usr/share/gnupg/faq.html # compat symlinks ln -sf gpg2 $RPM_BUILD_ROOT/usr/bin/gpg ln -sf gpgv2 $RPM_BUILD_ROOT/usr/bin/gpgv @@ -106,6 +118,8 @@ ln -sf gpg2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpg.1 ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot +# additional files to documentation directory +install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ doc/faq.html $RPM_BUILD_ROOT/%{_docdir}/%{name} %find_lang gnupg2 %if 0%{?suse_version} > 1020 %fdupes %buildroot @@ -126,18 +140,47 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %files %defattr(-,root,root) -%doc ABOUT-NLS AUTHORS COPYING ChangeLog NEWS README THANKS TODO doc/FAQ doc/faq.html -%doc %_infodir/gnupg* +%doc %{_infodir}/gnupg* %doc %{_mandir}/*/*.gz -/usr/bin/* +%doc %{_docdir}/%{name} +%{_bindir}/* %{_libdir}/[^d]* -/usr/sbin/addgnupghome -/usr/sbin/applygnupgdefaults -/usr/share/gnupg -%dir /etc/gnupg -%config /etc/gnupg/gpgconf.conf +%{_sbindir}/addgnupghome +%{_sbindir}/applygnupgdefaults +%{_datadir}/gnupg +%dir %{_sysconfdir}/gnupg +%config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Tue Jan 13 2009 puzel@suse.cz +- update to 2.0.10 + * New keyserver helper gpg2keys_kdns as generic DNS CERT + lookup. + * New mechanisms "local" and "nodefault" for --auto-key-locate. + Fixed a few problems with this option. + * New command --locate-keys. + * New options --with-sig-list and --with-sig-check. + * The option "-sat" is no longer an alias for --clearsign. + * The option --fixed-list-mode is now implicitly used and obsolete. + * New control statement %%ask-passphrase for the unattended key + generation. + * The algorithm to compute the SIG_ID status has been changed. + * [gpgsm] Now uses AES by default. + * [gpgsm] Made --output option work with --export-secret-key-p12. + * [gpg-agent] Terminate process if the own listening socket is not + anymore served by ourself. + * [gpg-connect-agent] Accept commands given as command line arguments. + * The gpg-preset-passphrase mechanism works again. An arbitrary + string may now be used for a custom cache ID. + * Admin PINs are cached again (bug in 2.0.9). + * Support for version 2 OpenPGP cards. +- specfile changes: + * require libadns + * explicit versions for some BuildRequires + * BuildRequires libgpg-error + * changed license to GPL v3 + * /etc/gnupg/gnupg.conf is now (noreplace) + * documentation is installed with install * Wed Jun 11 2008 puzel@suse.cz - fix [bnc#305725] - UTF-8 problems * non latin characters displayed incorrectly by pinentry-* @@ -153,7 +196,7 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress - patch gnupg-2.0.9-RSA_ES.patch * adding back support for deprecated RSA_E, RSA_S algorithms (bnc#342979) -* Thu Mar 27 2008 coolo@suse.de +* Wed Mar 26 2008 coolo@suse.de - require the split out lang package * Sun Mar 23 2008 coolo@suse.de - splitting out a third of the package by using a lang subpack @@ -169,7 +212,7 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress - gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, included in upstream 2.0.8 - use optflags during build -* Thu Sep 13 2007 ltinkl@suse.cz +* Wed Sep 12 2007 ltinkl@suse.cz - fix #304749 - gpg2 unable to use old secret key * Mon Sep 10 2007 ltinkl@suse.cz - fix gpg2 crash on accessing key (#307666) From c939701a305306e08f202828319446c28c9b007424bdb57f3de31a91e89129f9 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 22 Jan 2009 12:04:18 +0000 Subject: [PATCH 024/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=24 --- gnupg-2.0.10-fix-convert.patch | 15 +++++++++++++++ gpg2.changes | 6 ++++++ gpg2.spec | 7 ++++++- 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 gnupg-2.0.10-fix-convert.patch diff --git a/gnupg-2.0.10-fix-convert.patch b/gnupg-2.0.10-fix-convert.patch new file mode 100644 index 0000000..9ca2b18 --- /dev/null +++ b/gnupg-2.0.10-fix-convert.patch @@ -0,0 +1,15 @@ +# Patch from upstream - fixes broken make check on ppc, s390, s390x +Index: common/convert.c +=================================================================== +--- common/convert.c (revision 4915) ++++ common/convert.c (working copy) +@@ -194,7 +194,9 @@ + ; + if (*s && (!isascii (*s) || !isspace (*s)) ) + return NULL; /* Not followed by Nul or white space. */ +- need_nul = !(s[-2] == '0' && s[-1] == '0'); ++ /* We need to append a nul character. However we don't want that if ++ the hexstring already ends with "00". */ ++ need_nul = ((s == hexstring) || !(s[-2] == '0' && s[-1] == '0')); + if (need_nul) + count++; diff --git a/gpg2.changes b/gpg2.changes index 0790ddc..e10da2d 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jan 19 16:16:11 CET 2009 - puzel@suse.cz + +- add gnupg-2.0.10-fix-convert.patch + - fix broken 'make check' on ppc, s390 and s390x + ------------------------------------------------------------------- Tue Jan 13 10:38:38 CET 2009 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index d3e85db..8fead99 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.10 -Release: 1 +Release: 2 BuildRequires: expect fdupes pth BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 @@ -49,6 +49,7 @@ Patch7: gnupg-2.0.4-install_tools.diff Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch +Patch12: gnupg-2.0.10-fix-convert.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -71,6 +72,7 @@ Authors: %patch9 %patch10 -p1 %patch11 +%patch12 %build # Required for patch7: @@ -152,6 +154,9 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Mon Jan 19 2009 puzel@suse.cz +- add gnupg-2.0.10-fix-convert.patch + - fix broken 'make check' on ppc, s390 and s390x * Tue Jan 13 2009 puzel@suse.cz - update to 2.0.10 * New keyserver helper gpg2keys_kdns as generic DNS CERT From e39a906bb68a7ac9d23e8355218eb53cfad687864180a7c67423628404902ddd Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 2 Mar 2009 15:33:31 +0000 Subject: [PATCH 025/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=25 --- gnupg-2.0.10-fix-missing-option.patch | 44 +++++++++++++++++++++++++++ gpg2.changes | 5 +++ gpg2.spec | 7 ++++- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 gnupg-2.0.10-fix-missing-option.patch diff --git a/gnupg-2.0.10-fix-missing-option.patch b/gnupg-2.0.10-fix-missing-option.patch new file mode 100644 index 0000000..689ea0a --- /dev/null +++ b/gnupg-2.0.10-fix-missing-option.patch @@ -0,0 +1,44 @@ +# From upstream, SVN rev. 4937 +# Fix (bnc#477362) +Index: doc/gpg-agent.texi +=================================================================== +--- doc/gpg-agent.texi (revision 4936) ++++ doc/gpg-agent.texi (revision 4937) +@@ -433,13 +433,13 @@ + @item --display @var{string} + @itemx --ttyname @var{string} + @itemx --ttytype @var{string} +-@itemx --lc-type @var{string} ++@itemx --lc-ctype @var{string} + @itemx --lc-messages @var{string} + @itemx --xauthority @var{string} + @opindex display + @opindex ttyname + @opindex ttytype +-@opindex lc-type ++@opindex lc-ctype + @opindex lc-messages + @opindex xauthority + These options are used with the server mode to pass localization +Index: agent/gpg-agent.c +=================================================================== +--- agent/gpg-agent.c (revision 4936) ++++ agent/gpg-agent.c (revision 4937) +@@ -1,6 +1,6 @@ + /* gpg-agent.c - The GnuPG Agent + * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, +- * 2006, 2007 Free Software Foundation, Inc. ++ * 2006, 2007, 2009 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * +@@ -141,6 +141,9 @@ + { oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") }, + { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */ + ++ { oBatch, "batch", 0, "@" }, ++ { oHomedir, "homedir", 2, "@"}, ++ + { oDisplay, "display", 2, "@" }, + { oTTYname, "ttyname", 2, "@" }, + { oTTYtype, "ttytype", 2, "@" }, diff --git a/gpg2.changes b/gpg2.changes index e10da2d..06b82a2 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Mar 2 15:53:22 CET 2009 - puzel@suse.cz + +- gnupg-2.0.10-fix-missing-option.patch (bnc#477362) + ------------------------------------------------------------------- Mon Jan 19 16:16:11 CET 2009 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 8fead99..3f58e79 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.10 -Release: 2 +Release: 3 BuildRequires: expect fdupes pth BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 @@ -50,6 +50,8 @@ Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch Patch12: gnupg-2.0.10-fix-convert.patch +# PATCH-FIX-UPSTREAM gnupg-2.0.10-fix-missing.option.patch bnc477362 petr.uzel@suse.cz -- gnupg2 SVN rev. 4937 +Patch13: gnupg-2.0.10-fix-missing-option.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -73,6 +75,7 @@ Authors: %patch10 -p1 %patch11 %patch12 +%patch13 %build # Required for patch7: @@ -154,6 +157,8 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Mon Mar 02 2009 puzel@suse.cz +- gnupg-2.0.10-fix-missing-option.patch (bnc#477362) * Mon Jan 19 2009 puzel@suse.cz - add gnupg-2.0.10-fix-convert.patch - fix broken 'make check' on ppc, s390 and s390x From dab15a2aeb67bf63d2838af5ef3b517b5e157ff943954c55cb7be1346413b1e8 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 5 Mar 2009 15:45:23 +0000 Subject: [PATCH 026/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=26 --- gnupg-2.0.10-fix-convert.patch | 15 --------- gnupg-2.0.10-fix-missing-option.patch | 44 --------------------------- gnupg-2.0.10.tar.bz2 | 3 -- gnupg-2.0.11.tar.bz2 | 3 ++ gpg2.changes | 16 ++++++++++ gpg2.spec | 27 ++++++++++------ 6 files changed, 37 insertions(+), 71 deletions(-) delete mode 100644 gnupg-2.0.10-fix-convert.patch delete mode 100644 gnupg-2.0.10-fix-missing-option.patch delete mode 100644 gnupg-2.0.10.tar.bz2 create mode 100644 gnupg-2.0.11.tar.bz2 diff --git a/gnupg-2.0.10-fix-convert.patch b/gnupg-2.0.10-fix-convert.patch deleted file mode 100644 index 9ca2b18..0000000 --- a/gnupg-2.0.10-fix-convert.patch +++ /dev/null @@ -1,15 +0,0 @@ -# Patch from upstream - fixes broken make check on ppc, s390, s390x -Index: common/convert.c -=================================================================== ---- common/convert.c (revision 4915) -+++ common/convert.c (working copy) -@@ -194,7 +194,9 @@ - ; - if (*s && (!isascii (*s) || !isspace (*s)) ) - return NULL; /* Not followed by Nul or white space. */ -- need_nul = !(s[-2] == '0' && s[-1] == '0'); -+ /* We need to append a nul character. However we don't want that if -+ the hexstring already ends with "00". */ -+ need_nul = ((s == hexstring) || !(s[-2] == '0' && s[-1] == '0')); - if (need_nul) - count++; diff --git a/gnupg-2.0.10-fix-missing-option.patch b/gnupg-2.0.10-fix-missing-option.patch deleted file mode 100644 index 689ea0a..0000000 --- a/gnupg-2.0.10-fix-missing-option.patch +++ /dev/null @@ -1,44 +0,0 @@ -# From upstream, SVN rev. 4937 -# Fix (bnc#477362) -Index: doc/gpg-agent.texi -=================================================================== ---- doc/gpg-agent.texi (revision 4936) -+++ doc/gpg-agent.texi (revision 4937) -@@ -433,13 +433,13 @@ - @item --display @var{string} - @itemx --ttyname @var{string} - @itemx --ttytype @var{string} --@itemx --lc-type @var{string} -+@itemx --lc-ctype @var{string} - @itemx --lc-messages @var{string} - @itemx --xauthority @var{string} - @opindex display - @opindex ttyname - @opindex ttytype --@opindex lc-type -+@opindex lc-ctype - @opindex lc-messages - @opindex xauthority - These options are used with the server mode to pass localization -Index: agent/gpg-agent.c -=================================================================== ---- agent/gpg-agent.c (revision 4936) -+++ agent/gpg-agent.c (revision 4937) -@@ -1,6 +1,6 @@ - /* gpg-agent.c - The GnuPG Agent - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, -- * 2006, 2007 Free Software Foundation, Inc. -+ * 2006, 2007, 2009 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * -@@ -141,6 +141,9 @@ - { oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") }, - { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */ - -+ { oBatch, "batch", 0, "@" }, -+ { oHomedir, "homedir", 2, "@"}, -+ - { oDisplay, "display", 2, "@" }, - { oTTYname, "ttyname", 2, "@" }, - { oTTYtype, "ttytype", 2, "@" }, diff --git a/gnupg-2.0.10.tar.bz2 b/gnupg-2.0.10.tar.bz2 deleted file mode 100644 index 98396fe..0000000 --- a/gnupg-2.0.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d488b7bcb9a67a8416cdd49e74d3f95912f31aa98b60580bad125ecbde14df23 -size 3825638 diff --git a/gnupg-2.0.11.tar.bz2 b/gnupg-2.0.11.tar.bz2 new file mode 100644 index 0000000..3458079 --- /dev/null +++ b/gnupg-2.0.11.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8c40148ad471f4a7e583bc5f84ebf652c395b303deaf2583b11e51f43fa8b47c +size 3852869 diff --git a/gpg2.changes b/gpg2.changes index 06b82a2..f5b1f75 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Thu Mar 5 13:39:42 CET 2009 - puzel@suse.cz + +- update to 2.0.11 + * Fixed a problem in SCDAEMON which caused unexpected card resets. + * SCDAEMON is now aware of the Geldkarte. + * The SCDAEMON option --allow-admin is now used by default. + * GPGCONF now restarts SCdaemon if necessary. + * The default cipher algorithm in GPGSM is now again 3DES. This is + due to interoperability problems with Outlook 2003 which still + can't cope with AES. +- dropped gnupg-2.0.10-fix-convert.patch (upstream) +- dropped gnupg-2.0.10-fix-missing-option.patch (upstream) +- disabled gnupg-1.9.22-ccid-driver-fix.diff (does not apply and it is + not clear what it is good for) + ------------------------------------------------------------------- Mon Mar 2 15:53:22 CET 2009 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 3f58e79..d9104a0 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.10) +# spec file for package gpg2 (Version 2.0.11) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,8 +19,8 @@ Name: gpg2 -Version: 2.0.10 -Release: 3 +Version: 2.0.11 +Release: 1 BuildRequires: expect fdupes pth BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 @@ -49,9 +49,6 @@ Patch7: gnupg-2.0.4-install_tools.diff Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch -Patch12: gnupg-2.0.10-fix-convert.patch -# PATCH-FIX-UPSTREAM gnupg-2.0.10-fix-missing.option.patch bnc477362 petr.uzel@suse.cz -- gnupg2 SVN rev. 4937 -Patch13: gnupg-2.0.10-fix-missing-option.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -69,13 +66,12 @@ Authors: %prep %setup -q -n gnupg-%version %patch5 -p1 -%patch6 +# Patch disabled - it does not apply to 2.0.11 and it is unclear, what it is actually good for +#% patch6 %patch7 %patch9 %patch10 -p1 %patch11 -%patch12 -%patch13 %build # Required for patch7: @@ -157,6 +153,19 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Thu Mar 05 2009 puzel@suse.cz +- update to 2.0.11 + * Fixed a problem in SCDAEMON which caused unexpected card resets. + * SCDAEMON is now aware of the Geldkarte. + * The SCDAEMON option --allow-admin is now used by default. + * GPGCONF now restarts SCdaemon if necessary. + * The default cipher algorithm in GPGSM is now again 3DES. This is + due to interoperability problems with Outlook 2003 which still + can't cope with AES. +- dropped gnupg-2.0.10-fix-convert.patch (upstream) +- dropped gnupg-2.0.10-fix-missing-option.patch (upstream) +- disabled gnupg-1.9.22-ccid-driver-fix.diff (does not apply and it is + not clear what it is good for) * Mon Mar 02 2009 puzel@suse.cz - gnupg-2.0.10-fix-missing-option.patch (bnc#477362) * Mon Jan 19 2009 puzel@suse.cz From 306498fd65113ad10d78be77eb14e8aa159d6271a18685f751ddde58264588d8 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 20 Mar 2009 18:37:13 +0000 Subject: [PATCH 027/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=27 --- gpg2-fix-rtsignals.patch | 44 ++++++++++++++++++++++++++++++++++++++++ gpg2.changes | 5 +++++ gpg2.spec | 6 +++++- 3 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 gpg2-fix-rtsignals.patch diff --git a/gpg2-fix-rtsignals.patch b/gpg2-fix-rtsignals.patch new file mode 100644 index 0000000..ecf773c --- /dev/null +++ b/gpg2-fix-rtsignals.patch @@ -0,0 +1,44 @@ +# bnc#481463 +# +# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499569 +# agent/gpg-agent.c: Deinit the threading library before exec'ing +# the command to run in --daemon mode. And because that still doesn't +# restore the sigprocmask, do that manually. Closes: #499569 +# +Index: gnupg-2.0.11/agent/gpg-agent.c +=================================================================== +--- gnupg-2.0.11.orig/agent/gpg-agent.c 2009-03-18 13:35:59.000000000 +0100 ++++ gnupg-2.0.11/agent/gpg-agent.c 2009-03-18 13:43:46.000000000 +0100 +@@ -528,6 +528,8 @@ + int gpgconf_list = 0; + gpg_error_t err; + const char *env_file_name = NULL; ++ sigset_t initial_sigs; ++ + + + set_strusage (my_strusage); +@@ -537,6 +539,8 @@ + somewhere after the option parsing */ + log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID); + ++ sigprocmask(SIG_SETMASK, NULL, &initial_sigs); ++ + /* Make sure that our subsystems are ready. */ + i18n_init (); + init_common_subsystems (); +@@ -1053,6 +1057,14 @@ + kill (pid, SIGTERM ); + exit (1); + } ++ if (! pth_kill()) ++ { ++ log_error ("failed to clean up threading"); ++ kill (pid, SIGTERM ); ++ exit (1); ++ } ++ sigprocmask(SIG_SETMASK, &initial_sigs, NULL); ++ + execvp (argv[0], argv); + log_error ("failed to run the command: %s\n", strerror (errno)); + kill (pid, SIGTERM); diff --git a/gpg2.changes b/gpg2.changes index f5b1f75..cce0538 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 18 13:51:30 CET 2009 - puzel@suse.cz + +- add gpg2-fix-rtsignals.patch (bnc#481463) + ------------------------------------------------------------------- Thu Mar 5 13:39:42 CET 2009 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index d9104a0..1e72d48 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.11 -Release: 1 +Release: 2 BuildRequires: expect fdupes pth BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 @@ -49,6 +49,7 @@ Patch7: gnupg-2.0.4-install_tools.diff Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch +Patch12: gpg2-fix-rtsignals.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -72,6 +73,7 @@ Authors: %patch9 %patch10 -p1 %patch11 +%patch12 -p1 %build # Required for patch7: @@ -153,6 +155,8 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Wed Mar 18 2009 puzel@suse.cz +- add gpg2-fix-rtsignals.patch (bnc#481463) * Thu Mar 05 2009 puzel@suse.cz - update to 2.0.11 * Fixed a problem in SCDAEMON which caused unexpected card resets. From 0edc37d24db5303e5d29cd7fcec0dba32eb2ecd05b46799773c4521e4afd24e6 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 2 Jun 2009 10:28:15 +0000 Subject: [PATCH 028/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=28 --- gpg2.changes | 5 +++++ gpg2.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index cce0538..6d27ebf 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jun 1 11:26:12 CEST 2009 - puzel@suse.cz + +- BuildRequires: pth-devel + ------------------------------------------------------------------- Wed Mar 18 13:51:30 CET 2009 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 1e72d48..ab786ae 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,8 +20,8 @@ Name: gpg2 Version: 2.0.11 -Release: 2 -BuildRequires: expect fdupes pth +Release: 3 +BuildRequires: expect fdupes pth-devel BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 BuildRequires: libksba-devel >= 1.0.2 @@ -155,6 +155,8 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Mon Jun 01 2009 puzel@suse.cz +- BuildRequires: pth-devel * Wed Mar 18 2009 puzel@suse.cz - add gpg2-fix-rtsignals.patch (bnc#481463) * Thu Mar 05 2009 puzel@suse.cz From 025a95887467bb5e0178208dbe1bd17e16162a16fe0210905b2f2659f3918f10 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 12 Jun 2009 15:33:52 +0000 Subject: [PATCH 029/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=29 --- gpg2.changes | 5 +++++ gpg2.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 6d27ebf..56d1da0 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jun 11 11:19:58 CEST 2009 - puzel@suse.cz + +- change BuildRequires: (pth-devel -> libpth-devel) + ------------------------------------------------------------------- Mon Jun 1 11:26:12 CEST 2009 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index ab786ae..cc66be3 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,8 +20,8 @@ Name: gpg2 Version: 2.0.11 -Release: 3 -BuildRequires: expect fdupes pth-devel +Release: 4 +BuildRequires: expect fdupes libpth-devel BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 BuildRequires: libksba-devel >= 1.0.2 @@ -155,6 +155,8 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Thu Jun 11 2009 puzel@suse.cz +- change BuildRequires: (pth-devel -> libpth-devel) * Mon Jun 01 2009 puzel@suse.cz - BuildRequires: pth-devel * Wed Mar 18 2009 puzel@suse.cz From 5b8ae0145081b2cf5ace7bb1ad1f1ccecb3bd153eccd0fcef943c012f99bc82e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 19 Jun 2009 23:33:05 +0000 Subject: [PATCH 030/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=30 --- gnupg-1.9.22-ccid-driver-fix.diff | 42 ----------------------------- gnupg-2.0.10-tmpdir.diff | 10 ++++--- gnupg-2.0.11.tar.bz2 | 3 --- gnupg-2.0.12.tar.bz2 | 3 +++ gnupg-2.0.4-default-tty.diff | 16 ++++++----- gnupg-2.0.4-install_tools.diff | 10 ++++--- gnupg-2.0.9-RSA_ES.patch | 14 +++++----- gnupg-2.0.9-langinfo.patch | 8 +++--- gpg2-fix-rtsignals.patch | 44 ------------------------------- gpg2.changes | 20 ++++++++++++++ gpg2.spec | 28 ++++++++++++++------ 11 files changed, 78 insertions(+), 120 deletions(-) delete mode 100644 gnupg-1.9.22-ccid-driver-fix.diff delete mode 100644 gnupg-2.0.11.tar.bz2 create mode 100644 gnupg-2.0.12.tar.bz2 delete mode 100644 gpg2-fix-rtsignals.patch diff --git a/gnupg-1.9.22-ccid-driver-fix.diff b/gnupg-1.9.22-ccid-driver-fix.diff deleted file mode 100644 index 83a8e77..0000000 --- a/gnupg-1.9.22-ccid-driver-fix.diff +++ /dev/null @@ -1,42 +0,0 @@ -Index: scd/ccid-driver.c -=================================================================== ---- scd/ccid-driver.c.orig -+++ scd/ccid-driver.c -@@ -75,8 +75,6 @@ - # include - #endif - --#if defined(HAVE_LIBUSB) || defined(TEST) -- - #include - #include - #include -@@ -91,7 +89,14 @@ - #include "ccid-driver.h" - - #define DRVNAME "ccid-driver: " -- -+static int debug_level; /* Flag to control the debug output. -+ 0 = No debugging -+ 1 = USB I/O info -+ 2 = T=1 protocol tracing -+ */ -+ -+#if defined(HAVE_LIBUSB) || defined(TEST) -+#include - - /* Depending on how this source is used we either define our error - output to go to stderr or to the jnlib based logging functions. We -@@ -250,11 +255,7 @@ struct ccid_driver_s - - - static int initialized_usb; /* Tracks whether USB has been initialized. */ --static int debug_level; /* Flag to control the debug output. -- 0 = No debugging -- 1 = USB I/O info -- 2 = T=1 protocol tracing -- */ -+ - - - static unsigned int compute_edc (const unsigned char *data, size_t datalen, diff --git a/gnupg-2.0.10-tmpdir.diff b/gnupg-2.0.10-tmpdir.diff index e475481..8dfbbfd 100644 --- a/gnupg-2.0.10-tmpdir.diff +++ b/gnupg-2.0.10-tmpdir.diff @@ -1,7 +1,9 @@ # create gpg-agent socket in TMPDIR ---- ./agent/gpg-agent.c.orig 2008-12-18 10:48:44.000000000 +0100 -+++ ./agent/gpg-agent.c 2009-01-12 13:26:21.000000000 +0100 -@@ -910,6 +910,10 @@ main (int argc, char **argv ) +Index: gnupg-2.0.12/agent/gpg-agent.c +=================================================================== +--- gnupg-2.0.12.orig/agent/gpg-agent.c 2009-06-03 18:07:56.000000000 +0200 ++++ gnupg-2.0.12/agent/gpg-agent.c 2009-06-18 11:40:02.000000000 +0200 +@@ -937,6 +937,10 @@ main (int argc, char **argv ) gnupg_fd_t fd_ssh; pid_t pid; @@ -12,7 +14,7 @@ /* Remove the DISPLAY variable so that a pinentry does not default to a specific display. There is still a default display when gpg-agent was started using --display or a -@@ -921,13 +925,23 @@ main (int argc, char **argv ) +@@ -948,13 +952,23 @@ main (int argc, char **argv ) unsetenv ("DISPLAY"); #endif diff --git a/gnupg-2.0.11.tar.bz2 b/gnupg-2.0.11.tar.bz2 deleted file mode 100644 index 3458079..0000000 --- a/gnupg-2.0.11.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8c40148ad471f4a7e583bc5f84ebf652c395b303deaf2583b11e51f43fa8b47c -size 3852869 diff --git a/gnupg-2.0.12.tar.bz2 b/gnupg-2.0.12.tar.bz2 new file mode 100644 index 0000000..4b28b61 --- /dev/null +++ b/gnupg-2.0.12.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9633e104c519fade1c9fce5843d1f70439b156bcc446aa270ea8192d461d9cce +size 3924196 diff --git a/gnupg-2.0.4-default-tty.diff b/gnupg-2.0.4-default-tty.diff index 806ed2c..904eb08 100644 --- a/gnupg-2.0.4-default-tty.diff +++ b/gnupg-2.0.4-default-tty.diff @@ -1,7 +1,9 @@ # sets default tty to /dev/tty ---- common/asshelp.c -+++ common/asshelp.c -@@ -95,6 +95,8 @@ +Index: common/asshelp.c +=================================================================== +--- common/asshelp.c.orig 2008-10-20 14:54:58.000000000 +0200 ++++ common/asshelp.c 2009-06-18 11:41:47.000000000 +0200 +@@ -97,6 +97,8 @@ send_pinentry_environment (assuan_contex dft_ttyname = getenv ("GPG_TTY"); if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) dft_ttyname = ttyname (0); @@ -10,9 +12,11 @@ } if (opt_ttyname || dft_ttyname) { ---- common/simple-pwquery.c -+++ common/simple-pwquery.c -@@ -222,6 +222,8 @@ +Index: common/simple-pwquery.c +=================================================================== +--- common/simple-pwquery.c.orig 2009-05-20 09:39:10.000000000 +0200 ++++ common/simple-pwquery.c 2009-06-18 11:41:47.000000000 +0200 +@@ -225,6 +225,8 @@ agent_send_all_options (int fd) #ifndef HAVE_W32_SYSTEM if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) dft_ttyname = ttyname (0); diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index 40cb322..ff6e009 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,6 +1,8 @@ ---- tools/Makefile.am.orig -+++ tools/Makefile.am -@@ -25,8 +25,8 @@ EXTRA_DIST = \ +Index: tools/Makefile.am +=================================================================== +--- tools/Makefile.am.orig 2009-04-17 19:39:47.000000000 +0200 ++++ tools/Makefile.am 2009-06-18 11:41:20.000000000 +0200 +@@ -32,8 +32,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde bin_SCRIPTS = gpgsm-gencert.sh if HAVE_USTAR @@ -11,7 +13,7 @@ endif if BUILD_SYMCRYPTRUN -@@ -43,14 +43,14 @@ endif +@@ -44,14 +44,14 @@ endif bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} if !HAVE_W32_SYSTEM diff --git a/gnupg-2.0.9-RSA_ES.patch b/gnupg-2.0.9-RSA_ES.patch index febef55..d78b9b5 100644 --- a/gnupg-2.0.9-RSA_ES.patch +++ b/gnupg-2.0.9-RSA_ES.patch @@ -1,7 +1,9 @@ # adds back support for deprecated RSA_E, RSA_S algorithms ---- gnupg-2.0.9.orig/g10/misc.c -+++ gnupg-2.0.9/g10/misc.c -@@ -1285,6 +1285,8 @@ pubkey_get_npkey( int algo ) +Index: gnupg-2.0.12/g10/misc.c +=================================================================== +--- gnupg-2.0.12.orig/g10/misc.c 2009-06-05 15:58:27.000000000 +0200 ++++ gnupg-2.0.12/g10/misc.c 2009-06-18 11:42:19.000000000 +0200 +@@ -1308,6 +1308,8 @@ pubkey_get_npkey( int algo ) if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -10,7 +12,7 @@ if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &n)) n = 0; return n; -@@ -1298,6 +1300,8 @@ pubkey_get_nskey( int algo ) +@@ -1321,6 +1323,8 @@ pubkey_get_nskey( int algo ) if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -19,7 +21,7 @@ if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &n )) n = 0; return n; -@@ -1311,6 +1315,8 @@ pubkey_get_nsig( int algo ) +@@ -1334,6 +1338,8 @@ pubkey_get_nsig( int algo ) if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -28,7 +30,7 @@ if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, &n)) n = 0; return n; -@@ -1324,6 +1330,8 @@ pubkey_get_nenc( int algo ) +@@ -1347,6 +1353,8 @@ pubkey_get_nenc( int algo ) if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; diff --git a/gnupg-2.0.9-langinfo.patch b/gnupg-2.0.9-langinfo.patch index 87a515f..4b0cab0 100644 --- a/gnupg-2.0.9-langinfo.patch +++ b/gnupg-2.0.9-langinfo.patch @@ -1,7 +1,9 @@ # fix [bnc#305725] - non latin characters displayed incorrectly by pinentry ---- jnlib/utf8conv.c -+++ jnlib/utf8conv.c -@@ -205,6 +205,7 @@ +Index: jnlib/utf8conv.c +=================================================================== +--- jnlib/utf8conv.c.orig 2008-11-04 15:39:06.000000000 +0100 ++++ jnlib/utf8conv.c 2009-06-18 11:42:36.000000000 +0200 +@@ -203,6 +203,7 @@ set_native_charset (const char *newset) #else /*!HAVE_W32_SYSTEM*/ #ifdef HAVE_LANGINFO_CODESET diff --git a/gpg2-fix-rtsignals.patch b/gpg2-fix-rtsignals.patch deleted file mode 100644 index ecf773c..0000000 --- a/gpg2-fix-rtsignals.patch +++ /dev/null @@ -1,44 +0,0 @@ -# bnc#481463 -# -# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499569 -# agent/gpg-agent.c: Deinit the threading library before exec'ing -# the command to run in --daemon mode. And because that still doesn't -# restore the sigprocmask, do that manually. Closes: #499569 -# -Index: gnupg-2.0.11/agent/gpg-agent.c -=================================================================== ---- gnupg-2.0.11.orig/agent/gpg-agent.c 2009-03-18 13:35:59.000000000 +0100 -+++ gnupg-2.0.11/agent/gpg-agent.c 2009-03-18 13:43:46.000000000 +0100 -@@ -528,6 +528,8 @@ - int gpgconf_list = 0; - gpg_error_t err; - const char *env_file_name = NULL; -+ sigset_t initial_sigs; -+ - - - set_strusage (my_strusage); -@@ -537,6 +539,8 @@ - somewhere after the option parsing */ - log_set_prefix ("gpg-agent", JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID); - -+ sigprocmask(SIG_SETMASK, NULL, &initial_sigs); -+ - /* Make sure that our subsystems are ready. */ - i18n_init (); - init_common_subsystems (); -@@ -1053,6 +1057,14 @@ - kill (pid, SIGTERM ); - exit (1); - } -+ if (! pth_kill()) -+ { -+ log_error ("failed to clean up threading"); -+ kill (pid, SIGTERM ); -+ exit (1); -+ } -+ sigprocmask(SIG_SETMASK, &initial_sigs, NULL); -+ - execvp (argv[0], argv); - log_error ("failed to run the command: %s\n", strerror (errno)); - kill (pid, SIGTERM); diff --git a/gpg2.changes b/gpg2.changes index 56d1da0..6575007 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Thu Jun 18 13:22:00 CEST 2009 - puzel@novell.com + +- update to gnupg-2.0.12 + * GPGSM now always lists ephemeral certificates if specified by + fingerprint or keygrip. + * New command "KEYINFO" for GPG_AGENT. GPGSM now also returns + information about smartcards. + * Made sure not to leak file descriptors if running gpg-agent with a + command. Restore the signal mask to solve a problem in Mono. + * Changed order of the confirmation questions for root certificates + and store negative answers in trustlist.txt. + * Better synchronization of concurrent smartcard sessions. + * Support 2048 bit OpenPGP cards. + * Support Telesec Netkey 3 cards. + * The gpg-protect-tool now uses gpg-agent via libassuan. + * Changed code to avoid a possible Mac OS X system freeze. +- drop gpg2-fix-rtsignals.patch (fixed upstream) +- drop gnupg-1.9.22-ccid-driver-fix.diff (unused) + ------------------------------------------------------------------- Thu Jun 11 11:19:58 CEST 2009 - puzel@suse.cz diff --git a/gpg2.spec b/gpg2.spec index cc66be3..a759311 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.11) +# spec file for package gpg2 (Version 2.0.12) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,8 +19,8 @@ Name: gpg2 -Version: 2.0.11 -Release: 4 +Version: 2.0.12 +Release: 1 BuildRequires: expect fdupes libpth-devel BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 @@ -44,12 +44,10 @@ Obsoletes: newpg gpg <= 1.4.9 Summary: GnuPG 2 Source: gnupg-%{version}.tar.bz2 Patch5: gnupg-2.0.10-tmpdir.diff -Patch6: gnupg-1.9.22-ccid-driver-fix.diff Patch7: gnupg-2.0.4-install_tools.diff Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch -Patch12: gpg2-fix-rtsignals.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -67,13 +65,10 @@ Authors: %prep %setup -q -n gnupg-%version %patch5 -p1 -# Patch disabled - it does not apply to 2.0.11 and it is unclear, what it is actually good for -#% patch6 %patch7 %patch9 %patch10 -p1 %patch11 -%patch12 -p1 %build # Required for patch7: @@ -155,6 +150,23 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog +* Thu Jun 18 2009 puzel@novell.com +- update to gnupg-2.0.12 + * GPGSM now always lists ephemeral certificates if specified by + fingerprint or keygrip. + * New command "KEYINFO" for GPG_AGENT. GPGSM now also returns + information about smartcards. + * Made sure not to leak file descriptors if running gpg-agent with a + command. Restore the signal mask to solve a problem in Mono. + * Changed order of the confirmation questions for root certificates + and store negative answers in trustlist.txt. + * Better synchronization of concurrent smartcard sessions. + * Support 2048 bit OpenPGP cards. + * Support Telesec Netkey 3 cards. + * The gpg-protect-tool now uses gpg-agent via libassuan. + * Changed code to avoid a possible Mac OS X system freeze. +- drop gpg2-fix-rtsignals.patch (fixed upstream) +- drop gnupg-1.9.22-ccid-driver-fix.diff (unused) * Thu Jun 11 2009 puzel@suse.cz - change BuildRequires: (pth-devel -> libpth-devel) * Mon Jun 01 2009 puzel@suse.cz From 3c74205134ca4efc4fe984d4d4d00baa843ae4783f86e5257df49e7684afe55f Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Mon, 16 Nov 2009 17:35:33 +0000 Subject: [PATCH 031/156] Accepting request 24526 from Base:System Copy from Base:System/gpg2 based on submit request 24526 from user puzel OBS-URL: https://build.opensuse.org/request/show/24526 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=32 --- gnupg-2.0.10-tmpdir.diff | 15 +-- gnupg-2.0.12.tar.bz2 | 3 - gnupg-2.0.13.tar.bz2 | 3 + gnupg-2.0.4-default-tty.diff | 27 ---- gnupg-2.0.4-install_tools.diff | 2 +- gnupg-2.0.9-RSA_ES.patch | 6 +- gpg2.changes | 20 +++ gpg2.spec | 238 +-------------------------------- 8 files changed, 37 insertions(+), 277 deletions(-) delete mode 100644 gnupg-2.0.12.tar.bz2 create mode 100644 gnupg-2.0.13.tar.bz2 delete mode 100644 gnupg-2.0.4-default-tty.diff diff --git a/gnupg-2.0.10-tmpdir.diff b/gnupg-2.0.10-tmpdir.diff index 8dfbbfd..61968cf 100644 --- a/gnupg-2.0.10-tmpdir.diff +++ b/gnupg-2.0.10-tmpdir.diff @@ -1,9 +1,9 @@ # create gpg-agent socket in TMPDIR -Index: gnupg-2.0.12/agent/gpg-agent.c +Index: gnupg-2.0.13/agent/gpg-agent.c =================================================================== ---- gnupg-2.0.12.orig/agent/gpg-agent.c 2009-06-03 18:07:56.000000000 +0200 -+++ gnupg-2.0.12/agent/gpg-agent.c 2009-06-18 11:40:02.000000000 +0200 -@@ -937,6 +937,10 @@ main (int argc, char **argv ) +--- gnupg-2.0.13.orig/agent/gpg-agent.c 2009-07-20 12:12:06.000000000 +0200 ++++ gnupg-2.0.13/agent/gpg-agent.c 2009-11-13 13:00:55.000000000 +0100 +@@ -960,6 +960,10 @@ main (int argc, char **argv ) gnupg_fd_t fd_ssh; pid_t pid; @@ -14,7 +14,7 @@ Index: gnupg-2.0.12/agent/gpg-agent.c /* Remove the DISPLAY variable so that a pinentry does not default to a specific display. There is still a default display when gpg-agent was started using --display or a -@@ -948,13 +952,23 @@ main (int argc, char **argv ) +@@ -971,13 +975,23 @@ main (int argc, char **argv ) unsetenv ("DISPLAY"); #endif @@ -30,12 +30,11 @@ Index: gnupg-2.0.12/agent/gpg-agent.c socket_name = create_socket_name - ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); - if (opt.ssh_support) -- socket_name_ssh = create_socket_name -- ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); + ("S.gpg-agent", tmp); + if (opt.ssh_support) { + snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); -+ socket_name_ssh = create_socket_name + socket_name_ssh = create_socket_name +- ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); + ("S.gpg-agent.ssh", tmp); + } + free(tmp); diff --git a/gnupg-2.0.12.tar.bz2 b/gnupg-2.0.12.tar.bz2 deleted file mode 100644 index 4b28b61..0000000 --- a/gnupg-2.0.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9633e104c519fade1c9fce5843d1f70439b156bcc446aa270ea8192d461d9cce -size 3924196 diff --git a/gnupg-2.0.13.tar.bz2 b/gnupg-2.0.13.tar.bz2 new file mode 100644 index 0000000..0e832ce --- /dev/null +++ b/gnupg-2.0.13.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d9b3d71f8f2930483d7b7b56276ebe954175b72b34128c6669d0fc00d289aa2e +size 3946616 diff --git a/gnupg-2.0.4-default-tty.diff b/gnupg-2.0.4-default-tty.diff deleted file mode 100644 index 904eb08..0000000 --- a/gnupg-2.0.4-default-tty.diff +++ /dev/null @@ -1,27 +0,0 @@ -# sets default tty to /dev/tty -Index: common/asshelp.c -=================================================================== ---- common/asshelp.c.orig 2008-10-20 14:54:58.000000000 +0200 -+++ common/asshelp.c 2009-06-18 11:41:47.000000000 +0200 -@@ -97,6 +97,8 @@ send_pinentry_environment (assuan_contex - dft_ttyname = getenv ("GPG_TTY"); - if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) - dft_ttyname = ttyname (0); -+ if (!dft_ttyname) -+ dft_ttyname = "/dev/tty"; - } - if (opt_ttyname || dft_ttyname) - { -Index: common/simple-pwquery.c -=================================================================== ---- common/simple-pwquery.c.orig 2009-05-20 09:39:10.000000000 +0200 -+++ common/simple-pwquery.c 2009-06-18 11:41:47.000000000 +0200 -@@ -225,6 +225,8 @@ agent_send_all_options (int fd) - #ifndef HAVE_W32_SYSTEM - if ((!dft_ttyname || !*dft_ttyname) && ttyname (0)) - dft_ttyname = ttyname (0); -+ if (!dft_ttyname) -+ dft_ttyname = "/dev/tty"; - #endif - if (dft_ttyname && *dft_ttyname) - { diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index ff6e009..fa8be34 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,7 +1,7 @@ Index: tools/Makefile.am =================================================================== --- tools/Makefile.am.orig 2009-04-17 19:39:47.000000000 +0200 -+++ tools/Makefile.am 2009-06-18 11:41:20.000000000 +0200 ++++ tools/Makefile.am 2009-11-13 13:01:24.000000000 +0100 @@ -32,8 +32,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde bin_SCRIPTS = gpgsm-gencert.sh diff --git a/gnupg-2.0.9-RSA_ES.patch b/gnupg-2.0.9-RSA_ES.patch index d78b9b5..ae44182 100644 --- a/gnupg-2.0.9-RSA_ES.patch +++ b/gnupg-2.0.9-RSA_ES.patch @@ -1,8 +1,8 @@ # adds back support for deprecated RSA_E, RSA_S algorithms -Index: gnupg-2.0.12/g10/misc.c +Index: gnupg-2.0.13/g10/misc.c =================================================================== ---- gnupg-2.0.12.orig/g10/misc.c 2009-06-05 15:58:27.000000000 +0200 -+++ gnupg-2.0.12/g10/misc.c 2009-06-18 11:42:19.000000000 +0200 +--- gnupg-2.0.13.orig/g10/misc.c 2009-07-16 08:22:45.000000000 +0200 ++++ gnupg-2.0.13/g10/misc.c 2009-11-13 13:19:39.000000000 +0100 @@ -1308,6 +1308,8 @@ pubkey_get_npkey( int algo ) if (algo == GCRY_PK_ELG_E) diff --git a/gpg2.changes b/gpg2.changes index 6575007..97fc42d 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Fri Nov 13 14:37:58 UTC 2009 - puzel@novell.com + +- update to gnupg-2.0.13 + * GPG now generates 2048 bit RSA keys by default. The default hash + algorithm preferences has changed to prefer SHA-256 over SHA-1. + 2048 bit DSA keys are now generated to use a 256 bit hash algorithm + * The envvars XMODIFIERS, GTK_IM_MODULE and QT_IM_MODULE are now + passed to the Pinentry to make SCIM work. + * The GPGSM command --gen-key features a --batch mode and implements + all features of gpgsm-gencert.sh in standard mode. + * New option --re-import for GPGSM's IMPORT server command. + * Enhanced writing of existing keys to OpenPGP v2 cards. + * Add hack to the internal CCID driver to allow the use of some + Omnikey based card readers with 2048 bit keys. + * GPG now repeatly asks the user to insert the requested OpenPGP + card. This can be disabled with --limit-card-insert-tries=1. + * Minor bug fixes. +- drop gnupg-2.0.4-default-tty.diff + ------------------------------------------------------------------- Thu Jun 18 13:22:00 CEST 2009 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index a759311..05dbb44 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.12) +# spec file for package gpg2 (Version 2.0.13) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,7 @@ Name: gpg2 -Version: 2.0.12 +Version: 2.0.13 Release: 1 BuildRequires: expect fdupes libpth-devel BuildRequires: libgpg-error-devel >= 1.4 @@ -40,12 +40,11 @@ PreReq: %install_info_prereq AutoReqProv: on Requires: pinentry dirmngr %name-lang = %{version} Provides: newpg gpg = 1.4.9 gnupg = %{version} -Obsoletes: newpg gpg <= 1.4.9 +Obsoletes: gpg < 1.4.9 Summary: GnuPG 2 Source: gnupg-%{version}.tar.bz2 Patch5: gnupg-2.0.10-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff -Patch9: gnupg-2.0.4-default-tty.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -66,7 +65,6 @@ Authors: %setup -q -n gnupg-%version %patch5 -p1 %patch7 -%patch9 %patch10 -p1 %patch11 @@ -150,233 +148,3 @@ $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p secsplit- --secret-to-public --uncompress %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf %changelog -* Thu Jun 18 2009 puzel@novell.com -- update to gnupg-2.0.12 - * GPGSM now always lists ephemeral certificates if specified by - fingerprint or keygrip. - * New command "KEYINFO" for GPG_AGENT. GPGSM now also returns - information about smartcards. - * Made sure not to leak file descriptors if running gpg-agent with a - command. Restore the signal mask to solve a problem in Mono. - * Changed order of the confirmation questions for root certificates - and store negative answers in trustlist.txt. - * Better synchronization of concurrent smartcard sessions. - * Support 2048 bit OpenPGP cards. - * Support Telesec Netkey 3 cards. - * The gpg-protect-tool now uses gpg-agent via libassuan. - * Changed code to avoid a possible Mac OS X system freeze. -- drop gpg2-fix-rtsignals.patch (fixed upstream) -- drop gnupg-1.9.22-ccid-driver-fix.diff (unused) -* Thu Jun 11 2009 puzel@suse.cz -- change BuildRequires: (pth-devel -> libpth-devel) -* Mon Jun 01 2009 puzel@suse.cz -- BuildRequires: pth-devel -* Wed Mar 18 2009 puzel@suse.cz -- add gpg2-fix-rtsignals.patch (bnc#481463) -* Thu Mar 05 2009 puzel@suse.cz -- update to 2.0.11 - * Fixed a problem in SCDAEMON which caused unexpected card resets. - * SCDAEMON is now aware of the Geldkarte. - * The SCDAEMON option --allow-admin is now used by default. - * GPGCONF now restarts SCdaemon if necessary. - * The default cipher algorithm in GPGSM is now again 3DES. This is - due to interoperability problems with Outlook 2003 which still - can't cope with AES. -- dropped gnupg-2.0.10-fix-convert.patch (upstream) -- dropped gnupg-2.0.10-fix-missing-option.patch (upstream) -- disabled gnupg-1.9.22-ccid-driver-fix.diff (does not apply and it is - not clear what it is good for) -* Mon Mar 02 2009 puzel@suse.cz -- gnupg-2.0.10-fix-missing-option.patch (bnc#477362) -* Mon Jan 19 2009 puzel@suse.cz -- add gnupg-2.0.10-fix-convert.patch - - fix broken 'make check' on ppc, s390 and s390x -* Tue Jan 13 2009 puzel@suse.cz -- update to 2.0.10 - * New keyserver helper gpg2keys_kdns as generic DNS CERT - lookup. - * New mechanisms "local" and "nodefault" for --auto-key-locate. - Fixed a few problems with this option. - * New command --locate-keys. - * New options --with-sig-list and --with-sig-check. - * The option "-sat" is no longer an alias for --clearsign. - * The option --fixed-list-mode is now implicitly used and obsolete. - * New control statement %%ask-passphrase for the unattended key - generation. - * The algorithm to compute the SIG_ID status has been changed. - * [gpgsm] Now uses AES by default. - * [gpgsm] Made --output option work with --export-secret-key-p12. - * [gpg-agent] Terminate process if the own listening socket is not - anymore served by ourself. - * [gpg-connect-agent] Accept commands given as command line arguments. - * The gpg-preset-passphrase mechanism works again. An arbitrary - string may now be used for a custom cache ID. - * Admin PINs are cached again (bug in 2.0.9). - * Support for version 2 OpenPGP cards. -- specfile changes: - * require libadns - * explicit versions for some BuildRequires - * BuildRequires libgpg-error - * changed license to GPL v3 - * /etc/gnupg/gnupg.conf is now (noreplace) - * documentation is installed with install -* Wed Jun 11 2008 puzel@suse.cz -- fix [bnc#305725] - UTF-8 problems - * non latin characters displayed incorrectly by pinentry-* -* Wed May 21 2008 puzel@suse.cz -- added missing gpgconf.conf (bnc#391347) -* Fri Mar 28 2008 pcerny@suse.cz -- update to 2.0.9 - * fixes CVE-2008-1530 (bnc#374254) - * removing gnupg-2.0.8-from-upstream.diff (included in release) - * removing gnupg-2.0.4-oldkey.diff (accepted by upstream) - * removing gnupg-2.0.8-warningfixes.diff - (also appears in upstream) -- patch gnupg-2.0.9-RSA_ES.patch - * adding back support for deprecated RSA_E, RSA_S algorithms - (bnc#342979) -* Wed Mar 26 2008 coolo@suse.de -- require the split out lang package -* Sun Mar 23 2008 coolo@suse.de -- splitting out a third of the package by using a lang subpack -* Tue Feb 12 2008 bk@suse.de -- install gpg-zip and gpgsplit again and use -pie for randomisation -* Wed Feb 06 2008 bk@suse.de -- add selected upstream fixes and fix gcc and rpmlint warnings -* Tue Jan 08 2008 sassmann@suse.de -- update to GnuPG-2.0.8 -- adapted patches to apply properly - * gnupg-1.9.18-tmpdir.diff - * gnupg-2.0.4-install_tools.diff -- gnupg-2.0.5.fixes-from-svn-20070812.diff commented out, - included in upstream 2.0.8 -- use optflags during build -* Wed Sep 12 2007 ltinkl@suse.cz -- fix #304749 - gpg2 unable to use old secret key -* Mon Sep 10 2007 ltinkl@suse.cz -- fix gpg2 crash on accessing key (#307666) -- fix gpg doesn't work on the console (#302323) -* Fri Aug 10 2007 bk@suse.de -- update to GnuPG-2.0.5 - requries libassuan-1.0.2! - * Switched license to GPLv3. - * Fixed bug when using the --p12-charset without --armor. - * The command --gen-key may now be used instead of the - gpgsm-gencert.sh script. - * Changed key generation to reveal less information about the - machine. Bug fixes for gpg2's card key generation. -- enable make check to test against build issues in the crypto engine -- cleanup disabled nld patch for linking with -lgpg-error-nld -- use %%find_lang to label the locale files properly with %%lang -- add opensc-devel to BuildRequrires to enanble smartcard support -- del Makefile.in patches where we patch Makefile.am and run automake -- cleanup the standrd GNU INSTALL and the empty VERSION from %%doc -* Thu Jul 26 2007 sbrabec@suse.cz -- Build with libassuan-devel. -* Thu Jun 21 2007 ro@suse.de -- install compat symlinks for gpg2 and gpgv2 -- install gpg-zip and gpgsplit -- added openldap2 to buildrequires (for gpgkeys_ldap) -- added fPIE/pie to CFLAGS/LDFLAGS for gpgsplit -* Wed May 23 2007 dmueller@suse.de -- add libusb-devel build requires -* Wed May 16 2007 ltinkl@suse.cz -- remove gpg from Require's (#273491) -* Fri May 11 2007 ltinkl@suse.cz -- updated to 2.0.4 stable snapshot -* Wed Apr 04 2007 ltinkl@suse.cz -- update to 2.0.3 -- fixed #251605 - VUL-0: signing issues within GNUPG -- removed outdated patches -* Fri Mar 30 2007 ro@suse.de -- added zlib-devel to buildreq -* Wed Feb 14 2007 ltinkl@suse.cz -- fix file conflicts with gpg (#242133) -* Tue Jan 30 2007 ro@suse.de -- fix build (exclude possible debuginfo directory) -* Mon Jan 29 2007 ltinkl@suse.cz -- fix #221212 - gpg2 is not updated and do not contain documentation -- fix #233525 - gpg1/2: bug in vasprintf() implementation -* Thu Nov 30 2006 anicka@suse.cz -- fix overflow in openfile.c (CVE-2006-6169, #224108) -* Mon Sep 11 2006 pnemec@suse.cz -- updated gnupg to new version 1.9.22 - Enhanced pkcs#12 support - Support for the CardMan 4040 PCMCIA - Collected bug fixes -- updated pth library to 2.0.7 -- changed using pinetry-qt to pinentry -- removed -cfb.diff -signature.patch -cap_large_uid.patch patches - they are no longer needed -- change patch -warnings-fix.diff -ccid-driver-fix.diff -* Thu Aug 17 2006 pnemec@suse.de -- remove unused package in build requires -* Wed Aug 09 2006 pnemec@suse.cz -- fix spec file to build with new gettext 0.15 -* Mon Aug 07 2006 pnemec@suse.cz -- fixed security fix with large uid CVE-2006-3746 [#195569] -* Thu Feb 23 2006 pnemec@suse.cz -- fixed signature security problem CVE-2006-0455 (bugzilla#150742) -* Thu Feb 02 2006 pnemec@suse.cz -- fixed install info in spec file -* Thu Jan 26 2006 sbrabec@suse.cz -- Added missing %%install_info. -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Fri Aug 05 2005 postadal@suse.cz -- updated to version to 1.9.18 -- removed obsoleted gcc patch -- added patch tmpdir.diff for using $TMPDIR by gpg-agent [#bug95732] -* Tue Jul 12 2005 postadal@suse.cz -- updated to version to 1.9.17 -- updated pth to version 2.0.4 -- removed obsoleted patch agent-cache-fix.diff -- fixed ccid-driver.c -- fixed gcc4 -- explicitly enabled gpg building in configure -* Thu Mar 24 2005 postadal@suse.cz -- fixed caching passphrase in gpg-agent [#71975] -* Tue Mar 22 2005 postadal@suse.cz -- fixed on 64bit archs [#72440] -* Wed Feb 23 2005 postadal@suse.cz -- security fix for cfb-cipher issue [#65862] -* Wed Jan 12 2005 postadal@suse.cz -- update to version 1.9.14 -- removed obsoleted patch automake-fixes.diff -* Tue Sep 28 2004 adrian@suse.de -- link against libpth staticaly to make S/MIME support in kmail - usable. Hopefully we can convert this to a native thread implementation - later. (#46260) -* Sat Jul 31 2004 adrian@suse.de -- update to version 1.9.10 -* Tue Jul 20 2004 adrian@suse.de -- remove openct and opensc packages from nfb - (we will need thread support, when enabling card reader support, - but it isn't anyway implemented yet in gpg2) -* Mon Jul 12 2004 adrian@suse.de -- use GnuPG 2 sources version 1.9.9 -- opensc support misses some functions atm, support disabled for now -- threading is disabled, since we do not have a pth package for now -- prepare for nld -* Thu Feb 26 2004 postadal@suse.cz -- adapted some functions to the libgcrypt version 1.1.91 [#34987] -- added libgpg-error to needforbuild flag -* Wed Feb 18 2004 kukuk@suse.de -- Don't build against libpth. -* Tue Feb 10 2004 postadal@suse.cz -- fixed code that broke strict aliasing -* Fri Dec 05 2003 garloff@suse.de -- disable core dumpe in child after forking. [#33499] -* Mon Aug 11 2003 adrian@suse.de -- cleanup #neededforbuild and requires -* Mon Aug 04 2003 ro@suse.de -- added openct to neededforbuild -* Fri Jul 18 2003 mc@suse.de -- build against opensc -* Thu Jun 19 2003 schwab@suse.de -- Add %%install_info. -* Mon Mar 17 2003 adrian@suse.de -- add signal handler to check if the parent is still alive and - exit if not -- use pinentry-qt by default (/usr/bin/pinentry do not exist) -* Tue Feb 11 2003 mc@suse.de -- initial release From a6f8e0a364383286bbfa81f4c125ece74d883cd0f67825102dc7ecddd3727727 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 16 Dec 2009 15:50:59 +0000 Subject: [PATCH 032/156] Accepting request 26776 from Base:System Copy from Base:System/gpg2 based on submit request 26776 from user puzel OBS-URL: https://build.opensuse.org/request/show/26776 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=33 --- gpg2.changes | 11 +++++++++++ gpg2.spec | 11 ++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 97fc42d..ec13ad0 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Dec 15 20:56:35 CET 2009 - jengelh@medozas.de + +- enable parallel building +- SPARC needs large PIE model + +------------------------------------------------------------------- +Sun Dec 6 08:52:32 UTC 2009 - coolo@novell.com + +- change -lang require to recommended + ------------------------------------------------------------------- Fri Nov 13 14:37:58 UTC 2009 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index 05dbb44..d849535 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.13 -Release: 1 +Release: 2 BuildRequires: expect fdupes libpth-devel BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 @@ -34,11 +34,12 @@ BuildRequires: libadns-devel BuildRequires: openldap2-devel BuildRequires: openldap2 Url: http://www.gnupg.org/aegypten2/ -License: GPL v2 or later +License: GPLv2+ Group: Productivity/Networking/Security PreReq: %install_info_prereq AutoReqProv: on -Requires: pinentry dirmngr %name-lang = %{version} +Requires: pinentry dirmngr +Recommends: %name-lang = %{version} Provides: newpg gpg = 1.4.9 gnupg = %{version} Obsoletes: gpg < 1.4.9 Summary: GnuPG 2 @@ -72,7 +73,7 @@ Authors: # Required for patch7: autoreconf -fi # build PIEs (position independent executables) for address space randomisation: -%ifarch s390x +%ifarch s390x %sparc # s390x needs to use the large PIE model (at least for gpg.c): CFLAGS="%{optflags} -fPIE" LDFLAGS=-pie \ %else @@ -97,7 +98,7 @@ CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ --enable-gpg \ --enable-static-rnd=linux \ --with-gnu-ld -make +make %{?jobs:-j%jobs}; %install %makeinstall From 1dc154eff1b46d1363e72b5d09237e8ba61cd8a2f64ece20c33150a9810b7688 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 29 Jan 2010 14:57:14 +0000 Subject: [PATCH 033/156] Accepting request 30695 from Base:System Copy from Base:System/gpg2 based on submit request 30695 from user puzel OBS-URL: https://build.opensuse.org/request/show/30695 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=34 --- gpg2.changes | 5 +++++ gpg2.spec | 12 +++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index ec13ad0..ea6d99e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jan 28 14:15:24 UTC 2010 - puzel@novell.com + +- fix build for older distributions + ------------------------------------------------------------------- Tue Dec 15 20:56:35 CET 2009 - jengelh@medozas.de diff --git a/gpg2.spec b/gpg2.spec index d849535..bd23eac 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 (Version 2.0.13) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,8 +20,9 @@ Name: gpg2 Version: 2.0.13 -Release: 2 -BuildRequires: expect fdupes libpth-devel +Release: 3 +BuildRequires: expect +BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 BuildRequires: libksba-devel >= 1.0.2 @@ -33,6 +34,11 @@ BuildRequires: zlib-devel BuildRequires: libadns-devel BuildRequires: openldap2-devel BuildRequires: openldap2 +%if 0%{?suse_version} >= 1120 +BuildRequires: libpth-devel +%else +BuildRequires: pth +%endif Url: http://www.gnupg.org/aegypten2/ License: GPLv2+ Group: Productivity/Networking/Security From dba12d1b8e7e0de13db03f7e8918e077266ec4fe17ab035625c2c93c5da3e98f Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 18 Feb 2010 16:01:36 +0000 Subject: [PATCH 034/156] Accepting request 32876 from Base:System Copy from Base:System/gpg2 based on submit request 32876 from user puzel OBS-URL: https://build.opensuse.org/request/show/32876 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=35 --- gnupg-2.0.13.tar.bz2 | 3 -- gnupg-2.0.14-s2kcount.patch | 65 +++++++++++++++++++++++++++++++++++++ gnupg-2.0.14.tar.bz2 | 3 ++ gpg2.changes | 18 ++++++++++ gpg2.spec | 16 ++++----- 5 files changed, 92 insertions(+), 13 deletions(-) delete mode 100644 gnupg-2.0.13.tar.bz2 create mode 100644 gnupg-2.0.14-s2kcount.patch create mode 100644 gnupg-2.0.14.tar.bz2 diff --git a/gnupg-2.0.13.tar.bz2 b/gnupg-2.0.13.tar.bz2 deleted file mode 100644 index 0e832ce..0000000 --- a/gnupg-2.0.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9b3d71f8f2930483d7b7b56276ebe954175b72b34128c6669d0fc00d289aa2e -size 3946616 diff --git a/gnupg-2.0.14-s2kcount.patch b/gnupg-2.0.14-s2kcount.patch new file mode 100644 index 0000000..cd937c5 --- /dev/null +++ b/gnupg-2.0.14-s2kcount.patch @@ -0,0 +1,65 @@ +We have to use fixed s2k-count number otherwise the gpg2 would +want to consult gpg-agent which is not yet installed in the mock +chroot. +diff -up gnupg-2.0.14/tests/openpgp/conventional-mdc.test.s2k gnupg-2.0.14/tests/openpgp/conventional-mdc.test +--- gnupg-2.0.14/tests/openpgp/conventional-mdc.test.s2k 2009-09-21 18:53:46.000000000 +0200 ++++ gnupg-2.0.14/tests/openpgp/conventional-mdc.test 2010-01-11 10:42:36.000000000 +0100 +@@ -21,9 +21,9 @@ for ciph in `all_cipher_algos`; do + dd if=data-80000 of=z bs=1 count=$i 2>/dev/null + fi + echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ +- --force-mdc --cipher $ciph -c -o x --yes z ++ --force-mdc --cipher $ciph -c -o x --yes --s2k-count 65536 z + echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ +- -o y --yes x ++ -o y --yes --s2k-count 96 x + cmp z y || error "$ciph/$i: mismatch" + done + done +diff -up gnupg-2.0.14/tests/openpgp/conventional.test.s2k gnupg-2.0.14/tests/openpgp/conventional.test +--- gnupg-2.0.14/tests/openpgp/conventional.test.s2k 2009-09-21 18:53:46.000000000 +0200 ++++ gnupg-2.0.14/tests/openpgp/conventional.test 2010-01-11 10:43:00.000000000 +0100 +@@ -12,8 +12,8 @@ + + #info Checking conventional encryption + for i in plain-2 data-32000 ; do +- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes $i +- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x ++ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes --s2k-count 65536 $i ++ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes --s2k-count 65536 x + cmp $i y || error "$i: mismatch" + done + +@@ -21,8 +21,8 @@ for a in `all_cipher_algos`; do + echo_n "$a " + for i in plain-1 data-80000 ; do + echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ +- --cipher-algo $a -c -o x --yes $i +- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x ++ --cipher-algo $a -c -o x --yes --s2k-count 65536 $i ++ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes --s2k-count 65536 x + cmp $i y || error "$i: ($a) mismatch" + done + done +diff -up gnupg-2.0.14/tests/openpgp/genkey1024.test.s2k gnupg-2.0.14/tests/openpgp/genkey1024.test +--- gnupg-2.0.14/tests/openpgp/genkey1024.test.s2k 2009-09-21 18:53:46.000000000 +0200 ++++ gnupg-2.0.14/tests/openpgp/genkey1024.test 2010-01-11 10:43:14.000000000 +0100 +@@ -10,7 +10,7 @@ + + . $srcdir/defs.inc || exit 3 + +-../../g10/gpg2 --quiet --batch --debug-quick-random --homedir . --gen-key <= 1.4 @@ -54,19 +54,14 @@ Patch5: gnupg-2.0.10-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch +# PATCH-FIX-UPSTREAM gnupg-2.0.14-s2kcount.patch dimstar@opensuse.org -- use fixed s2k-count number to not use gpg-agent. +Patch12: gnupg-2.0.14-s2kcount.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description GnuPG 2 is the successor of "GnuPG" or GPG. It provides: GPGSM, gpg-agent, and a keybox library. - - -Authors: --------- - Werner Koch - Neal H. Walfield - %lang_package %prep %setup -q -n gnupg-%version @@ -74,6 +69,7 @@ Authors: %patch7 %patch10 -p1 %patch11 +%patch12 -p1 %build # Required for patch7: From fbd2168761f3a30f223748167ee2166803df09621aef1eceb31e30abeea7a2a2 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 24 Feb 2010 01:05:28 +0000 Subject: [PATCH 035/156] Accepting request 33137 from Base:System Copy from Base:System/gpg2 based on submit request 33137 from user msmeissn OBS-URL: https://build.opensuse.org/request/show/33137 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=36 --- gnupg-files-are-digests.patch | 174 ++++++++++++++++++++++++++++++++++ gpg2.changes | 5 + gpg2.spec | 6 +- 3 files changed, 183 insertions(+), 2 deletions(-) create mode 100644 gnupg-files-are-digests.patch diff --git a/gnupg-files-are-digests.patch b/gnupg-files-are-digests.patch new file mode 100644 index 0000000..5f06508 --- /dev/null +++ b/gnupg-files-are-digests.patch @@ -0,0 +1,174 @@ +--- + g10/gpg.c | 3 ++ + g10/options.h | 1 + g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- + 3 files changed, 65 insertions(+), 5 deletions(-) + +Index: gnupg-2.0.13/g10/gpg.c +=================================================================== +--- gnupg-2.0.13.orig/g10/gpg.c 2009-08-05 12:09:24.000000000 +0200 ++++ gnupg-2.0.13/g10/gpg.c 2010-01-27 17:13:20.000000000 +0100 +@@ -338,6 +338,7 @@ enum cmd_and_opt_values + oTTYtype, + oLCctype, + oLCmessages, ++ oFilesAreDigests, + oXauthority, + oGroup, + oUnGroup, +@@ -700,6 +701,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), + ARGPARSE_s_s (oPersonalCompressPreferences, + "personal-compress-preferences", "@"), ++ ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"), + + /* Aliases. I constantly mistype these, and assume other people do + as well. */ +@@ -2850,6 +2852,7 @@ main (int argc, char **argv) + + case oLCctype: opt.lc_ctype = pargs.r.ret_str; break; + case oLCmessages: opt.lc_messages = pargs.r.ret_str; break; ++ case oFilesAreDigests: opt.files_are_digests = pargs.r.ret_str; break; + + case oGroup: add_group(pargs.r.ret_str); break; + case oUnGroup: rm_group(pargs.r.ret_str); break; +Index: gnupg-2.0.13/g10/options.h +=================================================================== +--- gnupg-2.0.13.orig/g10/options.h 2009-07-07 09:40:19.000000000 +0200 ++++ gnupg-2.0.13/g10/options.h 2010-01-27 16:42:03.000000000 +0100 +@@ -194,6 +194,7 @@ struct + int no_auto_check_trustdb; + int preserve_permissions; + int no_homedir_creation; ++ int files_are_digests; + struct groupitem *grouplist; + int mangle_dos_filenames; + int enable_progress_filter; +Index: gnupg-2.0.13/g10/sign.c +=================================================================== +--- gnupg-2.0.13.orig/g10/sign.c 2009-05-11 10:14:54.000000000 +0200 ++++ gnupg-2.0.13/g10/sign.c 2010-01-27 16:59:09.000000000 +0100 +@@ -662,8 +662,12 @@ write_signature_packets (SK_LIST sk_list + mk_notation_policy_etc (sig, NULL, sk); + } + ++ if (!opt.files_are_digests) { + hash_sigversion_to_magic (md, sig); + gcry_md_final (md); ++ } else if (sig->version >= 4) { ++ log_bug("files-are-digests doesn't work with v4 sigs\n"); ++ } + + rc = do_sign( sk, sig, md, hash_for (sk) ); + gcry_md_close (md); +@@ -720,6 +724,8 @@ sign_file( strlist_t filenames, int deta + SK_LIST sk_rover = NULL; + int multifile = 0; + u32 duration=0; ++ int sigclass = 0x00; ++ u32 timestamp = 0; + + pfx = new_progress_context (); + afx = new_armor_context (); +@@ -736,7 +742,16 @@ sign_file( strlist_t filenames, int deta + fname = NULL; + + if( fname && filenames->next && (!detached || encryptflag) ) +- log_bug("multiple files can only be detached signed"); ++ log_bug("multiple files can only be detached signed\n"); ++ ++ if (opt.files_are_digests && (multifile || !fname)) ++ log_bug("files-are-digests only works with one file\n"); ++ if (opt.files_are_digests && !detached) ++ log_bug("files-are-digests can only write detached signatures\n"); ++ if (opt.files_are_digests && !opt.def_digest_algo) ++ log_bug("files-are-digests needs --digest-algo\n"); ++ if (opt.files_are_digests && opt.textmode) ++ log_bug("files-are-digests doesn't work with --textmode\n"); + + if(encryptflag==2 + && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) +@@ -764,7 +779,7 @@ sign_file( strlist_t filenames, int deta + goto leave; + + /* prepare iobufs */ +- if( multifile ) /* have list of filenames */ ++ if( multifile || opt.files_are_digests) /* have list of filenames */ + inp = NULL; /* we do it later */ + else { + inp = iobuf_open(fname); +@@ -897,7 +912,7 @@ sign_file( strlist_t filenames, int deta + gcry_md_enable (mfx.md, hash_for(sk)); + } + +- if( !multifile ) ++ if( !multifile && !opt.files_are_digests ) + iobuf_push_filter( inp, md_filter, &mfx ); + + if( detached && !encryptflag && !RFC1991 ) +@@ -952,6 +967,8 @@ sign_file( strlist_t filenames, int deta + + write_status_begin_signing (mfx.md); + ++ sigclass = opt.textmode && !outfile? 0x01 : 0x00; ++ + /* Setup the inner packet. */ + if( detached ) { + if( multifile ) { +@@ -992,6 +1009,45 @@ sign_file( strlist_t filenames, int deta + if( opt.verbose ) + putc( '\n', stderr ); + } ++ else if (opt.files_are_digests) { ++ byte *mdb, ts[5]; ++ size_t mdlen; ++ const char *fp; ++ int c, d; ++ ++ gcry_md_final(mfx.md); ++ /* this assumes gcry_md_read returns the same buffer */ ++ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); ++ (void) gcry_md_algo_info (opt.def_digest_algo, GCRYCTL_GET_ASNOID, NULL, &mdlen); ++ if (strlen(fname) != mdlen * 2 + 11) ++ log_bug("digests must be %d + @ + 5 bytes\n", mdlen); ++ d = -1; ++ for (fp = fname ; *fp; ) { ++ c = *fp++; ++ if (c >= '0' && c <= '9') ++ c -= '0'; ++ else if (c >= 'a' && c <= 'f') ++ c -= 'a' - 10; ++ else if (c >= 'A' && c <= 'F') ++ c -= 'A' - 10; ++ else ++ log_bug("filename is not hex\n"); ++ if (d >= 0) { ++ *mdb++ = d << 4 | c; ++ c = -1; ++ if (--mdlen == 0) { ++ mdb = ts; ++ if (*fp++ != '@') ++ log_bug("missing time separator\n"); ++ } ++ } ++ d = c; ++ } ++ sigclass = ts[0]; ++ if (sigclass != 0x00 && sigclass != 0x01) ++ log_bug("bad cipher class\n"); ++ timestamp = buffer_to_u32(ts + 1); ++ } + else { + /* read, so that the filter can calculate the digest */ + while( iobuf_get(inp) != -1 ) +@@ -1009,8 +1065,8 @@ sign_file( strlist_t filenames, int deta + + /* write the signatures */ + rc = write_signature_packets (sk_list, out, mfx.md, +- opt.textmode && !outfile? 0x01 : 0x00, +- 0, duration, detached ? 'D':'S'); ++ sigclass, ++ timestamp, duration, detached ? 'D':'S'); + if( rc ) + goto leave; + diff --git a/gpg2.changes b/gpg2.changes index ad883ce..6b4228e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -21,6 +21,11 @@ Thu Jan 28 14:15:24 UTC 2010 - puzel@novell.com - fix build for older distributions +------------------------------------------------------------------- +Wed Jan 27 16:30:41 UTC 2010 - puzel@novell.com + +- port files-are-digests patch from gpg1 (bnc#469229) + ------------------------------------------------------------------- Tue Dec 15 20:56:35 CET 2009 - jengelh@medozas.de diff --git a/gpg2.spec b/gpg2.spec index db9d954..baa0782 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.14 -Release: 1 +Release: 2 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.4 @@ -54,8 +54,9 @@ Patch5: gnupg-2.0.10-tmpdir.diff Patch7: gnupg-2.0.4-install_tools.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch +Patch12: gnupg-files-are-digests.patch # PATCH-FIX-UPSTREAM gnupg-2.0.14-s2kcount.patch dimstar@opensuse.org -- use fixed s2k-count number to not use gpg-agent. -Patch12: gnupg-2.0.14-s2kcount.patch +Patch13: gnupg-2.0.14-s2kcount.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -70,6 +71,7 @@ gpg-agent, and a keybox library. %patch10 -p1 %patch11 %patch12 -p1 +%patch13 -p1 %build # Required for patch7: From 67e6ef3b8a0b028bb7a5655dfbc11a9a8a7495cffb6d22e8fa7102aacf400142 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 18 Mar 2010 14:50:56 +0000 Subject: [PATCH 036/156] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=37 --- ready | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 ready diff --git a/ready b/ready deleted file mode 100644 index 473a0f4..0000000 From 9110d3b3deeaad63748730f7e42707546712a3dfa265d7ea5dfd1252824b41fe Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 26 Mar 2010 00:11:48 +0000 Subject: [PATCH 037/156] Accepting request 35485 from Base:System Copy from Base:System/gpg2 based on submit request 35485 from user puzel OBS-URL: https://build.opensuse.org/request/show/35485 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=38 --- gnupg-files-are-digests.patch | 50 ++++++++++++++++++++--------------- gpg2.changes | 5 ++++ gpg2.spec | 2 +- 3 files changed, 35 insertions(+), 22 deletions(-) diff --git a/gnupg-files-are-digests.patch b/gnupg-files-are-digests.patch index 5f06508..5a6e760 100644 --- a/gnupg-files-are-digests.patch +++ b/gnupg-files-are-digests.patch @@ -1,14 +1,14 @@ --- - g10/gpg.c | 3 ++ + g10/gpg.c | 4 +++ g10/options.h | 1 g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- - 3 files changed, 65 insertions(+), 5 deletions(-) + 3 files changed, 66 insertions(+), 5 deletions(-) -Index: gnupg-2.0.13/g10/gpg.c +Index: gnupg-2.0.14/g10/gpg.c =================================================================== ---- gnupg-2.0.13.orig/g10/gpg.c 2009-08-05 12:09:24.000000000 +0200 -+++ gnupg-2.0.13/g10/gpg.c 2010-01-27 17:13:20.000000000 +0100 -@@ -338,6 +338,7 @@ enum cmd_and_opt_values +--- gnupg-2.0.14.orig/g10/gpg.c 2009-12-21 15:00:55.000000000 +0100 ++++ gnupg-2.0.14/g10/gpg.c 2010-03-22 15:05:00.000000000 +0100 +@@ -340,6 +340,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.0.13/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -700,6 +701,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -705,6 +706,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), @@ -24,18 +24,26 @@ Index: gnupg-2.0.13/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2850,6 +2852,7 @@ main (int argc, char **argv) +@@ -1998,6 +2000,7 @@ main (int argc, char **argv) + opt.def_cert_expire="0"; + set_homedir ( default_homedir () ); + opt.passwd_repeat=1; ++ opt.files_are_digests=0; - case oLCctype: opt.lc_ctype = pargs.r.ret_str; break; - case oLCmessages: opt.lc_messages = pargs.r.ret_str; break; -+ case oFilesAreDigests: opt.files_are_digests = pargs.r.ret_str; break; - - case oGroup: add_group(pargs.r.ret_str); break; - case oUnGroup: rm_group(pargs.r.ret_str); break; -Index: gnupg-2.0.13/g10/options.h + /* Check whether we have a config file on the command line. */ + orig_argc = argc; +@@ -2481,6 +2484,7 @@ main (int argc, char **argv) + case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; + case oForceV3Sigs: opt.force_v3_sigs = 1; break; + case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; ++ case oFilesAreDigests: opt.files_are_digests = 1; break; + case oForceV4Certs: opt.force_v4_certs = 1; break; + case oNoForceV4Certs: opt.force_v4_certs = 0; break; + case oForceMDC: opt.force_mdc = 1; break; +Index: gnupg-2.0.14/g10/options.h =================================================================== ---- gnupg-2.0.13.orig/g10/options.h 2009-07-07 09:40:19.000000000 +0200 -+++ gnupg-2.0.13/g10/options.h 2010-01-27 16:42:03.000000000 +0100 +--- gnupg-2.0.14.orig/g10/options.h 2009-09-21 18:53:51.000000000 +0200 ++++ gnupg-2.0.14/g10/options.h 2010-03-22 11:34:09.000000000 +0100 @@ -194,6 +194,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; @@ -44,10 +52,10 @@ Index: gnupg-2.0.13/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.0.13/g10/sign.c +Index: gnupg-2.0.14/g10/sign.c =================================================================== ---- gnupg-2.0.13.orig/g10/sign.c 2009-05-11 10:14:54.000000000 +0200 -+++ gnupg-2.0.13/g10/sign.c 2010-01-27 16:59:09.000000000 +0100 +--- gnupg-2.0.14.orig/g10/sign.c 2009-09-21 18:53:51.000000000 +0200 ++++ gnupg-2.0.14/g10/sign.c 2010-03-22 16:07:47.000000000 +0100 @@ -662,8 +662,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, sk); } @@ -128,7 +136,7 @@ Index: gnupg-2.0.13/g10/sign.c + gcry_md_final(mfx.md); + /* this assumes gcry_md_read returns the same buffer */ + mdb = gcry_md_read(mfx.md, opt.def_digest_algo); -+ (void) gcry_md_algo_info (opt.def_digest_algo, GCRYCTL_GET_ASNOID, NULL, &mdlen); ++ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); + if (strlen(fname) != mdlen * 2 + 11) + log_bug("digests must be %d + @ + 5 bytes\n", mdlen); + d = -1; diff --git a/gpg2.changes b/gpg2.changes index 6b4228e..5fbf741 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Mar 22 15:09:24 UTC 2010 - puzel@novell.com + +- fix files-are-digests patch (bnc#469229) + ------------------------------------------------------------------- Wed Feb 17 13:29:18 CET 2010 - dimstar@opensuse.org diff --git a/gpg2.spec b/gpg2.spec index baa0782..172e945 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.14 -Release: 2 +Release: 3 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.4 From 594908bb621e89b95f9918dba46d52e5c391cf54a5aa860127a25c364851ae23 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 1 Apr 2010 13:29:05 +0000 Subject: [PATCH 038/156] Accepting request 36536 from Base:System Copy from Base:System/gpg2 based on submit request 36536 from user puzel OBS-URL: https://build.opensuse.org/request/show/36536 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=39 --- gnupg-2.0.14.tar.bz2 | 3 --- gnupg-2.0.15.tar.bz2 | 3 +++ gnupg-files-are-digests.patch | 46 +++++++++++++++++------------------ gpg2.changes | 9 +++++++ gpg2.spec | 6 ++--- 5 files changed, 38 insertions(+), 29 deletions(-) delete mode 100644 gnupg-2.0.14.tar.bz2 create mode 100644 gnupg-2.0.15.tar.bz2 diff --git a/gnupg-2.0.14.tar.bz2 b/gnupg-2.0.14.tar.bz2 deleted file mode 100644 index ada738e..0000000 --- a/gnupg-2.0.14.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:feb6050dc00e59d426485550a2af8d416cf975e5e1e0ecf1c5f1bd139baafca5 -size 3982080 diff --git a/gnupg-2.0.15.tar.bz2 b/gnupg-2.0.15.tar.bz2 new file mode 100644 index 0000000..d452433 --- /dev/null +++ b/gnupg-2.0.15.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5881882f4da120ce1c71da64468392704b391ca7652ddc512bc4f1d8968f0d1c +size 3976879 diff --git a/gnupg-files-are-digests.patch b/gnupg-files-are-digests.patch index 5a6e760..30c8686 100644 --- a/gnupg-files-are-digests.patch +++ b/gnupg-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 66 insertions(+), 5 deletions(-) -Index: gnupg-2.0.14/g10/gpg.c +Index: gnupg-2.0.15/g10/gpg.c =================================================================== ---- gnupg-2.0.14.orig/g10/gpg.c 2009-12-21 15:00:55.000000000 +0100 -+++ gnupg-2.0.14/g10/gpg.c 2010-03-22 15:05:00.000000000 +0100 -@@ -340,6 +340,7 @@ enum cmd_and_opt_values +--- gnupg-2.0.15.orig/g10/gpg.c 2010-02-17 09:55:45.000000000 +0100 ++++ gnupg-2.0.15/g10/gpg.c 2010-03-31 15:34:12.000000000 +0200 +@@ -341,6 +341,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.0.14/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -705,6 +706,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -706,6 +707,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), @@ -24,15 +24,15 @@ Index: gnupg-2.0.14/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -1998,6 +2000,7 @@ main (int argc, char **argv) +@@ -2000,6 +2002,7 @@ main (int argc, char **argv) + opt.def_sig_expire="0"; opt.def_cert_expire="0"; set_homedir ( default_homedir () ); - opt.passwd_repeat=1; + opt.files_are_digests=0; + opt.passphrase_repeat=1; /* Check whether we have a config file on the command line. */ - orig_argc = argc; -@@ -2481,6 +2484,7 @@ main (int argc, char **argv) +@@ -2488,6 +2491,7 @@ main (int argc, char **argv) case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; case oForceV3Sigs: opt.force_v3_sigs = 1; break; case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; @@ -40,10 +40,10 @@ Index: gnupg-2.0.14/g10/gpg.c case oForceV4Certs: opt.force_v4_certs = 1; break; case oNoForceV4Certs: opt.force_v4_certs = 0; break; case oForceMDC: opt.force_mdc = 1; break; -Index: gnupg-2.0.14/g10/options.h +Index: gnupg-2.0.15/g10/options.h =================================================================== ---- gnupg-2.0.14.orig/g10/options.h 2009-09-21 18:53:51.000000000 +0200 -+++ gnupg-2.0.14/g10/options.h 2010-03-22 11:34:09.000000000 +0100 +--- gnupg-2.0.15.orig/g10/options.h 2010-01-11 15:11:35.000000000 +0100 ++++ gnupg-2.0.15/g10/options.h 2010-03-31 15:33:27.000000000 +0200 @@ -194,6 +194,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; @@ -52,11 +52,11 @@ Index: gnupg-2.0.14/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.0.14/g10/sign.c +Index: gnupg-2.0.15/g10/sign.c =================================================================== ---- gnupg-2.0.14.orig/g10/sign.c 2009-09-21 18:53:51.000000000 +0200 -+++ gnupg-2.0.14/g10/sign.c 2010-03-22 16:07:47.000000000 +0100 -@@ -662,8 +662,12 @@ write_signature_packets (SK_LIST sk_list +--- gnupg-2.0.15.orig/g10/sign.c 2010-02-25 09:52:15.000000000 +0100 ++++ gnupg-2.0.15/g10/sign.c 2010-03-31 15:33:27.000000000 +0200 +@@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, sk); } @@ -69,7 +69,7 @@ Index: gnupg-2.0.14/g10/sign.c rc = do_sign( sk, sig, md, hash_for (sk) ); gcry_md_close (md); -@@ -720,6 +724,8 @@ sign_file( strlist_t filenames, int deta +@@ -723,6 +727,8 @@ sign_file( strlist_t filenames, int deta SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -78,7 +78,7 @@ Index: gnupg-2.0.14/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -736,7 +742,16 @@ sign_file( strlist_t filenames, int deta +@@ -739,7 +745,16 @@ sign_file( strlist_t filenames, int deta fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -96,7 +96,7 @@ Index: gnupg-2.0.14/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -764,7 +779,7 @@ sign_file( strlist_t filenames, int deta +@@ -767,7 +782,7 @@ sign_file( strlist_t filenames, int deta goto leave; /* prepare iobufs */ @@ -105,7 +105,7 @@ Index: gnupg-2.0.14/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -897,7 +912,7 @@ sign_file( strlist_t filenames, int deta +@@ -900,7 +915,7 @@ sign_file( strlist_t filenames, int deta gcry_md_enable (mfx.md, hash_for(sk)); } @@ -114,7 +114,7 @@ Index: gnupg-2.0.14/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag && !RFC1991 ) -@@ -952,6 +967,8 @@ sign_file( strlist_t filenames, int deta +@@ -955,6 +970,8 @@ sign_file( strlist_t filenames, int deta write_status_begin_signing (mfx.md); @@ -123,7 +123,7 @@ Index: gnupg-2.0.14/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -992,6 +1009,45 @@ sign_file( strlist_t filenames, int deta +@@ -995,6 +1012,45 @@ sign_file( strlist_t filenames, int deta if( opt.verbose ) putc( '\n', stderr ); } @@ -169,7 +169,7 @@ Index: gnupg-2.0.14/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1009,8 +1065,8 @@ sign_file( strlist_t filenames, int deta +@@ -1012,8 +1068,8 @@ sign_file( strlist_t filenames, int deta /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, diff --git a/gpg2.changes b/gpg2.changes index 5fbf741..5f9f206 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Mar 31 13:47:00 UTC 2010 - puzel@novell.com + +- update to gnupg-2.0.15 + * New command --passwd for GPG. + * Fixes a regression in 2.0.14 which prevented unprotection of new + or changed gpg-agent passphrases. + * Make use of libassuan 2.0 which is available as a DSO. + ------------------------------------------------------------------- Mon Mar 22 15:09:24 UTC 2010 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index 172e945..65c5480 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.14) +# spec file for package gpg2 (Version 2.0.15) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,8 +19,8 @@ Name: gpg2 -Version: 2.0.14 -Release: 3 +Version: 2.0.15 +Release: 1 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.4 From 65e7da9686a2d6e19ff3daca6abd8d999cf2c3eb30d7e732eaf9eda696a65471 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 7 Apr 2010 16:08:16 +0000 Subject: [PATCH 039/156] Accepting request 37232 from Base:System Copy from Base:System/gpg2 based on submit request 37232 from user puzel OBS-URL: https://build.opensuse.org/request/show/37232 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=40 --- gnupg-dont-fail-with-seahorse-agent.patch | 17 +++++++++++++++++ gpg2.changes | 5 +++++ gpg2.spec | 4 +++- 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 gnupg-dont-fail-with-seahorse-agent.patch diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch new file mode 100644 index 0000000..f0b3599 --- /dev/null +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -0,0 +1,17 @@ +--- + g10/passphrase.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: gnupg-2.0.15/g10/passphrase.c +=================================================================== +--- gnupg-2.0.15.orig/g10/passphrase.c 2010-01-11 15:11:17.000000000 +0100 ++++ gnupg-2.0.15/g10/passphrase.c 2010-04-07 16:06:49.000000000 +0200 +@@ -72,7 +72,7 @@ encode_s2k_iterations (int iterations) + { + /* Don't print an error if an older agent is used. */ + if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) +- log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); ++ log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); + /* Default to 65536 which we used up to 2.0.13. */ + return 96; + } diff --git a/gpg2.changes b/gpg2.changes index 5f9f206..f6d38a2 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Apr 7 14:19:11 UTC 2010 - puzel@novell.com + +- add gnupg-dont-fail-with-seahorse-agent.patch (bnc#589994) + ------------------------------------------------------------------- Wed Mar 31 13:47:00 UTC 2010 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index 65c5480..87b3600 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.15 -Release: 1 +Release: 2 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.4 @@ -57,6 +57,7 @@ Patch11: gnupg-2.0.9-langinfo.patch Patch12: gnupg-files-are-digests.patch # PATCH-FIX-UPSTREAM gnupg-2.0.14-s2kcount.patch dimstar@opensuse.org -- use fixed s2k-count number to not use gpg-agent. Patch13: gnupg-2.0.14-s2kcount.patch +Patch14: gnupg-dont-fail-with-seahorse-agent.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -72,6 +73,7 @@ gpg-agent, and a keybox library. %patch11 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build # Required for patch7: From 0a8776a1d2d61b8303eb96aabf1baf1aff0de5ffe291bf2b41056c88628817e6 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 14 Apr 2010 13:28:47 +0000 Subject: [PATCH 040/156] Accepting request 37836 from Base:System Copy from Base:System/gpg2 based on submit request 37836 from user puzel OBS-URL: https://build.opensuse.org/request/show/37836 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=41 --- gpg2.changes | 12 ++++++++++++ gpg2.spec | 13 +++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index f6d38a2..cc98578 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Apr 9 12:47:11 UTC 2010 - chris@computersalat.de + +- fix deps + o libassuan-devel >= 2.0.0 + o pth / libpth-devel >= 1.3.7 +- added BuildReq libcurl-devel >= 7.10 +- removed BuildReq openldap2 + is already solved by openldap2-devel +- removed unrecognized configure options + --enable-external-hkp, --enable-shared, --enable-static-rnd + ------------------------------------------------------------------- Wed Apr 7 14:19:11 UTC 2010 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index 87b3600..cde033f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,24 +20,24 @@ Name: gpg2 Version: 2.0.15 -Release: 2 +Release: 3 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.4 BuildRequires: libgcrypt-devel >= 1.4.0 BuildRequires: libksba-devel >= 1.0.2 -BuildRequires: libassuan-devel >= 1.0.4 +BuildRequires: libassuan-devel >= 2.0.0 BuildRequires: opensc-devel BuildRequires: libusb-devel BuildRequires: readline-devel BuildRequires: zlib-devel BuildRequires: libadns-devel BuildRequires: openldap2-devel -BuildRequires: openldap2 +BuildRequires: libcurl-devel >= 7.10 %if 0%{?suse_version} >= 1120 -BuildRequires: libpth-devel +BuildRequires: libpth-devel >= 1.3.7 %else -BuildRequires: pth +BuildRequires: pth >= 1.3.7 %endif Url: http://www.gnupg.org/aegypten2/ License: GPLv2+ @@ -98,11 +98,8 @@ CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ --with-dirmngr-pgm=%{_prefix}/bin/dirmngr \ --with-scdaemon-pgm=%{_prefix}/bin/scdaemon \ --enable-ldap \ - --enable-external-hkp \ - --enable-shared \ --enable-gpgsm=yes \ --enable-gpg \ - --enable-static-rnd=linux \ --with-gnu-ld make %{?jobs:-j%jobs}; From a1293bafddd159c318ff8037dab2486fbbdfb383b028be99806039152a835455 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 9 Jun 2010 15:03:44 +0000 Subject: [PATCH 041/156] Accepting request 41206 from openSUSE:Tools Copy from openSUSE:Tools/gpg2 based on submit request 41206 from user adrianSuSE OBS-URL: https://build.opensuse.org/request/show/41206 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=42 --- gpg2.changes | 5 +++++ gpg2.spec | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index cc98578..16eb9b2 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jun 7 09:40:32 UTC 2010 - adrian@suse.de + +- add special provides to make sure that obs signd gets correct gpg version + ------------------------------------------------------------------- Fri Apr 9 12:47:11 UTC 2010 - chris@computersalat.de diff --git a/gpg2.spec b/gpg2.spec index cde033f..7a8b58a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.15 -Release: 3 +Release: 4 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.4 @@ -47,6 +47,8 @@ AutoReqProv: on Requires: pinentry dirmngr Recommends: %name-lang = %{version} Provides: newpg gpg = 1.4.9 gnupg = %{version} +# special feature needed for OBS signd +Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 Summary: GnuPG 2 Source: gnupg-%{version}.tar.bz2 From 69991c95e3f96bb25432a86dcc4f7c10b373c7966d3185e32bf0ea1fd5c186ea Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 20 Jul 2010 06:41:39 +0000 Subject: [PATCH 042/156] Accepting request 43430 from Base:System Copy from Base:System/gpg2 based on submit request 43430 from user puzel OBS-URL: https://build.opensuse.org/request/show/43430 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=45 --- gnupg-2.0.14-s2kcount.patch | 65 ------------------------------------- gnupg-2.0.15.tar.bz2 | 3 -- gnupg-2.0.16.tar.bz2 | 3 ++ gpg2.changes | 14 ++++++++ gpg2.spec | 13 +++----- 5 files changed, 22 insertions(+), 76 deletions(-) delete mode 100644 gnupg-2.0.14-s2kcount.patch delete mode 100644 gnupg-2.0.15.tar.bz2 create mode 100644 gnupg-2.0.16.tar.bz2 diff --git a/gnupg-2.0.14-s2kcount.patch b/gnupg-2.0.14-s2kcount.patch deleted file mode 100644 index cd937c5..0000000 --- a/gnupg-2.0.14-s2kcount.patch +++ /dev/null @@ -1,65 +0,0 @@ -We have to use fixed s2k-count number otherwise the gpg2 would -want to consult gpg-agent which is not yet installed in the mock -chroot. -diff -up gnupg-2.0.14/tests/openpgp/conventional-mdc.test.s2k gnupg-2.0.14/tests/openpgp/conventional-mdc.test ---- gnupg-2.0.14/tests/openpgp/conventional-mdc.test.s2k 2009-09-21 18:53:46.000000000 +0200 -+++ gnupg-2.0.14/tests/openpgp/conventional-mdc.test 2010-01-11 10:42:36.000000000 +0100 -@@ -21,9 +21,9 @@ for ciph in `all_cipher_algos`; do - dd if=data-80000 of=z bs=1 count=$i 2>/dev/null - fi - echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ -- --force-mdc --cipher $ciph -c -o x --yes z -+ --force-mdc --cipher $ciph -c -o x --yes --s2k-count 65536 z - echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ -- -o y --yes x -+ -o y --yes --s2k-count 96 x - cmp z y || error "$ciph/$i: mismatch" - done - done -diff -up gnupg-2.0.14/tests/openpgp/conventional.test.s2k gnupg-2.0.14/tests/openpgp/conventional.test ---- gnupg-2.0.14/tests/openpgp/conventional.test.s2k 2009-09-21 18:53:46.000000000 +0200 -+++ gnupg-2.0.14/tests/openpgp/conventional.test 2010-01-11 10:43:00.000000000 +0100 -@@ -12,8 +12,8 @@ - - #info Checking conventional encryption - for i in plain-2 data-32000 ; do -- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes $i -- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x -+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes --s2k-count 65536 $i -+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes --s2k-count 65536 x - cmp $i y || error "$i: mismatch" - done - -@@ -21,8 +21,8 @@ for a in `all_cipher_algos`; do - echo_n "$a " - for i in plain-1 data-80000 ; do - echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \ -- --cipher-algo $a -c -o x --yes $i -- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x -+ --cipher-algo $a -c -o x --yes --s2k-count 65536 $i -+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes --s2k-count 65536 x - cmp $i y || error "$i: ($a) mismatch" - done - done -diff -up gnupg-2.0.14/tests/openpgp/genkey1024.test.s2k gnupg-2.0.14/tests/openpgp/genkey1024.test ---- gnupg-2.0.14/tests/openpgp/genkey1024.test.s2k 2009-09-21 18:53:46.000000000 +0200 -+++ gnupg-2.0.14/tests/openpgp/genkey1024.test 2010-01-11 10:43:14.000000000 +0100 -@@ -10,7 +10,7 @@ - - . $srcdir/defs.inc || exit 3 - --../../g10/gpg2 --quiet --batch --debug-quick-random --homedir . --gen-key <= 1.4 +BuildRequires: libgpg-error-devel >= 1.7 BuildRequires: libgcrypt-devel >= 1.4.0 -BuildRequires: libksba-devel >= 1.0.2 +BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libassuan-devel >= 2.0.0 BuildRequires: opensc-devel BuildRequires: libusb-devel @@ -57,8 +57,6 @@ Patch7: gnupg-2.0.4-install_tools.diff Patch10: gnupg-2.0.9-RSA_ES.patch Patch11: gnupg-2.0.9-langinfo.patch Patch12: gnupg-files-are-digests.patch -# PATCH-FIX-UPSTREAM gnupg-2.0.14-s2kcount.patch dimstar@opensuse.org -- use fixed s2k-count number to not use gpg-agent. -Patch13: gnupg-2.0.14-s2kcount.patch Patch14: gnupg-dont-fail-with-seahorse-agent.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -74,7 +72,6 @@ gpg-agent, and a keybox library. %patch10 -p1 %patch11 %patch12 -p1 -%patch13 -p1 %patch14 -p1 %build From e574e32b3a6f788ce71de1f1ed3bcee5515acb89294b1bf1dcfdda3f47a07793 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 30 Jul 2010 12:51:31 +0000 Subject: [PATCH 043/156] Accepting request 44100 from Base:System Copy from Base:System/gpg2 based on submit request 44100 from user puzel OBS-URL: https://build.opensuse.org/request/show/44100 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=46 --- gnupg-CVE-2010-2547.patch | 12 ++++++++++++ gpg2.changes | 6 ++++++ gpg2.spec | 26 ++++++++++++++------------ 3 files changed, 32 insertions(+), 12 deletions(-) create mode 100644 gnupg-CVE-2010-2547.patch diff --git a/gnupg-CVE-2010-2547.patch b/gnupg-CVE-2010-2547.patch new file mode 100644 index 0000000..531f81e --- /dev/null +++ b/gnupg-CVE-2010-2547.patch @@ -0,0 +1,12 @@ +Index: gnupg-2.0.16/kbx/keybox-blob.c +=================================================================== +--- gnupg-2.0.16.orig/kbx/keybox-blob.c 2009-09-21 18:53:44.000000000 +0200 ++++ gnupg-2.0.16/kbx/keybox-blob.c 2010-07-28 11:28:50.000000000 +0200 +@@ -898,6 +898,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_ + rc = gpg_error_from_syserror (); + goto leave; + } ++ names = tmp; + } + names[blob->nuids++] = p; + if (!i && (p=x509_email_kludge (p))) diff --git a/gpg2.changes b/gpg2.changes index 2113d43..71228d5 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jul 28 09:39:00 UTC 2010 - puzel@novell.com + +- gnupg-CVE-2010-2547.patch (bnc#625947) +- renumber patches + ------------------------------------------------------------------- Mon Jul 19 21:49:40 UTC 2010 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index e01187b..d1b453b 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.16 -Release: 1 +Release: 2 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.7 @@ -52,12 +52,13 @@ Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 Summary: GnuPG 2 Source: gnupg-%{version}.tar.bz2 -Patch5: gnupg-2.0.10-tmpdir.diff -Patch7: gnupg-2.0.4-install_tools.diff -Patch10: gnupg-2.0.9-RSA_ES.patch -Patch11: gnupg-2.0.9-langinfo.patch -Patch12: gnupg-files-are-digests.patch -Patch14: gnupg-dont-fail-with-seahorse-agent.patch +Patch1: gnupg-2.0.10-tmpdir.diff +Patch2: gnupg-2.0.4-install_tools.diff +Patch3: gnupg-2.0.9-RSA_ES.patch +Patch4: gnupg-2.0.9-langinfo.patch +Patch5: gnupg-files-are-digests.patch +Patch6: gnupg-dont-fail-with-seahorse-agent.patch +Patch7: gnupg-CVE-2010-2547.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -67,12 +68,13 @@ gpg-agent, and a keybox library. %lang_package %prep %setup -q -n gnupg-%version +%patch1 -p1 +%patch2 +%patch3 -p1 +%patch4 %patch5 -p1 -%patch7 -%patch10 -p1 -%patch11 -%patch12 -p1 -%patch14 -p1 +%patch6 -p1 +%patch7 -p1 %build # Required for patch7: From 07158b962333c735c3dff489072e71d318ca8f250dbea772b34b82b5e20a3e39 Mon Sep 17 00:00:00 2001 From: Ruediger Oertel Date: Tue, 2 Nov 2010 10:05:27 +0000 Subject: [PATCH 044/156] Accepting request 51918 from Base:System Accepted submit request 51918 from user coolo OBS-URL: https://build.opensuse.org/request/show/51918 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=47 --- gpg2.changes | 5 +++++ gpg2.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 71228d5..e87d989 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de + +- Use %_smp_mflags + ------------------------------------------------------------------- Wed Jul 28 09:39:00 UTC 2010 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index d1b453b..f7dd357 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -102,7 +102,7 @@ CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ --enable-gpgsm=yes \ --enable-gpg \ --with-gnu-ld -make %{?jobs:-j%jobs}; +make %{?_smp_mflags} %install %makeinstall From 8e6a9d9ebe8b4042212674f4b86cdaa9dea4fc6eb64c08ca6ff3ef56e56fff77 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Tue, 2 Nov 2010 10:05:35 +0000 Subject: [PATCH 045/156] Autobuild autoformatter for 51918 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=48 --- gpg2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gpg2.spec b/gpg2.spec index f7dd357..9e8004d 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.16 -Release: 2 +Release: 3 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.7 From 81026de46528e7671b4790daafb25fb5d82a87c2f9ad746bb8d9abda3f184f2e Mon Sep 17 00:00:00 2001 From: Berthold Gunreben Date: Mon, 10 Jan 2011 09:45:26 +0000 Subject: [PATCH 046/156] Accepting request 57359 from Base:System Accepted submit request 57359 from user prusnak OBS-URL: https://build.opensuse.org/request/show/57359 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=49 --- gpg2.changes | 5 +++++ gpg2.spec | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index e87d989..ef26e7d 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 7 13:24:17 CET 2011 - sbrabec@suse.cz + +- Removed obsolete BuildRequires of opensc-devel. + ------------------------------------------------------------------- Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de diff --git a/gpg2.spec b/gpg2.spec index 9e8004d..a346921 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -27,7 +27,6 @@ BuildRequires: libgpg-error-devel >= 1.7 BuildRequires: libgcrypt-devel >= 1.4.0 BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libassuan-devel >= 2.0.0 -BuildRequires: opensc-devel BuildRequires: libusb-devel BuildRequires: readline-devel BuildRequires: zlib-devel From 31f46df4dc8e38b64baf2f756cb1d9ad88b8fa134c6bd5dfec72238533af9dad Mon Sep 17 00:00:00 2001 From: Berthold Gunreben Date: Mon, 10 Jan 2011 09:45:34 +0000 Subject: [PATCH 047/156] Autobuild autoformatter for 57359 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=50 --- gpg2.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gpg2.spec b/gpg2.spec index a346921..4bf8546 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 (Version 2.0.16) # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.16 -Release: 3 +Release: 4 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.7 From c1dfa363110a7a382d121f866f761dc8d40d42b9a83546fc2abf45faa7eafd75 Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Wed, 16 Mar 2011 09:37:18 +0000 Subject: [PATCH 048/156] Accepting request 64162 from Base:System Accepted submit request 64162 from user puzel OBS-URL: https://build.opensuse.org/request/show/64162 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=52 --- gnupg-2.0.16.tar.bz2 | 3 --- gnupg-2.0.17.tar.bz2 | 3 +++ gnupg-2.0.4-install_tools.diff | 8 ++++---- gnupg-CVE-2010-2547.patch | 12 ------------ gpg2.changes | 13 +++++++++++++ gpg2.spec | 9 +++------ 6 files changed, 23 insertions(+), 25 deletions(-) delete mode 100644 gnupg-2.0.16.tar.bz2 create mode 100644 gnupg-2.0.17.tar.bz2 delete mode 100644 gnupg-CVE-2010-2547.patch diff --git a/gnupg-2.0.16.tar.bz2 b/gnupg-2.0.16.tar.bz2 deleted file mode 100644 index 7b64b08..0000000 --- a/gnupg-2.0.16.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0d5abb977c02ebb0f6ce25a5ba71c8df90835aa666a85acd73a9b7f9df35a80b -size 4004033 diff --git a/gnupg-2.0.17.tar.bz2 b/gnupg-2.0.17.tar.bz2 new file mode 100644 index 0000000..790002d --- /dev/null +++ b/gnupg-2.0.17.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ea649d5ecb2f97cc8d81c5796c6ad8d7d8581f9554241c39d2b11ab12139eea6 +size 3997356 diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index fa8be34..d533897 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,7 +1,7 @@ Index: tools/Makefile.am =================================================================== ---- tools/Makefile.am.orig 2009-04-17 19:39:47.000000000 +0200 -+++ tools/Makefile.am 2009-11-13 13:01:24.000000000 +0100 +--- tools/Makefile.am.orig ++++ tools/Makefile.am @@ -32,8 +32,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde bin_SCRIPTS = gpgsm-gencert.sh @@ -13,9 +13,9 @@ Index: tools/Makefile.am endif if BUILD_SYMCRYPTRUN -@@ -44,14 +44,14 @@ endif +@@ -51,14 +51,14 @@ endif - bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} + bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} ${gpgtar} if !HAVE_W32_SYSTEM -bin_PROGRAMS += watchgnupg gpgparsemail +bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit diff --git a/gnupg-CVE-2010-2547.patch b/gnupg-CVE-2010-2547.patch deleted file mode 100644 index 531f81e..0000000 --- a/gnupg-CVE-2010-2547.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: gnupg-2.0.16/kbx/keybox-blob.c -=================================================================== ---- gnupg-2.0.16.orig/kbx/keybox-blob.c 2009-09-21 18:53:44.000000000 +0200 -+++ gnupg-2.0.16/kbx/keybox-blob.c 2010-07-28 11:28:50.000000000 +0200 -@@ -898,6 +898,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_ - rc = gpg_error_from_syserror (); - goto leave; - } -+ names = tmp; - } - names[blob->nuids++] = p; - if (!i && (p=x509_email_kludge (p))) diff --git a/gpg2.changes b/gpg2.changes index ef26e7d..24835dd 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Mar 15 09:29:42 UTC 2011 - puzel@novell.com + +- update to gnupg-2.0.17 + * Allow more hash algorithms with the OpenPGP v2 card. + * The gpg-agent now tests for a new gpg-agent.conf on a HUP. + * Fixed output of "gpgconf --check-options". + * Fixed a bug where Scdaemon sends a signal to Gpg-agent running + in non-daemon mode. + * Fixed TTY management for pinentries and session variable update + problem. +- drop gnupg-CVE-2010-2547.patch (in upstream) + ------------------------------------------------------------------- Fri Jan 7 13:24:17 CET 2011 - sbrabec@suse.cz diff --git a/gpg2.spec b/gpg2.spec index 4bf8546..bd174d4 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.16) +# spec file for package gpg2 (Version 2.0.17) # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,7 +19,7 @@ Name: gpg2 -Version: 2.0.16 +Version: 2.0.17 Release: 4 BuildRequires: expect BuildRequires: fdupes @@ -57,7 +57,6 @@ Patch3: gnupg-2.0.9-RSA_ES.patch Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch -Patch7: gnupg-CVE-2010-2547.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -73,10 +72,8 @@ gpg-agent, and a keybox library. %patch4 %patch5 -p1 %patch6 -p1 -%patch7 -p1 %build -# Required for patch7: autoreconf -fi # build PIEs (position independent executables) for address space randomisation: %ifarch s390x %sparc @@ -119,7 +116,7 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot # additional files to documentation directory -install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ doc/faq.html $RPM_BUILD_ROOT/%{_docdir}/%{name} +install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ $RPM_BUILD_ROOT/%{_docdir}/%{name} %find_lang gnupg2 %if 0%{?suse_version} > 1020 %fdupes %buildroot From bb53d00a94bd61da7e68410c380ff1765227f94e9dd85f967bb009edace1b9aa Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Wed, 16 Mar 2011 09:37:25 +0000 Subject: [PATCH 049/156] Autobuild autoformatter for 64162 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=53 --- gpg2.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gpg2.spec b/gpg2.spec index bd174d4..ca7cb3c 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,5 +1,5 @@ # -# spec file for package gpg2 (Version 2.0.17) +# spec file for package gpg2 # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.17 -Release: 4 +Release: 1 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.7 From 634198130c48b1a32e0b233dc2c806d1dbedc401ae3a8ef2fa0247935ef7f8a3 Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Mon, 8 Aug 2011 12:59:58 +0000 Subject: [PATCH 050/156] Accepting request 78247 from Base:System update to upstream 2.0.18 (forwarded request 78194 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/78247 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=54 --- gnupg-2.0.17.tar.bz2 | 3 -- ...ch => gnupg-2.0.18-files-are-digests.patch | 32 +++++++------------ ...10-tmpdir.diff => gnupg-2.0.18-tmpdir.diff | 16 ++++------ gnupg-2.0.18.tar.bz2 | 3 ++ gpg2.changes | 12 +++++++ gpg2.spec | 6 ++-- 6 files changed, 37 insertions(+), 35 deletions(-) delete mode 100644 gnupg-2.0.17.tar.bz2 rename gnupg-files-are-digests.patch => gnupg-2.0.18-files-are-digests.patch (84%) rename gnupg-2.0.10-tmpdir.diff => gnupg-2.0.18-tmpdir.diff (70%) create mode 100644 gnupg-2.0.18.tar.bz2 diff --git a/gnupg-2.0.17.tar.bz2 b/gnupg-2.0.17.tar.bz2 deleted file mode 100644 index 790002d..0000000 --- a/gnupg-2.0.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ea649d5ecb2f97cc8d81c5796c6ad8d7d8581f9554241c39d2b11ab12139eea6 -size 3997356 diff --git a/gnupg-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch similarity index 84% rename from gnupg-files-are-digests.patch rename to gnupg-2.0.18-files-are-digests.patch index 30c8686..1fc153f 100644 --- a/gnupg-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -1,13 +1,6 @@ ---- - g10/gpg.c | 4 +++ - g10/options.h | 1 - g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- - 3 files changed, 66 insertions(+), 5 deletions(-) - -Index: gnupg-2.0.15/g10/gpg.c -=================================================================== ---- gnupg-2.0.15.orig/g10/gpg.c 2010-02-17 09:55:45.000000000 +0100 -+++ gnupg-2.0.15/g10/gpg.c 2010-03-31 15:34:12.000000000 +0200 +diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c +--- gnupg-2.0.18.orig/g10/gpg.c 2011-07-22 13:00:44.000000000 +0100 ++++ gnupg-2.0.18/g10/gpg.c 2011-08-06 21:07:32.000000000 +0100 @@ -341,6 +341,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, @@ -24,7 +17,7 @@ Index: gnupg-2.0.15/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2000,6 +2002,7 @@ main (int argc, char **argv) +@@ -1996,6 +1998,7 @@ main (int argc, char **argv) opt.def_sig_expire="0"; opt.def_cert_expire="0"; set_homedir ( default_homedir () ); @@ -32,7 +25,7 @@ Index: gnupg-2.0.15/g10/gpg.c opt.passphrase_repeat=1; /* Check whether we have a config file on the command line. */ -@@ -2488,6 +2491,7 @@ main (int argc, char **argv) +@@ -2484,6 +2487,7 @@ main (int argc, char **argv) case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; case oForceV3Sigs: opt.force_v3_sigs = 1; break; case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; @@ -40,10 +33,10 @@ Index: gnupg-2.0.15/g10/gpg.c case oForceV4Certs: opt.force_v4_certs = 1; break; case oNoForceV4Certs: opt.force_v4_certs = 0; break; case oForceMDC: opt.force_mdc = 1; break; -Index: gnupg-2.0.15/g10/options.h -=================================================================== ---- gnupg-2.0.15.orig/g10/options.h 2010-01-11 15:11:35.000000000 +0100 -+++ gnupg-2.0.15/g10/options.h 2010-03-31 15:33:27.000000000 +0200 +Only in gnupg-2.0.18/g10: gpg.c.orig +diff -rup gnupg-2.0.18.orig/g10/options.h gnupg-2.0.18/g10/options.h +--- gnupg-2.0.18.orig/g10/options.h 2011-07-22 13:00:44.000000000 +0100 ++++ gnupg-2.0.18/g10/options.h 2011-08-06 21:07:32.000000000 +0100 @@ -194,6 +194,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; @@ -52,10 +45,9 @@ Index: gnupg-2.0.15/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.0.15/g10/sign.c -=================================================================== ---- gnupg-2.0.15.orig/g10/sign.c 2010-02-25 09:52:15.000000000 +0100 -+++ gnupg-2.0.15/g10/sign.c 2010-03-31 15:33:27.000000000 +0200 +diff -rup gnupg-2.0.18.orig/g10/sign.c gnupg-2.0.18/g10/sign.c +--- gnupg-2.0.18.orig/g10/sign.c 2011-07-22 13:00:44.000000000 +0100 ++++ gnupg-2.0.18/g10/sign.c 2011-08-06 21:07:32.000000000 +0100 @@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, sk); } diff --git a/gnupg-2.0.10-tmpdir.diff b/gnupg-2.0.18-tmpdir.diff similarity index 70% rename from gnupg-2.0.10-tmpdir.diff rename to gnupg-2.0.18-tmpdir.diff index 61968cf..e2c8b06 100644 --- a/gnupg-2.0.10-tmpdir.diff +++ b/gnupg-2.0.18-tmpdir.diff @@ -1,9 +1,7 @@ -# create gpg-agent socket in TMPDIR -Index: gnupg-2.0.13/agent/gpg-agent.c -=================================================================== ---- gnupg-2.0.13.orig/agent/gpg-agent.c 2009-07-20 12:12:06.000000000 +0200 -+++ gnupg-2.0.13/agent/gpg-agent.c 2009-11-13 13:00:55.000000000 +0100 -@@ -960,6 +960,10 @@ main (int argc, char **argv ) +diff -rup gnupg-2.0.18.orig/agent/gpg-agent.c gnupg-2.0.18/agent/gpg-agent.c +--- gnupg-2.0.18.orig/agent/gpg-agent.c 2011-08-04 10:57:02.000000000 +0100 ++++ gnupg-2.0.18/agent/gpg-agent.c 2011-08-06 21:01:32.000000000 +0100 +@@ -1002,6 +1002,10 @@ main (int argc, char **argv ) gnupg_fd_t fd_ssh; pid_t pid; @@ -14,7 +12,7 @@ Index: gnupg-2.0.13/agent/gpg-agent.c /* Remove the DISPLAY variable so that a pinentry does not default to a specific display. There is still a default display when gpg-agent was started using --display or a -@@ -971,13 +975,23 @@ main (int argc, char **argv ) +@@ -1013,13 +1017,23 @@ main (int argc, char **argv ) unsetenv ("DISPLAY"); #endif @@ -27,13 +25,13 @@ Index: gnupg-2.0.13/agent/gpg-agent.c + snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); /* Create the sockets. */ - socket_name = create_socket_name + socket_name = create_socket_name - ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); - if (opt.ssh_support) + ("S.gpg-agent", tmp); + if (opt.ssh_support) { + snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); - socket_name_ssh = create_socket_name + socket_name_ssh = create_socket_name - ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); + ("S.gpg-agent.ssh", tmp); + } diff --git a/gnupg-2.0.18.tar.bz2 b/gnupg-2.0.18.tar.bz2 new file mode 100644 index 0000000..bd14eaa --- /dev/null +++ b/gnupg-2.0.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:48aedd762ca443fb952a9e859efe3c66706d7c2c9c77c32dbdbac4fe962dae5b +size 4016606 diff --git a/gpg2.changes b/gpg2.changes index 24835dd..ac7d236 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Sat Aug 6 20:19:09 UTC 2011 - andreas.stieger@gmx.de + +- update to upstream 2.0.18 + * Bug fix for newer versions of Libgcrypt. + * Support the SSH confirm flag and show SSH fingerprints in ssh + related pinentries. + * Improved dirmngr/gpgsm interaction for OCSP. + * Allow generation of card keys up to 4096 bit. +- refresh patch gnupg-2.0.10-tmpdir.diff -> gnupg-2.0.18-tmpdir.diff +- refresh patch gnupg-files-are-digests.patch -> gnupg-2.0.18-files-are-digests.patch + ------------------------------------------------------------------- Tue Mar 15 09:29:42 UTC 2011 - puzel@novell.com diff --git a/gpg2.spec b/gpg2.spec index ca7cb3c..e9763e7 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -19,7 +19,7 @@ Name: gpg2 -Version: 2.0.17 +Version: 2.0.18 Release: 1 BuildRequires: expect BuildRequires: fdupes @@ -51,11 +51,11 @@ Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 Summary: GnuPG 2 Source: gnupg-%{version}.tar.bz2 -Patch1: gnupg-2.0.10-tmpdir.diff +Patch1: gnupg-2.0.18-tmpdir.diff Patch2: gnupg-2.0.4-install_tools.diff Patch3: gnupg-2.0.9-RSA_ES.patch Patch4: gnupg-2.0.9-langinfo.patch -Patch5: gnupg-files-are-digests.patch +Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build From 36d42ea3afd8a07f8f454f259c5e5cee4c1a46aa80bdd82faea86a626e7e8946 Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Fri, 19 Aug 2011 07:13:11 +0000 Subject: [PATCH 051/156] Accepting request 79286 from Base:System - libcurl.m4 tests were broken, resulting in the usage of a "fake" internal libcurl. (forwarded request 79279 from elvigia) OBS-URL: https://build.opensuse.org/request/show/79286 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=55 --- gnupg-broken-curl-test.patch | 25 +++++++++++++++++++++++++ gpg2.changes | 6 ++++++ gpg2.spec | 10 ++++------ 3 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 gnupg-broken-curl-test.patch diff --git a/gnupg-broken-curl-test.patch b/gnupg-broken-curl-test.patch new file mode 100644 index 0000000..84ecf67 --- /dev/null +++ b/gnupg-broken-curl-test.patch @@ -0,0 +1,25 @@ +--- m4/libcurl.m4.orig ++++ m4/libcurl.m4 +@@ -68,13 +68,7 @@ AC_DEFUN([LIBCURL_CHECK_CONFIG], + + _libcurl_try_link=yes + +- if test -d "$_libcurl_with" ; then +- LIBCURL_CPPFLAGS="-I$withval/include" +- _libcurl_ldflags="-L$withval/lib" +- AC_PATH_PROG([_libcurl_config],["$withval/bin/curl-config"]) +- else + AC_PATH_PROG([_libcurl_config],[curl-config]) +- fi + + if test x$_libcurl_config != "x" ; then + AC_CACHE_CHECK([for the version of libcurl], +@@ -141,7 +135,7 @@ AC_DEFUN([LIBCURL_CHECK_CONFIG], + _libcurl_save_libs=$LIBS + LIBS="$LIBCURL $LIBS" + +- AC_LINK_IFELSE([AC_LANG_PROGRAM([[include ]],[[ ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[ + /* Try and use a few common options to force a failure if we are + missing symbols or cannot link. */ + int x; diff --git a/gpg2.changes b/gpg2.changes index ac7d236..2bf79f5 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Aug 19 01:11:42 UTC 2011 - crrodriguez@opensuse.org + +- libcurl.m4 tests were broken, resulting in the usage + of a "fake" internal libcurl. + ------------------------------------------------------------------- Sat Aug 6 20:19:09 UTC 2011 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index e9763e7..ed33686 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -57,6 +57,7 @@ Patch3: gnupg-2.0.9-RSA_ES.patch Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch +Patch7: gnupg-broken-curl-test.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -72,6 +73,7 @@ gpg-agent, and a keybox library. %patch4 %patch5 -p1 %patch6 -p1 +%patch7 %build autoreconf -fi @@ -82,12 +84,7 @@ CFLAGS="%{optflags} -fPIE" LDFLAGS=-pie \ %else CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ %endif -./configure \ - --prefix=%{_prefix} \ - --sysconfdir=/etc \ - --libdir=%{_libdir} \ - --infodir=%{_infodir} \ - --mandir=%{_mandir} \ +%configure \ --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \ --with-agent-pgm=%{_prefix}/bin/gpg-agent \ @@ -98,6 +95,7 @@ CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ --enable-gpgsm=yes \ --enable-gpg \ --with-gnu-ld + make %{?_smp_mflags} %install From c903cd0fb5bf7a2edc4570c321b35f562f9b10b3fb81977eb1051b7a2c0f0b8f Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Fri, 19 Aug 2011 07:13:21 +0000 Subject: [PATCH 052/156] Autobuild autoformatter for 79286 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=56 --- gpg2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gpg2.spec b/gpg2.spec index ed33686..b00d842 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.18 -Release: 1 +Release: 2 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.7 From dc8762f02a10f7e32f86e5b2280b9efe38b9f48b7fb131de9a1908a6dc28148b Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Thu, 1 Sep 2011 12:50:55 +0000 Subject: [PATCH 053/156] Accepting request 80347 from Base:System link with pie OBS-URL: https://build.opensuse.org/request/show/80347 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=57 --- gpg2.changes | 5 +++++ gpg2.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 2bf79f5..9441fad 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Aug 31 10:00:35 UTC 2011 - puzel@suse.com + +- link with -pie + ------------------------------------------------------------------- Fri Aug 19 01:11:42 UTC 2011 - crrodriguez@opensuse.org diff --git a/gpg2.spec b/gpg2.spec index b00d842..d13637f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -80,10 +80,12 @@ autoreconf -fi # build PIEs (position independent executables) for address space randomisation: %ifarch s390x %sparc # s390x needs to use the large PIE model (at least for gpg.c): -CFLAGS="%{optflags} -fPIE" LDFLAGS=-pie \ +PIE="-fPIE" %else -CFLAGS="%{optflags} -fpie" LDFLAGS=-pie \ +PIE="-fpie" %endif +export CFLAGS="%{optflags} ${PIE}" +export LDFLAGS=-pie %configure \ --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \ From 2c31785e838317408d03609bf4fe93b4111524858304575e488e60429733d44b Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Thu, 1 Sep 2011 12:51:04 +0000 Subject: [PATCH 054/156] Autobuild autoformatter for 80347 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=58 --- gpg2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gpg2.spec b/gpg2.spec index d13637f..68833e3 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -20,7 +20,7 @@ Name: gpg2 Version: 2.0.18 -Release: 2 +Release: 4 BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.7 From dfa052edde5c82c236ab5d16e16378c70615173c6b25e1c42c8564d5555bd30b Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Sun, 2 Oct 2011 08:09:58 +0000 Subject: [PATCH 055/156] Accepting request 85893 from Base:System - Test suite hangs in qemu-arm, workaround. (forwarded request 85884 from elvigia) OBS-URL: https://build.opensuse.org/request/show/85893 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=59 --- gpg2.changes | 5 +++++ gpg2.spec | 2 ++ 2 files changed, 7 insertions(+) diff --git a/gpg2.changes b/gpg2.changes index 9441fad..195e1b1 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Oct 1 15:53:04 UTC 2011 - crrodriguez@opensuse.org + +- Test suite hangs in qemu-arm, workaround. + ------------------------------------------------------------------- Wed Aug 31 10:00:35 UTC 2011 - puzel@suse.com diff --git a/gpg2.spec b/gpg2.spec index 68833e3..62ceb25 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -123,9 +123,11 @@ install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ $RPM_BUILD_ROO %endif %check +%if ! 0%{?qemu_user_space_build} make check $RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p pubsplit- --uncompress Date: Tue, 6 Dec 2011 16:58:48 +0000 Subject: [PATCH 056/156] Accepting request 95545 from Base:System - fixed licence to GPL-3.0+ (bnc#734878) - add automake as buildrequire to avoid implicit dependency OBS-URL: https://build.opensuse.org/request/show/95545 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=61 --- gpg2.changes | 10 ++++++++++ gpg2.spec | 5 ++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 195e1b1..848267c 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Dec 6 10:58:36 UTC 2011 - vcizek@suse.com + +- fixed licence to GPL-3.0+ (bnc#734878) + +------------------------------------------------------------------- +Wed Nov 30 09:55:47 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + ------------------------------------------------------------------- Sat Oct 1 15:53:04 UTC 2011 - crrodriguez@opensuse.org diff --git a/gpg2.spec b/gpg2.spec index 62ceb25..51863c4 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -15,12 +15,12 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: gpg2 Version: 2.0.18 Release: 4 +BuildRequires: automake BuildRequires: expect BuildRequires: fdupes BuildRequires: libgpg-error-devel >= 1.7 @@ -39,10 +39,9 @@ BuildRequires: libpth-devel >= 1.3.7 BuildRequires: pth >= 1.3.7 %endif Url: http://www.gnupg.org/aegypten2/ -License: GPLv2+ +License: GPL-3.0+ Group: Productivity/Networking/Security PreReq: %install_info_prereq -AutoReqProv: on Requires: pinentry dirmngr Recommends: %name-lang = %{version} Provides: newpg gpg = 1.4.9 gnupg = %{version} From 9c954dc5173fb15c616a25df8a0630c7bfc51511ba9692ffa82e44972be0a015 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Thu, 19 Apr 2012 06:48:48 +0000 Subject: [PATCH 057/156] Accepting request 114364 from Base:System - Mention some of the changes in Greg's version update * GPG now accepts a space separated fingerprint as a user ID. This allows to copy and paste the fingerprint from the key listing. * GPG now uses the longest key ID available. Removed support for the original HKP keyserver which is not anymore used by any site. * Rebuild the trustdb after changing the option --min-cert-level. * Ukrainian translation. * Honor option --cert-digest-algo when creating a cert. * Emit a DECRYPTION_INFO status line. * Improved detection of JPEG files. (forwarded request 114352 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/114364 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=62 --- gnupg-2.0.18.tar.bz2 | 3 --- gnupg-2.0.19.tar.bz2 | 3 +++ gnupg-broken-curl-test.patch | 15 ++++----------- gpg2.changes | 19 +++++++++++++++++++ gpg2.spec | 32 +++++++++++++++++--------------- 5 files changed, 43 insertions(+), 29 deletions(-) delete mode 100644 gnupg-2.0.18.tar.bz2 create mode 100644 gnupg-2.0.19.tar.bz2 diff --git a/gnupg-2.0.18.tar.bz2 b/gnupg-2.0.18.tar.bz2 deleted file mode 100644 index bd14eaa..0000000 --- a/gnupg-2.0.18.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:48aedd762ca443fb952a9e859efe3c66706d7c2c9c77c32dbdbac4fe962dae5b -size 4016606 diff --git a/gnupg-2.0.19.tar.bz2 b/gnupg-2.0.19.tar.bz2 new file mode 100644 index 0000000..ce4b889 --- /dev/null +++ b/gnupg-2.0.19.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622 +size 4187460 diff --git a/gnupg-broken-curl-test.patch b/gnupg-broken-curl-test.patch index 84ecf67..fa96ee7 100644 --- a/gnupg-broken-curl-test.patch +++ b/gnupg-broken-curl-test.patch @@ -1,5 +1,7 @@ ---- m4/libcurl.m4.orig -+++ m4/libcurl.m4 +diff --git a/m4/libcurl.m4 b/m4/libcurl.m4 +index 7d1dbd3..92cf801 100644 +--- a/m4/libcurl.m4 ++++ b/m4/libcurl.m4 @@ -68,13 +68,7 @@ AC_DEFUN([LIBCURL_CHECK_CONFIG], _libcurl_try_link=yes @@ -14,12 +16,3 @@ if test x$_libcurl_config != "x" ; then AC_CACHE_CHECK([for the version of libcurl], -@@ -141,7 +135,7 @@ AC_DEFUN([LIBCURL_CHECK_CONFIG], - _libcurl_save_libs=$LIBS - LIBS="$LIBCURL $LIBS" - -- AC_LINK_IFELSE([AC_LANG_PROGRAM([[include ]],[[ -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]],[[ - /* Try and use a few common options to force a failure if we are - missing symbols or cannot link. */ - int x; diff --git a/gpg2.changes b/gpg2.changes index 848267c..962c344 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Wed Apr 18 10:55:34 UTC 2012 - vcizek@suse.com + +- Mention some of the changes in Greg's version update + +------------------------------------------------------------------- +Tue Mar 27 20:38:27 UTC 2012 - gregkh@opensuse.org + +- update to upstream 2.0.19 + * GPG now accepts a space separated fingerprint as a user ID. This + allows to copy and paste the fingerprint from the key listing. + * GPG now uses the longest key ID available. Removed support for the + original HKP keyserver which is not anymore used by any site. + * Rebuild the trustdb after changing the option --min-cert-level. + * Ukrainian translation. + * Honor option --cert-digest-algo when creating a cert. + * Emit a DECRYPTION_INFO status line. + * Improved detection of JPEG files. + ------------------------------------------------------------------- Tue Dec 6 10:58:36 UTC 2011 - vcizek@suse.com diff --git a/gpg2.spec b/gpg2.spec index 51863c4..0157692 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,39 +16,41 @@ # - Name: gpg2 -Version: 2.0.18 -Release: 4 +Version: 2.0.19 +Release: 0 BuildRequires: automake BuildRequires: expect BuildRequires: fdupes -BuildRequires: libgpg-error-devel >= 1.7 -BuildRequires: libgcrypt-devel >= 1.4.0 -BuildRequires: libksba-devel >= 1.0.7 +BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.0.0 +BuildRequires: libcurl-devel >= 7.10 +BuildRequires: libgcrypt-devel >= 1.4.0 +BuildRequires: libgpg-error-devel >= 1.7 +BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libusb-devel +BuildRequires: openldap2-devel BuildRequires: readline-devel BuildRequires: zlib-devel -BuildRequires: libadns-devel -BuildRequires: openldap2-devel -BuildRequires: libcurl-devel >= 7.10 %if 0%{?suse_version} >= 1120 BuildRequires: libpth-devel >= 1.3.7 %else BuildRequires: pth >= 1.3.7 %endif Url: http://www.gnupg.org/aegypten2/ -License: GPL-3.0+ -Group: Productivity/Networking/Security PreReq: %install_info_prereq -Requires: pinentry dirmngr +Requires: dirmngr +Requires: pinentry Recommends: %name-lang = %{version} -Provides: newpg gpg = 1.4.9 gnupg = %{version} +Provides: gnupg = %{version} +Provides: gpg = 1.4.9 +Provides: newpg # special feature needed for OBS signd Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 Summary: GnuPG 2 +License: GPL-3.0+ +Group: Productivity/Networking/Security Source: gnupg-%{version}.tar.bz2 Patch1: gnupg-2.0.18-tmpdir.diff Patch2: gnupg-2.0.4-install_tools.diff @@ -72,7 +74,7 @@ gpg-agent, and a keybox library. %patch4 %patch5 -p1 %patch6 -p1 -%patch7 +%patch7 -p1 %build autoreconf -fi From a40879d29d66ea9dac826407c97c60157ef13b0cbb393fba1d81ef87789ac1fe Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Thu, 17 Jan 2013 08:39:23 +0000 Subject: [PATCH 058/156] Accepting request 148677 from Base:System Add support for BZIP2 compression algorithm (bnc#798175). (forwarded request 148630 from Lazy_Kent) OBS-URL: https://build.opensuse.org/request/show/148677 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=64 --- gpg2.changes | 6 ++++++ gpg2.spec | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 962c344..9144ec2 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jan 11 20:26:50 UTC 2013 - lazy.kent@opensuse.org + +- BuildRequires: libbz2-devel (support BZIP2 compression + algorithm) (bnc#798175). + ------------------------------------------------------------------- Wed Apr 18 10:55:34 UTC 2012 - vcizek@suse.com diff --git a/gpg2.spec b/gpg2.spec index 0157692..b1cd878 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,6 +24,7 @@ BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.0.0 +BuildRequires: libbz2-devel BuildRequires: libcurl-devel >= 7.10 BuildRequires: libgcrypt-devel >= 1.4.0 BuildRequires: libgpg-error-devel >= 1.7 From 6ea1cafb407b0647a3ca279fc8e776487c7e28bb8aeaf4a99e8c900b83d05bc0 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Thu, 28 Mar 2013 12:16:11 +0000 Subject: [PATCH 059/156] Accepting request 161454 from Base:System - Added url as source. Please see http://en.opensuse.org/SourceUrls (forwarded request 161391 from m_meister) OBS-URL: https://build.opensuse.org/request/show/161454 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=66 --- gpg2.changes | 6 ++++++ gpg2.spec | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 9144ec2..ad4c84b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 27 12:16:19 UTC 2013 - mmeister@suse.com + +- Added url as source. + Please see http://en.opensuse.org/SourceUrls + ------------------------------------------------------------------- Fri Jan 11 20:26:50 UTC 2013 - lazy.kent@opensuse.org diff --git a/gpg2.spec b/gpg2.spec index b1cd878..9bd0a9d 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -52,7 +52,7 @@ Obsoletes: gpg < 1.4.9 Summary: GnuPG 2 License: GPL-3.0+ Group: Productivity/Networking/Security -Source: gnupg-%{version}.tar.bz2 +Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Patch1: gnupg-2.0.18-tmpdir.diff Patch2: gnupg-2.0.4-install_tools.diff Patch3: gnupg-2.0.9-RSA_ES.patch From 3c7b2e6c08e7e9140d161a06d4164845cdb21f8986a2706347ea0e1f2d8e2dd2 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Thu, 16 May 2013 08:59:32 +0000 Subject: [PATCH 060/156] Accepting request 175189 from Base:System update to 2.0.20 (forwarded request 175003 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/175189 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=67 --- gnupg-2.0.19.tar.bz2 | 3 - gnupg-2.0.20.tar.bz2 | 3 + gnupg-2.0.20.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-2.0.9-RSA_ES.patch | 20 +- gpg2.changes | 26 ++ gpg2.keyring | 939 +++++++++++++++++++++++++++++++++++++++ gpg2.spec | 9 +- 7 files changed, 987 insertions(+), 13 deletions(-) delete mode 100644 gnupg-2.0.19.tar.bz2 create mode 100644 gnupg-2.0.20.tar.bz2 create mode 100644 gnupg-2.0.20.tar.bz2.sig create mode 100644 gpg2.keyring diff --git a/gnupg-2.0.19.tar.bz2 b/gnupg-2.0.19.tar.bz2 deleted file mode 100644 index ce4b889..0000000 --- a/gnupg-2.0.19.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:efa23a8a925adb51c7d3b708c25b6d000300f5ce37de9bdec6453be7b419c622 -size 4187460 diff --git a/gnupg-2.0.20.tar.bz2 b/gnupg-2.0.20.tar.bz2 new file mode 100644 index 0000000..f2becbc --- /dev/null +++ b/gnupg-2.0.20.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6e949b7f062cab8a3cf0910f91ecf04cabaad458c0aeeec66298651b8b04b79a +size 4286191 diff --git a/gnupg-2.0.20.tar.bz2.sig b/gnupg-2.0.20.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..c279f20f24a78935a4f9b3ac6cdd5021ca5ca3348ca6f6b5c955a4cc48d1418b GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-lw{(1lk2@oWkInqxhAwp6~B9b(4}&r0PL-occj|y2qAp=>Fca#kRdixiZw>&R|ju}-R0+{*2Dgk3ZAax z@fE7{_G3CW3kak~=a&^Tcp%?+J^;L)2U-mZ&!`%Gr(_q)DLB6;A~n!V?(0DYZ2BoT z#^NjvITY+rs(?T%}AGm94qKKDka7YbH5_k6dM=iP+j*q$@~iX6ZSJ l1Q5_^TnDtzz8sfA%4+x(06?E9L4T4 3072 bit does now work. + * New meta option ignore-invalid-option to allow using the same + option file by other GnuPG versions. + * gpg: The hash algorithm is now printed for sig records in key listings. + * gpg: Skip invalid keyblock packets during import to avoid a DoS. + * gpg: Correctly handle ports from DNS SRV records. + * keyserver: Improve use of SRV records + * gpg-agent: Avoid tty corruption when killing pinentry. + * scdaemon: Improve detection of card insertion and removal. + * scdaemon: Rename option --disable-keypad to --disable-pinpad. + * scdaemon: Better support for CCID readers. Now, the internal CCID + driver supports readers without the auto configuration feature. + * scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and + it supports variable length PIN input, and you specify + --enable-pinpad-varlen option. + * scdaemon: New option --enable-pinpad-varlen. + * scdaemon: Install into libexecdir to avoid accidental execution + from the command line. + * Assorted bug fixes. +- refresh gnupg-2.0.9-RSA_ES.patch +- verify gpg signature of source tarball + ------------------------------------------------------------------- Wed Mar 27 12:16:19 UTC 2013 - mmeister@suse.com diff --git a/gpg2.keyring b/gpg2.keyring new file mode 100644 index 0000000..50ad916 --- /dev/null +++ b/gpg2.keyring @@ -0,0 +1,939 @@ + pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31] + uid Werner Koch + uid Werner Koch + sub 1024D/77F95F95 2011-11-02 + sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31] + + pub 4096R/99242560 2002-01-28 + uid David M. Shaw + + pub 1024D/87978569 1999-05-13 + uid Marcus Brinkmann + uid Marcus Brinkmann + uid Marcus Brinkmann + uid Marcus Brinkmann + uid Marcus Brinkmann + sub 2048g/C3AF90C1 1999-05-13 + sub 1024R/08AEA692 2006-04-14 + sub 1024R/FCD2A293 2006-04-14 + sub 1024R/233A942F 2006-04-14 + + pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] + uid Werner Koch (dist sig) + sub 2048R/AC87C71A 2011-01-12 [expires: 2019-12-31] + + pub 1024D/5B0358A2 1999-03-15 [expired: 2011-07-11] + uid Werner Koch + uid Werner Koch + uid Werner Koch + uid Werner Koch + + pub 1024D/57548DCD 1998-07-07 [expired: 2005-12-31] + uid Werner Koch (gnupg sig) + + pub 1024D/B2D7795E 2001-01-04 + uid Philip R. Zimmermann + uid Philip R. Zimmermann + uid [jpeg image of size 3369] + uid [jpeg image of size 3457] + uid Philip R. Zimmermann + sub 3072g/A8E92834 2001-01-04 + + pub 1024R/1CE0C630 2006-01-01 [expired: 2011-06-30] + uid Werner Koch (dist sig) + + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4 +3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW +G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3 +RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68 +N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvy +TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY +urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq +bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9 +quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv +Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGEEExECACECF4AFCQ4Uh/0F +AkG8aF4GCwkIBwMCAxUCAwMWAgECHgEACgkQaLeriVdUjc0EkwCfTXfXdqDS2COs +ZRm0OUphuY0h4x4AnRSlWyPGnKUFxKOw8TwwCSLsdvZHmQGiBDbtSOkRBACURhKn +GIFyXIeX61GAY9hJA5FgG4UalV55ohdz4whBgDzDGLE3XYlO8HCn4ggKilll6MOw +Y0yZeg6PEU9Y3SqTzpQSV6qj2M7MgcS8xOpi6bNCu0iyZUik0KklUXMdI8e/CVmB +pQJT9CofbD1dsP6z4dC6z3jil0+5Wbfw6yIXzwCgy/7Fagq5mN0H760/JEiiXILS +1n0D/3H26lTaxo1vGput9Td1FQN7Vn6YDP0/To5ipsOODROV3zyUwF5QleY+8zTF +JA3qD5KxRfA726WELOF1mB6Mw44UdkPniOoGdMH5oSx6qnNnlVZBBu3U+e1qfQwL +QjHu0WX4Z2q00DKpWLThGv7Loh5NKi6OfTbMhfHoevCAzQnmA/wKc6J8GqthENTh +KXxZaei3Ep0t+PlBmbUzuAYCXZhI6/0KyD6emyQ7LYIaPv9qEfMkMLhxicG0v/AA +wOCBRKS3bkqc6wAYaO0bjUHJvem3HkWPux82t83+6YPyRnVjm/mwt0uEyKSvt7Md +2DVrO3lEcKRkRHiYuf0nonPhl5Rs5bQaV2VybmVyIEtvY2ggPHdrQGdudXBnLm9y +Zz6IawQTEQIAIwIXgAIZAQULBwoDAgMVAgMDFgIBAh4BBQJGtcWFBQkXLil/ABIH +ZUdQRwABAQkQXeJJllsDWKJBTACfQI8TnuVIxE88u2napOMyUfoWZSMAn2t47LUM +uyDEHRcYvEBiP/SRVvsrtBxXZXJuZXIgS29jaCA8d2tAZzEwY29kZS5jb20+iGME +ExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAKCRBd4kmW +WwNYomksAJ4q+Lv3fDvzDJl4JcOmzWHPsPg2QQCdHcj5DwCCM7YnRLiE58ApHdrg +11S0C1dlcm5lciBLb2NoiGMEExECABsDCwoDAxUDAgMWAgECF4AFAka1xZEFCRcu +KX8AEgdlR1BHAAEBCRBd4kmWWwNYokHUAKCKSLq+i1yHrG8ZXqJRk+d4SyanGwCe +KFwqqRr3tbae+m4iK+EcyY+BR2a0HVdlcm5lciBLb2NoIDx3ZXJuZXJAZnNmZS5v +cmc+iGMEExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAK +CRBd4kmWWwNYomC9AKCOTnRhGus67gV2k+8K2SwytYDqVQCfcaEJKu8EBd0sx3F0 +24GX/RNwnZq5AQsEQF3bKQEIANEoVLSVnD/YxrBL3s/edXK3YUX1dZvyyLtP0mCX +41EX3e6pQ4gLXmze7lJU9zB0iGgbTjBgodMsqHIECMWnhrN8uaIgEMOnfsNjdIC0 +lPpOyBQtH7IWRdtG+4g5Tk3/RbHOsroknCUVUTJo9fvOZZUowKP5IyPYWuaW25VL +RoJ/SKjef3ttQC+5Td2CNMWgepbjTXuyZ9sThUzCctiLf/VJL2zTKwozo/HnIQze +hCI5b/2lLjzBIV+zeVeLw3UGKSA91TkUUD7kEZJSHHIV/6Wp2PBwHIELstPd0KsV +5ZA4vRR5WHrAbjw7rePyO57uZ9Ob7nn25ecP8nrk+IdxlOcABimITwQYEQIADwUC +QF3bKQIbDAUJA1jvAAAKCRBd4kmWWwNYohLWAKCgnbPg6cDR1W3tkz894CwpcDQo +VQCfcBXfK5kpfhYfDk+d/mwuYXktSSW5AQsEQ7gWIgEIANFah4LB/iVUglBqEzvK +0VG88yuRJlDLTvb8jr/hA8qxocj4eegHw+NOYGnIEMsrxjo5/djWE1vvvF76baD7 +xar8FQoe9SLUX7HOzOmeLG0yv5A6LLpTuQIkDp8a+rSqbOtcZy/mteka9bDJl/KZ +MtbhfZYqA0vxuE4PLS4n1lH9+GMTuecgeAhuhKcEBQ8cKwj0EW6axtTwUqwokI4G +rOIcTIMduLHu4/oHJiyUfa1TD1Z1BTxjOjaZaiOCFemMTtRPS0BvhA1N3C6suCIQ +gfm6awzjd6WvX/ad3ToqKBBf41HgyrK1H7bwm0QQq9QvAlmmYTGzgH44HjHyX7ot +zT8ABimITwQYEQIADwUCQ7gWIgIbDAUJA8EVgAAKCRBd4kmWWwNYol3LAJ43JG07 +X/IjKI2Si1hF87nLfG4ehwCcDIDiNrFrvTaxGziI9H9ZYmQyASq5AaIER3ko1BEE +AITOSpTeW3g46dEaTnGDrre9/WrhXvHzL7kP1TpzYC4jig7C2t63xUgLCgmv17ie +C9j+VqiK6olGPIL8y5RdHjJgStNAL+psZ0kjx2yGACUpgDky49hRtfxWGuohJnBH +Upsp/2DGOCyL0nlzkvJRIVdIZAMgYYmnGu8atilHpHb/AKD/aYLuxeQfHRjylB8y +Od7iHEE7VwP/QSxhwtSQWXdgz/KyTwjAjN69JGNx6iUKrwNiPLphEufYi0EzdKkr +xltkTLuZYmd+yoxMKvoKHAOgLe+RcnF9ZZDc2XUjujIlu0lDIe0/2xUXJYQ3zKza +St1qbzuk414SzRjkisVUne/GuJNuM2wAwTSmeGXhO/fgc++1MiuLdr8D/j/T8lfN +S48czJ0eF+/VG2FG5l+JVucRbvmBWilVWFXWOTWyoFuqQ+8t6uHAdlyyxZlgt3rZ +WsU6r2vQ+ayELJ3nny4zZdxlBA8O2XbpV3fXf5NlUsZWY3/tifySOwHIQRvJX0NA +Sz2Ao4qXBKF7CM6sZzlbXja6XHZyUG5p3anAiJcEGBECAA8FAkd5KNQCGwIFCQah +TGwAUgkQXeJJllsDWKJHIAQZEQIABgUCR3ko1AAKCRDNP81ePVLCghD5AJ46ond0 +H0ny3nPQrXI5/CQxk12YzACfR+j9+k0y+vLYfzuDCWoSuLeWuvBYygCePPYlR8Tt +yegne86Z/xquxNFgFjsAoL6wDuo4gsI+6/bzSNlyrkUYmLO7uQENBEd5KWMBCADe +LY1DPSaB2NyWLeaLLTa1G0QTIXp2y6FpLvgC/PIzR8InRxNhkBDaswFBPuc/oASN +QCvXTCjFsgPvc1jS6UpTHY3NnZlxB6s5NbW1YDPQE1CklJ73uNU9r8aBxMhsrzoq +VO/PzLqUhcwWp/6sBjyFz5Zb+WNip4Id9J+ej537r2UJo/GiMh3JOWgp5/SqUTWz +wowtU111eROlURVh6wrG11ZbQqFo7qMY1lAut8Vt4vJxKvjTdlls7fhRfPwmcxBD +XxZycPOKO8VF3XJPI3bVxkoKFRuOJZK/fHnghgEYwrviKiG0vDISUOTqOE63haot +a72gUUlDTJGrorvNO8C/ABEBAAGITwQYEQIADwUCR3kpYwIbDAUJBp/6XQAKCRBd +4kmWWwNYohbBAKDA1ZUpbI3OWd+5Efnj482Urmv47gCgtXRryMuxJZ8MWhfBZ0Yq +vH7DeKC5AaIEQF3aTxEEAP9SgfIbIPL6BQ1nqoblsTYoiwWPL48uBZPjkDfy8XsV +R5V9aRQlggC4x4/MD3Ip5AUgReI7PcHnp4m3vcVLXPl+/7i7hAwd84iKzgN8I8VW +0EevflcNm7nbWEnpjaGxJWFbhSLI1DmqnafoU8nZgGp2QoE+flgGDd559C3SiHRT +AKDbqgS3EDhTbwfS+bAhW5Xi8/2CPwP9HueeuW9M/cyt8UvliLsj2eYMEIy7CeSL +O13XfnqCjcnHK+b59/ADd99dpMaq3gKj7Aj1RIsRV2qWDJpDNXVxP7Cy+FzxelQs +ytPQOV8H8AkB+RgmSyfxlNRUkC3sQU6jR9IwmPD4iB5fp/SqUpn++77TAArXqsfH +bmlnwcuU1EAD/i7CEhxLBYS1N77hwxL8DWCqjpi+1PKG+6dc0BQFIU3uUhbzLGfq +EobUDhveqgtlsvoEZ/lR8RgMv/uOjXEgiATQyTEa7s3M2vjXlpLjXjzklma3Lqmc +am3dEf/5OR02yZif6hPU/x8f/VQle0kKNKdOCV1+dlo8aJH2UIZRRIvtiJcEGBEC +AA8CGwIFCQcbVgAFAkR1rB0AUkcgBBkRAgAGBQJEdawTAAoJEGB4TpQBClft2RMA +n1XiL/bC9hByZInCJTaCd8WS8kYCAKCfpAWwLIxkfwAeD/RI+2p00nQfvAkQXeJJ +llsDWKKx7QCguc4/HiEs64Ey5p6Yihy67X8E0YsAnRXMFdXVP7ww8uldljPiD1Tg +yurpiEYEEBECAAYFAjc3I8UACgkQ9u7fIBhLxNmHZQCglWbPDznIcnOxdDW+k7Yg +A9+/n00An1ZjSiJipverUxLEFHAbSBWI0IntiEYEEBECAAYFAjc6+aMACgkQdQ9k +lcidkz6GiwCdGe0KSP/vSyEZM/GClQXvjMD4RvMAoJwyTIdcjPZbQizDeAO3btn2 +CCwTiEYEEBECAAYFAjgUDhkACgkQYAeQgHPH80+I2gCdHeTAPusmEfN2bdkijpW1 +gpxBvGoAn1kzL7Mg7tC4pqlqw2fV3kRUy1a5iEYEEBECAAYFAjgqYh4ACgkQ4/JY +VBKPDnkPkACgmzk7HMlJ1h0qw6OHyMtDE4RI4ToAni+Cm+01pHfzh0EnFQTvLE1M +9PtoiEYEEBECAAYFAjnKOw4ACgkQK7tDpvCerwquXwCfbW9xGF2AHQakBPakh61x +KmC8WEEAn3TytfY5qrTjxIj2HZFKN5QuQpYSiEYEEBECAAYFAjnKiy8ACgkQF6ZB +bfeUj9ombQCfYQYxpipdMGBxbNd8jbL9RDmH3nMAoITmZnDJwXzpHNuSLY8o3c5Y +hHXziEYEEBECAAYFAjnKnXcACgkQNfZhfFE679le7gCggQjsjFhjaIO1lWHfPusn +0dqdhRYAn3rOW0XSeh64V9o+VItH2LZngmNAiEYEEBECAAYFAjnLMigACgkQUaz2 +rXW+gJcIVgCfRRq0G2fCcZOFoey9uZGAkWctKsQAoLw6lUhdeZDgULrDC7OQRIk7 +CnMtiEYEEBECAAYFAjnPp1IACgkQkVrMRaj0wv0IqwCfWGMeiZ58ysuZCAP9IsX3 +aKcSPtcAoJno1COOjAMhoWjUiHctgLZX9+gTiEYEEBECAAYFAjnQ39UACgkQbyOL +wk/aWgxfIwCfb/GeMAD8w84hq5/aUQMCvVqUYqAAn07SKuWYsZLEUuPWIgYY0yoB +yJxviEYEEBECAAYFAjnSCrEACgkQv+EgZWshSJq8jACfdf20dqs3IWOPHgFMdYb5 +VF+WkJUAn05quvyHB3Xug8csxWg6RwSfQBTBiEYEEBECAAYFAjpMy0UACgkQ7UaB +yb89+bRUrQCg6aozpYiCEDPVAHe54/8/q48FLP8AniviG9fjxInPaSKB+LXRmQjc +2jLZiEYEEBECAAYFAjqJgd8ACgkQYogE2yD8bPYGagCggMsqGJN61JuOQkY5MiKb +4UPQpBwAniNYwQb+hlEzJF7qnPECh0MAxq8OiEYEEBECAAYFAjrBCNQACgkQt1an +jIgqbEu30gCdEsSeFtJ5KziD5l/CvAhVZt9lnQUAnRrmbV8HkndXp3+DNoREgscZ +k/rliEYEEBECAAYFAjrB0SkACgkQ0vCiU5+ISsiPkgCeOFayt7NkcymwTC2UKNjj +yukNDvAAoLq/bOTNZECtztYIMDQ2VrzZ3m6KiEYEEBECAAYFAjr1eYsACgkQ7A6v +cTZ3gCXdrQCgllIx6G2DkKSGKBhYCgsyywFBXLUAn2PJGrCOov0LS8jCMD2Xo4T7 +qfsjiEYEEBECAAYFAjr1mwEACgkQLBigKrTF83+E4ACffa4yaJ6Pj4uFZY7dVuiO +fkuoTE8AniIdw0DVkHBuxlNp9PAglhztyE+oiEYEEBECAAYFAjtFbTsACgkQ53Xj +JNtBs4ex3wCfXLPNscM4Uxtmy0/t5Ygg9lDWEQAAnR39P9eJtEeBtMPfbEGYc10A +BqjkiEYEEBECAAYFAjtF2QAACgkQI/q1+wgWzBuJgACeIak+A98IheVSowXG4J6j +zBA439MAn2IFA8EB/EkQ1rn7OEmFNX++PNZyiEYEEBECAAYFAjtF8RYACgkQJ4bC +RH+KQBfSwgCaAvm7pL+LioYj/oKDBQ1pJAj+UqMAn10W8RKrYblMZ4L11R2TO9xO +vFn6iEYEEBECAAYFAjtIDxYACgkQBgac8paUV/DLWACgifbHtSi50JxmSr18Wofe +VcVcAXUAoJs99aH6/t9gkO34ajXjiIQxc0qMiEYEEBECAAYFAjtIJ18ACgkQ11ld +N0tyliUx5gCggbhG1uzvdgHNY8oCt4cc6TfHUREAoJuRw8q2kbztnt8TQ4mjiTIN +cBXziEYEEBECAAYFAjtJwaAACgkQUI/TY7yTaDkPjgCcDSJQUZBBP/5OvW48Q3BU +kUkRSQkAn1Mjqe4WTFEEA8HK5h+KDcqR0aZIiEYEEBECAAYFAjtKFVcACgkQliSD +4VZixzSYCgCeJpt98LMq02q9W1bK5iPUvCkcsSYAn1dqFcoXctXVnMj53z8zfAaW +0BcwiEYEEBECAAYFAjtLFwcACgkQDqdWtRRIQ/XMGQCdH1u9tmtUYY3ExVLdT/H2 +IIQCU3MAoI69Y4Z17RDh4Bj2gmJwmEAmfDwbiEYEEBECAAYFAjtMF8oACgkQ1w1f +WGA80Hj2mwCfazudYZSMmQWO85xZvg0uTB3rhZQAn3DSyrvXxIpmv0CcnBtUQu5N +21kSiEYEEBECAAYFAjtRuWUACgkQ5DsVPMtGficbLACeNpRJOS9AZ7q7bhX2sBJg +lKLloTsAoLm5FTnY6iAySfPZZlwAVeE6zMJwiEYEEBECAAYFAjtSxD8ACgkQO/YJ +xouvzb1F7ACfVp8vhxAWCeRZN3InlvYLrxFTng4An1QO6+D3QUjX+0YRNZ3tpZDT +Sd6QiEYEEBECAAYFAjtXQl8ACgkQeRYvNvf2qtklNwCfcg4Tss3C9Nf6NiyOAHhX +O4JLhtkAn055IHb4i2IO5TQLSQi0tk4ktZVfiEYEEBECAAYFAjtnOlkACgkQwAsN +NiHlPr2cagCg07IN1/MaXn+8yd4Ncp9/723gEBgAnjNCoGAAccbvCCVE29sXBNAv +Uo8MiEYEEBECAAYFAjuYRI4ACgkQkC29kYw4qQpqwACfcyB4krJFqyeHoKzRYDqW +8JDUdvcAn2pa3UDeKM7FVe8LgCQyz0McM4JqiEYEEBECAAYFAjwH+10ACgkQ2tKw +XV88MYVF8gCeMoYaFN7v/VDmuYt+G1BXDxzcuusAnR8fAcIyBjSffB0yEIwaA7O9 +X7ZxiEYEEBECAAYFAjwIEdIACgkQaliC34RARgJ9zgCfS1K0bROVSB+9wX4g+xEE +0phEAToAn3etSLME5hzsisIRMjUsGbBDe7+aiEYEEBECAAYFAjwjtVQACgkQRHJT +9Ar9DKjv+QCbBE3lRMzyKxTbPUd9v+nB8EVqv4cAn0DxPkAIkuriAuwtOjCypTDN +ydyxiEYEEBECAAYFAjxdq0AACgkQ7vDbNLMhJgNwvwCeMc0QmOS0ctJOX1J9a3DW +kMyUdf4An3iIslZ7stkMOi1VdyE5fR2YDvNFiEYEEBECAAYFAjxw4+MACgkQGM0l +pSLzivNlngCeLdkkRkcyHVKttl6Z9IQExE+gaNsAnRko+7BQOu5jXMfGarg1rE2z +DhsFiEYEEBECAAYFAjxxJxIACgkQscRzFz57S3PkJwCg3qepdTsiNKuGYC6a1RlJ +ZTBqkiEAn2G6ypvCpWAL43LWbMbyyf/rYxSoiEYEEBECAAYFAjxxQYIACgkQOhqm +NZCaVAYvbACgz9mXzo/nC64mx03IFgL8oFuBAhIAoL91NILXxGYrkaOnM+2Ci20U +vA3ZiEYEEBECAAYFAjxzeIMACgkQo+C50no0+t5J7QCgpSCgGQ8eMefvsDsF0DlE +ZzuAHNoAoK1TFwuK7ZowUQJyWp1tKDtNDbx3iEYEEBECAAYFAjx+gfMACgkQjjtz +nt0rzJ3/dgCgnDMnLna3yPskxeVf32wDbTHLxf0AnjWCw4lfYauS0LumGv9uHN9P +aErhiEYEEBECAAYFAjyAY8EACgkQ14NrbAzZIOdEPgCgt5DiZfRFkvzAPecRDCIp +3pOdUwkAnjj1CDE+Kzg2RiK9Z73QM8B0J4driEYEEBECAAYFAjyBd5kACgkQ/3vb +rZlD49+lmwCfS9apz+gEHsRV6ELS4NtCLvrJsRkAn3AexpisdP+8KwolieJwaVPi +tN2giEYEEBECAAYFAjyMzCQACgkQhbmQdcKRDkGoiACaAqrwXn6kf3aD7wss1rgQ +mrCtJKIAoIU6uifoxBubp2+YjW6kjbnkFMD0iEYEEBECAAYFAjyXNDoACgkQoegC +cNp0M5aGrgCeLBRQ8CAVzPO8OTz2TMFqYLIbFrcAoK2qJqojmF2+THtFCHz0hhiB +AekNiEYEEBECAAYFAjyXNjgACgkQg2i7WWb7wYxzxwCfcrZ5yTwjn9Sh1S/yL3MB +KBs8uxUAn0pC4GgIsbbaxcf1QA5AYwFiPcPEiEYEEBECAAYFAjyxODEACgkQJXt5 +TsZsoD0pVgCfTIJ88OFNFlnUFoNZemDdbd4ZqEsAn1y5ZyCl5SYkqFTGiVtkgtII +EhK7iEYEEBECAAYFAjyxguAACgkQeuuK7Uc6ScnBgACfUlQrrDUb78b93JEvThA/ +f1ZankIAni448ZxagzPjnj/vH33yK14agnq0iEYEEBECAAYFAjyxj4MACgkQocWS +fM5dzg4qigCdHrjYquNu2aphWggG5E0G6zCW5MEAn1NQJmKkTEUsbanbVOBx1G5w +vYkeiEYEEBECAAYFAjyyhzsACgkQVlEzpFDUq7k99gCeMJc5KvC2gAHgCVjv6Hn7 +AKgY+rMAnRFIrjunb1Sh77542URoWAVmuPN0iEYEEBECAAYFAjzyIFQACgkQX180 +7qC7Pev9PgCfcW15D2cS4UTkn11BSqn+pgrA4KIAoKzLDc78X3OFDzVXTOvk8V89 +OshGiEYEEBECAAYFAj1uHIwACgkQKMb1a4F8NWhPPQCaAprFvggEHBTVR+KWzm0Z +3l9ijLIAnAw2QtJ1Mlnz0ctNwSJwORM87/ARiEYEEBECAAYFAj2ERksACgkQ1Dyz +BZX+yjSzyACgjUKL3CH2UYciEAarZU9H0ZYIIWQAnA6I1aJ0FgWiF2bd/jgWaBL2 +jtd4iEYEEBECAAYFAj2F5U4ACgkQdZc6ENbQhKbt/gCfblKSqJohqhaFawtXPs8T +X1UqY/sAnjqwumhFN4YAAez36gItTB9BxcmJiEYEEBECAAYFAj43BmIACgkQkQgh +ntzeiQqeGACfSyyIi1vPniQOq8xLfgjDxFkkVEYAoJSFbH8uhrwBMa8aOIRkjN9u +RdY2iEYEEBECAAYFAj+Q/gMACgkQdt8qX2QD4/2lhwCgnv3QSQPCGbmTI67mtAxl +9d4rZ4UAn1WXmoSknE2WYeqRUb6d4wAhG/jViEYEEBECAAYFAkCnUpQACgkQt+hx +Iz4tn22gnwCfTWoR3vhEv0yp1Ks/vz7jow0Tw6QAn3YXgQn0DS9/9u7AyG5gjh18 +VLtuiEYEEBECAAYFAkCnUqEACgkQt+hxIz4tn22dOACgjeYArERuayyqZmozCahs +gUyPihMAn0PkgZDTwKgSw690xdLuR2rWJrPQiEYEEBECAAYFAkGD05gACgkQ9oi/ +YaVie2EkhgCg582nMvFSTXDb/PdF0+kZTBQTCGQAmwSEka7EMzOzoCxEefZd+GQm +EdcXiEYEEBECAAYFAkGGD60ACgkQ6gnEQD//YGyIWQCgruyF9KSG2GuqPVQIsizC +CV8rjPcAnRQsBzfw9QLM960FP64YWUCqhYkYiEYEEhECAAYFAj0EW94ACgkQj/Ea +xd/oD7Lv2ACfUACXl0hDfGeEdbGjhIa/hSaZCrkAmwV4SdeJnBoXV22VBEekmTfz +HKHEiEYEExECAAYFAjyvU4oACgkQ6pxm6rn41tmEewCbB4FZ6z6dmSJ2epBIdeoS +8KHLNhEAn2ZcUDKfuFpVVDuV/bMhpjbbHJRIiEYEExECAAYFAj0FswMACgkQoWMM +j3Tgt2a46gCdFwSWzfEmyuvfjnmNPzCyvdO2R2cAoJRl1Ibl/2hPXjenl1f08pQL +ThZAiEYEExECAAYFAj0GRB8ACgkQKb5dImj9VJ8FHACcDjdyCPMWjSbrXKCVFjDt +uapl428AnRSI7e1VYRJcVdGmrAtmu360GrQpiEYEExECAAYFAj2J/ScACgkQ74J3 +yv6ZHpg4ogCgj8BllYTJEQ5sF62Qd2q9o2FNJ8cAn2K/7zpy9M/Oig+yIYofaN+5 +fnUUiEYEExECAAYFAj4ykiMACgkQaqtaJwF/Vr1MmgCfcNfOOm6/woHpEtuFVgYX +vUh0tG4AnRTPBwdemHFViOojNJ0glWck/84ciEYEExECAAYFAkDa3nAACgkQRTxF +SQIw1gIZCQCg/jjaczO/s9GkLq/kftPN8A6kLr8AoPwGlVzoq5yWxhgCkEMfV+KI +tmDViEYEExECAAYFAkGE+RcACgkQ3ZHkUS+VgsFX/ACfRYBeswRWTHOdc4gLefxU +VSGbj8wAnA3CWEF3MQOIpJQ5KSFLE2104h5riEYEExECAAYFAkGNFPwACgkQ+C5c +wEsrK56k8QCguxJO7l5effxWbaYOgeVko8HiQ80AoKSJGsOZGx1nvQRKeRK/7DrZ +bB2piEYEExECAAYFAkGqFTYACgkQztt/8ZMtg2MVMgCfZevJcAcVXa4hUUJSjkWo +0j/b9MkAn2HZC4sNs9nMN1PvX95Ge39wfBEKiEYEExECAAYFAkIrN0cACgkQi0rE +gawecV4jeQCdF+GUDJuQnCaFZqw6sNgZtol0UncAn1/VQvGDB0Or+JItHnUlCU98 +URNXiEkEExECAAkFAkGD3AUCBwAACgkQQSganqDijRh6lQCgmgm1rqgdF3qYuDQn +/S1vFxggwpIAn1htaL3fD6o4LnT/8BIm6K6tPGPWiEwEEBECAAwFAj0BE/8Fgwa1 +sWoACgkQFBE43aPkXWatjQCdF96DM2kdreTGbWTKjTMTuwB3AtYAoOxTFERoyUCn +7nTsufD4QpxIkJCiiEwEEBECAAwFAj2GAuUFgwYwwoQACgkQU+KFTgvh8OP+lgCf +TLjRfVihRNQQ/MVIuHttesX/s/4An1ZBth8G2EvCfiOU2KoOjl3MZUJ4iEwEEBEC +AAwFAj+ObrAFgwQoVrkACgkQCmLlNDenkUkzjQCeIR3z4h7TMEeNI9Sy5/4Sgclj +9WsAoK9yVbdDuWQJQh/ZBUpx0GjxMSW1iEwEEBECAAwFAj+SeAcFgwQkTWIACgkQ +78vN/2HwW4xfggCgg+yTSXldBhvFoDXoAeOwcC74YqkAn0b+tC5AZ2BQkg0vJXZ6 +tFXuOvhaiEwEEBECAAwFAkCoZL4FgwmwcCoACgkQEgljnRFKqFxfngCfbXYSsBtM +M5hcUCsnm9IvyCmMhgAAnjtDe7q+5cW/JmzE3illB+u8fc9DiEwEEBECAAwFAkC/ +Rz8FgwmZjakACgkQ2S0k392WXIP5uwCfTlmW1u9U3nck5mCo6DeTHNTmUvkAn2jn +jXhvqKoLfS2ERRwQlFFAw6NRiEwEEBECAAwFAkDbVF4Fgwl9gIoACgkQ9ijrk0dD +IGxiBQCeJIrdN0kFT16KL4COSILMmcjVxygAni6OinWWNJqCk+k+BNIvKpm+QKm2 +iEwEEBECAAwFAkDxIncFgwlnsnEACgkQkvv9V4b8pZK7gACgwOU8kI9ZBzryS+Hx +AeWEo4WjeC8Anjl67/wgPGr4XAS/XA1xmWzRwZiPiEwEEBECAAwFAkGsm40Fgwis +OVsACgkQLEmBxMM0hsB4NgCeLxvQw1g9MSpWY9+2VbSK/4vNd4EAnicGGKdS3Zy4 +8E4GBZr62ZmWjr/iiEwEEBECAAwFAkHCEoIFgwiWwmYACgkQGFnQH2d7oezd+QCe +JzuPIHb2H/PX1R9NYqC6z+63wFsAmgJUX4Ei+WzKGs2r8LVtIo03nc/niEwEEBEC +AAwFAkHCKOAFgwiWrAgACgkQgcL36+ITtpJ6eQCfQ5aTW9WLJNVWTdp4fi618YDd +nNEAn36Vz84EsZ0gpO0Je9S+geCrffj6iEwEEBECAAwFAkHCKTAFgwiWq7gACgkQ +a3Ds2V3D9HOXdgCg91Pqo7tiv00Je9XoTIJq82ug6gsAn2Q37v0WzuggX1xyzDSR +7oxz77owiEwEEBECAAwFAkIi82wFgwg14XwACgkQ2KgHx8zsInvpsgCfdHcjOaK7 +aK1MBAYBaWwkK4rfd7kAoKxblxsQzllz7sLvFbK7xG2ipuNJiEwEEBECAAwFAkIo +ngEFgwgwNucACgkQLADuUthSlVgXawCcCbstExBnVkd/fHvatuzJ3sJ0g0gAn1t1 +CmnaMwV/HVQlUhfqefYlVN3giEwEEBECAAwFAkJTjYsFgwgFR10ACgkQlvNNek/0 +hjUNPgCfRJZleAq/j/4tbek4A3/lhgXJha0An1aToz0bp8HSf2NBjW1euvf/4VZC +iEwEEBECAAwFAkKYjoAFgwfARmgACgkQTbbnG4BhqDBuUgCgyBpzBy8k7OKzjiYr +KMGIWZqiMiYAnjHdHdzo6dKcV+J3ef4hl3VcLqDfiEwEEBECAAwFAkK9MmEFgweb +oocACgkQr2QksT29OyBNEACfbNEfltwRZ1RmZEkt9ZTwOJSli5gAn3brUt3vc1JI +xs8dlkwHV1fSJpH8iEwEEBECAAwFAkK9RW4Fgwebj3oACgkQ62zWxYk/rQd1UACg +wJNmfL/Cs6bYMFPC1dRrNsf2GtAAnR6K37k2u63FX1lbg4aSMLCcNviCiEwEEBEC +AAwFAkLinZ0Fgwd2N0sACgkQ9D5yZjzIjAkhqgCgj/Uy+2Xvfw9FAwPdWSaC+o4A +VUEAoIvJ06LeJppo5EQqEt1mc8bYV1UjiEwEEBECAAwFAkLlBZcFgwdzz1EACgkQ +g2E6UBaCfQMWAwCgk0N+XcWaLDssH7wYu0EtOFW1kKUAn3Vq83yrmg+F4TvieNmP +hhqTP6W2iEwEEhECAAwFAj5ecYsFgwVYU94ACgkQUF6IRyLnX0ugAwCgnZ5NnBWJ +3j9/7slzg5Iy/pU6UesAoLaNJiUgVfg+h3uP4vUJhum91P/biEwEEhECAAwFAj97 +CToFgwQ7vC8ACgkQW7P1GVgWeRq/ZACeL6lVKkE1iFiC/YonlBzLqNAdVkgAoIBH +8VYDXLRIgBpyfSdwc1YxTeDDiEwEEhECAAwFAj+P7j8FgwQm1yoACgkQKLKVw/Ru +rbuqxACfb1X6tBq7g3z5HgfCXv2sm2gQI5sAn1JLb8gDxuSRcWMHulGZY0hZJfvy +iEwEEhECAAwFAkCn2cEFgwmw+ycACgkQt5wosOl/hW1B0wCgiQGkFQEonh2cRtw1 +xXowakWqx/EAnjp2Du5T+xpOdf4O+JwV5DmtKqW+iEwEEhECAAwFAkGE6LYFgwjT +7DIACgkQGKDMjVcGpLQO+QCgsc+A/SO9bY78+ul2KU+7SCcztq8AnRbnT0G0HnJd +QYMffrLF5Ing2fP5iEwEEhECAAwFAkGxhHAFgwinUHgACgkQAVLWA9/qxLltoQCg +24DNLxMnSOcPFPCNLTPkyyjyQu4AoIe0tZDEDS7mvM6RQaHREvCuFIOZiEwEEhEC +AAwFAkKWAqQFgwfC0kQACgkQi5YpQ/wkPzzhMQCgj+rrxz3tJgTrmh3g3+5rIcWE +EUYAnjKOFjzGL/7SyFlpehh0Xa3oO69WiEwEEhECAAwFAkLrbeoFgwdtZv4ACgkQ +wm9wFgHGy4MQfQCffyaecfqcThyxP9FNgZ2Uz4pBwAEAnjMFgtk5JN6gZ+Ztgqe+ +YyYrGvvuiEwEEhECAAwFAkLw+X4Fgwdn22oACgkQWNqWrwuQEUHBCgCgn3XtRj5q +JxudfYkec540HnkoerEAnR2x0A8LAA49rsbhCiLZlmTaaD67iEwEExECAAwFAj0H +TRcFgwaveFIACgkQPGLK2OTUMk2IMgCfUXkZfmZrMFIiYO8F/naQMBs/94UAn2Xr +f2uaISYrPudIbRkxYm+R2NrZiEwEExECAAwFAj14eLIFgwY+TLcACgkQ0BqcGU12 +bN6ruACgi2uFjh4Sy0Kjyd760dvfpa/9jtMAnjHyPQ0tHYSqSZDD9qaQvb/F3PlM +iEwEExECAAwFAj15MRMFgwY9lFYACgkQcFxTidXBs1halQCgiR5GTSx4fSCqkikz +rOOOXAonDVcAnRFQ13dmkjLcRy4E8bxLtm8xPyAdiEwEExECAAwFAj2DrfMFgwYz +F3YACgkQAtbtIeMsT0ugzQCaA50Snyeu82nth0ikNVnzHD4W0eAAnA9WxGBmmpvW +YOq5LOTy2fVe2P+EiEwEExECAAwFAj2F/AoFgwYwyV8ACgkQ9Wsmo6Y5nnPZcgCf +UvxNXjoWYEsAYJz3z+MWDeGrfJQAn3slXF9ced2OAN3YgYZNTlIC7UUaiEwEExEC +AAwFAj2IEOQFgwYutIUACgkQg2XL3N1NTv7QVACgr+C/P7gqGDupYTC21jl07mPf +G/cAoLZ9zkmr1YF6Br7szUKksSan6fwtiEwEExECAAwFAj2IOwAFgwYuimkACgkQ +Hb1edYOZ4buWMwCff0YYdFZ7gdc1qjCaeXDhCfLe0OAAn1OJuZ/eKGk+i0V/ScLp +OMLn/SCCiEwEExECAAwFAj22wZ4FgwYAA8sACgkQVkEm8inxm9HyigCfaNbjyIlH +YA9cAv8sLkz5uHRoTe4AnRyDPfAFiBPZZhwJNDlmTEColXL/iEwEExECAAwFAj72 +Ip0FgwTAoswACgkQofbulCQLTD21TQCfcKuy3MEjJRrikDBgKtpIP1at2cQAmwRl +ZNeKOT0UJ4RNt2piAHqTD47giEwEExECAAwFAj72z7wFgwS/9a0ACgkQBYtazUQc +X4H/jgCfaQXW+LvjoJacVNYrdxhXUYx2a+4AoMQV/y+zjcnaNRbZTH6unq4fBDB5 +iEwEExECAAwFAj8AnloFgwS2Jw8ACgkQMozWs+vCdRW8xQCeJLRNfZLO7twP4DnA +saP9wNdsI+AAoKChEzuM19HrksvckWmBVafawaPRiEwEExECAAwFAj8Fq5cFgwSx +GdIACgkQTrg06OLM8A+J1wCgmucpP9rc1NjzPHDFNcQokRbp/REAnRvctW/8AwDa +H/btQjPtXgQGCbrPiEwEExECAAwFAj+PlHgFgwQnMPEACgkQbHYXjKDtmC0gWwCg +rfQwM+i6i82wTcXx8LRPVHm//88AnjOiqMYKpGj4cpkwdX2nhUlZEyGOiEwEExEC +AAwFAj+QUxgFgwQmclEACgkQnQioDO2QjWrbcwCeNw1qkRaDRy3/fl41K0F7fbCq +q58AnRXqq6031t7zmMdmZDvFlB5M6uFXiEwEExECAAwFAj+Qbb4FgwQmV6sACgkQ +lSxWI2ynbPR51wCgkZpbx8pnoqj6mmXrUQgJSce7eRMAoJcbGZ0ls3JXAJRD5y0P +YzznxLIriEwEExECAAwFAj+RGicFgwQlq0IACgkQ46aNyqaY2pkmnQCeLsrSrn63 +Mnhc7lwklc3UHlYHQLwAniZuyemrUEsU0fdQKHdafHg471iPiEwEExECAAwFAj+S +mrkFgwQkKrAACgkQtamfe9tFLSc5AwCfaA0hJcLIfm1Eek+X2hs01q3f2lMAn04y +qK1H85hZ+77goaEBj2YEEiYsiEwEExECAAwFAj+TKtsFgwQjmo4ACgkQrSAagZQ6 +Xw5tYQCbBE8yHKPJrUivqIYiVJL8y7voOqAAoJc/HBTNTrRSxyjK7nPmyBYlbY8m +iEwEExECAAwFAj+UBecFgwQiv4IACgkQOiUrvZ0kS1UvJwCg2Lw5xCu5/pUTEFEr +cShPUDM3uDIAoNLDQt61O5Wego+ez43N2N8doSqFiEwEExECAAwFAj+VCZoFgwQh +u88ACgkQTDL5CJndlGiZvgCgiM3ez6j21lBLfJnMIKhGMrMhW/gAn0WLirWDnek/ +f9iDEMVcGMEnwOOciEwEExECAAwFAj+cMmsFgwQakv4ACgkQNgJWU6vgsQY8MQCc +DE5hjYq9uHuyC7ZnBg47a5BkVdsAoNxLfUY6DeCekwPu3e+3qJsbwib7iEwEExEC +AAwFAj/UdIUFgwPiUOQACgkQW5ql+IAeqTKRqACfd21FYGEziCv14kLK2bD6ghb8 +0jUAni5XNqaFLg8i+0bg/MSQVf88ZQKziEwEExECAAwFAkDcUg4Fgwl8gtoACgkQ +zQ+com69o1nN6gCfUXjD5LUESFXa08Px3pbfXidXAuAAoMJ1/H/oFgcer7t+tACN +2vC8GGYsiEwEExECAAwFAkDkGbAFgwl0uzgACgkQHckf8471INHpVQCfV67np1ke +Bn20I5JABN5Swm51B+EAnRxMBVbypQcppBhdWnxQadrjhHVqiEwEExECAAwFAkDu +oKIFgwlqNEYACgkQyA90Wa3Cns2o+wCgjBXhs2mEn9HFs5F8WR4AdTpWp0UAnj/Q +ls/ZRkcy/RAfAN12XgHOkpyciEwEExECAAwFAkENp5kFgwlLLU8ACgkQK6gmAsLO +gJlWDQCfe7E7rcFCn9xuL5Rh9MDVVueAJY4AoIL6CdZIlgg9Lt/HG2dDFgwPwbkG +iEwEExECAAwFAkEYu4wFgwlAGVwACgkQ1W4oD4nfjasGFACgyTFOT3NMOo7DObxu +lYi+WtYriqUAn1Y740hi4fWeByAn5qoUj8brf24piEwEExECAAwFAkEiMZoFgwk2 +o04ACgkQ+FmQsCSK63O7vwCePBtM5gchuVC3gXAMO7r1A/le76AAoIMM0oq6wuiH +nT/dUAG858Cw09t0iEwEExECAAwFAkGA8OwFgwjX4/wACgkQsYn2tNI6QchEuQCe +N/pbbqMBzHuAfWO/g9QfmlmVIW0An2WQXrXoE3xnVp2C85BtML2phOWPiEwEExEC +AAwFAkGEAf8FgwjU0ukACgkQTjypAm4rQ9yB6ACfYnJx27fjxYsq+5UfQEemQt2V +O3cAnApE8yUw0B3ZpqCyfRo8JQIb/cJUiEwEExECAAwFAkGEkIoFgwjURF4ACgkQ +lPH09zrL0iMiigCcCIbdWZPauTvF4Pn724WxH6Qed5EAmwcodEzOE/rElE7fqScR +mudd8Ur7iEwEExECAAwFAkGEvnwFgwjUFmwACgkQTbPZ7n9FhNqFGgCeNgwyzTJY +1OABEu/EoBXEUOENxdMAnA6Ul/yxKQihc39VvKQfpdwPGUhRiEwEExECAAwFAkGE +6B8FgwjT7MkACgkQLMilaHDIrOVJxQCeIJI+GgF1UfUOjkYsjkq260Q72OUAoL0e +kc/ixpvh4Vs0j1q9Wx0fpQUwiEwEExECAAwFAkGFRwQFgwjTjeQACgkQDecnbV4F +d/JDbACfW5h+kLB3Y0wokkr/sxy8RFXwp9kAnjMs2yoVbG2ZbkHQV2ZODRF66zuM +iEwEExECAAwFAkGFVkIFgwjTfqYACgkQqI/9z8xhHubw1wCfWLT8UnjyRQIuxGPP +WjtGVeezdP4An2GJa9XsZW3yv2eOPAsP93+npZtdiEwEExECAAwFAkGFXLkFgwjT +eC8ACgkQT6RVPNdrU1mZHgCgq9+wyMgDr96Ism0gY9OxSqMA+88Ani8EIVnKhI6t +rTzgZLZDrZ5pdzDuiEwEExECAAwFAkGG8eAFgwjR4wgACgkQbHYXjKDtmC3wYACg +1f05WHi83tg/PMHoBkqlngdDIuIAoK7KZ/to5FrkfNphn6Zo0fozB1n0iEwEExEC +AAwFAkGHwbsFgwjREy0ACgkQVm02LO4Jd+iS0wCfbUWuTf4DZrjdua5kNdfvk65g +ojgAoLHPPvTdAlVKacX/rnPD7c36LfuYiEwEExECAAwFAkGH6+oFgwjQ6P4ACgkQ +TTx8oVVPtMYoQQCfXmZAzk9EjL3qPz50zZgSUO8l3m4An0Xoqn603NHFaHfbBKdt +WGijlgl5iEwEExECAAwFAkGMPFkFgwjMmI8ACgkQiSG13M0VqIMbDQCfSxC8XNls +eJ9VQ50GJ66KwSDljmMAn33ApYFWTs8qa/EBIQSgqPlVEBO/iEwEExECAAwFAkGS +MFkFgwjGpI8ACgkQ/2R3A0yRcenRkgCbB5vYhB0cv0S9X1y54Ci1KmaMDNkAnjeO +H5rAZQsOQZXoDJPzHNrjYpLciEwEExECAAwFAkGTrb0FgwjFJysACgkQ1mvqN8E/ +x7b7ygCaAyFqMIKTMqQYuQ7hnGpMTx7FPmoAoJtfYoL1pFmVZ5Mhwkv9GFUee+HH +iEwEExECAAwFAkGZWWUFgwi/e4MACgkQSvFUKpY6VLAkgACgiL8te7hejTXfDXRI +OAZeVzd76/cAoJbmj0tdYt2QGc3j/4yMnmXrKPC/iEwEExECAAwFAkGc8GEFgwi7 +5IcACgkQV5nlLYTPmpDPdACfbASh9WQ47r2zzcVcjlfbvsz2VvgAn0KtwOo73pm3 +e7aPO/mYlLsP4V9iiEwEExECAAwFAkGqMckFgwiuox8ACgkQdDpVTOTwh9cWbgCf +aMETpI9v6LZgWuTCzE7DceGsuW8AoIcBSwWGF0XkXpRYcvXfjvAg57+piEwEExEC +AAwFAkGrJUQFgwitr6QACgkQzop515gBbccEhwCfZhBXUVoNKDbW5mpYGxfKrMfS +cIgAnj0XoOlYmWWNN1hlKoSQrZSvh4FFiEwEExECAAwFAkG3PJoFgwihmE4ACgkQ +EfLcQ8rmNEIRiwCgpAzSttJZSiGIffSr4/dixsFUVxAAoIwnyzPthchrUSMR10Av +PAu8Czm9iEwEExECAAwFAkG4HyoFgwigtb4ACgkQ5Vyxg0d4n7u8mQCfdQ++3anp +pXuhZp6cQIp1DCCz56AAnRA9B/n9ah1wL+IMjoBhFvgSW7JLiEwEExECAAwFAkG4 +K9cFgwigqREACgkQ4We9YdVB4USYCgCeLsm06Ov/Yoi9lfn4UB0IX3qwBFgAoIPE +VT2gGxQYua51y70pjVYG6t4eiEwEExECAAwFAkG4Wg0FgwigetsACgkQBMQfNs0k +hKmYzACfZgUeTlimmFrhBDEV6SsslxvVIGUAoKZR9c4+kfE0+BJ069AUZBkkeRKG +iEwEExECAAwFAkG5dt4FgwifXgoACgkQPrq84hvwIdMBbgCeJhjUvC1klrCPhWqK +hyfoKJE+hWYAnitsOnNDnjkKDdKta+mrdL23iPD5iEwEExECAAwFAkHCqnIFgwiW +KnYACgkQPG1Ayb4vCvZS9ACfROLs6kU6Z93eoFUJl5H1M3U/L3sAoIgAGfCxQ3sA +DvFiYg11GTGnDzffiEwEExECAAwFAkHq47IFgwht8TYACgkQvdkzt4X+wX/UgACf +eM81+Z/SliH++ZzOmy5ZR9ljTo8AnA5DGAsPAbdU7j1NN0NXUg53dNvkiEwEExEC +AAwFAkIIjHoFgwhQSG4ACgkQIqUcje1P4MASOwCeLyBkToAQ+3Bvup4B9POq1xip +ZNgAnAui9pLAdwaGAZ8w5PFxuS2GoXxEiEwEExECAAwFAkI2qnwFgwgiKmwACgkQ +1cW3Q8Sn6j4gRACfQWmnt2z+J0tB79JQ50hNEVrYuKEAoNAe1Y5xlLlDTSKJmnwj +qnN0qaeriFsEExECABsFAjbtSOoFCQzJfIADCwoDAxUDAgMWAgECF4AACgkQXeJJ +llsDWKK11gCfUgltInjqS+wGOrxfjiGjJsNmVtYAoJLaNHln4KYwLlYOo16kdcB7 +dqUDiF4EExECAB4DCwoDAxUDAgMWAgECF4ACGQEFAkBd2egFCRNri/8ACgkQXeJJ +llsDCRDs0gCgy5RdOqhFvwUFYWj+dHb4LGt7xi0AoKduFxGMuM/loPShQnjvk/VV +FesAiIMEExECAEMFAkKVnMMFgwfDOCU2Gmh0dHA6Ly93d3cudmFuaGV1c2Rlbi5j +b20vcGdwLWtleS1zaWduaW5nLXBvbGljeS5odG1sAAoJEDAZDowfKNiuNUAAnjPH +ZE2+qGvOkOkRYAmqCFMXw9euAJ4lr8dHPg0y8xeNH8M6rSswZaeHT4kAlQMFEDuB +4BNSrOsu06QsYQEB6AYD/iRZgJ2U+hTGt879PPwLW1y7dQFbjMHqbyyM7eml9ZbC ++m+jqNvMsniFCR5qvStMgbXuUZGGpd41mL5+vqF0wwM00nBQe+rr5grY2oMPCSEJ +RNtHEamOsbc4GP59nrwbUhA7MKPSrPCvh9bvh+XQ7MSlar9eVBkqvnYmKdaKI1io +iKIEEwECAAwFAj+WOcoFgwQgi58ACgkQ4WdUde/jR61yvQQAghvUxGu+fWc6RUEZ +nrQ8n69FOPRq+od8fiYNF5iSWfBon3hmT8IQi3vRFbqCcKsd7fn+rl2zZjFU5f7S +uzaF8+hODuH7B/jK+bW/dnhpgDRZyvmZMtLpeAOPh3IkrGEeknV1LeTZcRJnbGTZ +iSu3LS8E/AVuSXmmj+2tXXBzSFKJARUDBRA3Q97TUoBXRHZTQB0BAchxB/9iTH4O +9RoIshiUysQgMpncn9o9snx+sCO/NiSuAVleHNBP1d/Kvo6SGLJYoVfbfLPMNVyu +Z4jGi8JQjsgVjpAz93nIevhjz7Xwd3JpS9oUvPej1mdWnUB4AnkKQfN+5+eso9Gk +7OC9cWq20lU9tpVMDIlOj8GHR9kYfJ4fBbzdCGbG5Z9pzo+96gDUMzX5ZrHlChdV +4eHJPMi60XeK+mpocQFQH3GBUSTeM3Sy93JoYJLdAA2ZcwMF5xI8HRx8u0rwCZNX +nDTgPaRbDiW7587n3dWn7Pwmxu/CPtCQ4YO+WdjcKvHio7CqojtM8/7xuclkp3Wb +1pE1s9w929ca9SHdiQEVAwUQOcqYVhpPhku+30gxAQGDOwgAjoKCGePm8h7g2edN +YGosrPTMcZ8PNCMETXMZozgCbEd5oWvotRaZnta2CZyj/u5gOrE7z8XR2PNttenu +HVDii5y0KwaaTR12/wrp9VJ61wLy/4zncnx/C9Nwg/Mu9Y2bMS8EuL16yWNrm6Yx +prWsaaYy7G251NI7cseXcVnuAowzm6k8ovEwCAqVl4s7EUibNQQCuDgH4idUdr41 +0fDnpUalpvsGYf1wqhs93RbjU7pNEaLmnlz8zESHYaev+JpMVAfnw/jjWp97xyCu +al75xrc/aj93anrobvU/sSKCDbteDzW9xYyjqZGu2npn+rBR4iUHZf9j/glwT0PV +nH/jf4kBHAQTAQIABgUCQQm8qwAKCRAz/XFX/s5mTm10B/wK4tRztfYKQVVYYl3r +duOE1rEntFEP3yV0H5qkIlPrXNi3j2hgOiUEBNDgFpuJ9rSz7IZ3GcIGlP2IlT9O +icGwpabAtoB81S8rJKkzI+bBLCK2J1xJslIdjk2FO1u+KjLu1gu3RZYaYPc3bETX +XmtECI2h5hNazvDw+QS1JTIkqr/vhl3TY9JAxiLwNBWn30phh8kRzvRJh1EI584v +RVb7nTSd6PYpnpoEskJbXyAc+BV2QLPk95oj52MweGADFNv3uuyUq2WH9H1KP3Mn +wNReTy++woQfLzobHHMyBr4ccC4uKlqOmBcZ+kkmEjxrJTRALelu2quUhpR7a0tc +qFxSiQGiBBMBAgAMBQJBhRYSBYMI077WAAoJENJkZhEZk6qtGSkL/0qaizY3Ix+h +wNj+UAN8sGhPLYNGSnPCgLyLMceByJP7fpF96Try6wIYsVAsXdltuC6wEsDNjIc7 +4FCduAc0HfhnJ5Yu3ciJ/DvR//vlbnE1pp+RysVf7V3CVNxLgOdfSBd76tgktcfb +sh+R+qKR4JtWjojkET+XAOrCDYNj8P3nNxHzzYO9UHSBsNzrm46RBFNxtETh0nDx +mgzfu6i2vpSwoRMbi/39VGlHJNYoA7itVZfZx8FebJA9KcirRDGtWcofsUhWWfnQ +A2K+ahPIx+N0xVzuxjKZoXbkSC+LFwzaoYFUE6OcFsBkUY40QhCNKIWUX3kSZVUW +ro6WuwMltQAkXG+03awShgpciqzZ3o+Oro8zmMoESJl9c5oUWuIfJwHpvrw7UrAr +cZLdf6bcOjHlJqGv2XSRJIxeiUtLghPrZF8pqN7j58yL94QC7PsQLsRkcgGLp9aS +v87O7XzGU9nlyOS7wR56pQPClpTO8tm6ckquKh7T5jIqnszVh2t4yYkCIgQQAQIA +DAUCQcIpbgWDCJaregAKCRCq4+bOZqFEaCX4D/4kRmZ8eDsYuKrw8OS0yUK3PI9k +4wyBGxUQmuJKgXFRAbCkUpATHvRh6ZXquWFSVbgkay3cfbGLfZWiT7TAz+k3eiVS +tm/Mk88pqlTfu2pUq0/5bpqJF9zt/L/i2aY/030A4l5gsEccCsdy5F1FXQPbYGFT +vjtPJx8hMstAG761HhaOib/A2O8jd7f8elZMGSTubtsFJ1/K2Po6sy/3ylJlfo/F +zgvqTJYju4IPsIrq44D3k4kQDMahU2W4k6crQncV7w2wqC0zxmuZIuCio1wyvYG3 +ey/pjNfrOemSuA/gmmN38uBJM+vEQIPnUdJslc9H2eH4rVKFEQZuqUk+HUdwVQhJ +KfwaMmSiGj4PeXphtFc6a3lqfhsiN+7lOnzk0dRMCxZEMgLjIC6pGquJ610zsYGR +b/viXDUliNBJod7CeOHRH653/00U9aaqh1Km2He+BWmtZt+Kzw10YUm8oox0/E6X +lE4EL8p/LP1uv8vbaGzTVxX5NIr9gVhrnOVDHHXtlFZxatg7ZLuSNkK6oiqsR2yn +xk2ysmTQEzyi20UFxnH8ICsUyRyEDbJlbewQPtJRnknpV6QhsUA6bVytyYYA3RkJ +qSDojEgAgz5LL+Zhm1Ttz9ccwxJY6/ZevzlScNrFxPnzmaotfWPgFis0yF+PLZGT +uf/gssj8yYMAWhhtBJkBogQ3OvfdEQQAw/+RYsI0gH0jpxd1Y6dsbupdOX+dmT/U +5Hha81a/nTrEP/vOIjx83r26zigtSXBDr+zrMTh18Xu2CYLOogsLcE6ayhdzMes6 +OSd57S7WmoWufFEQOB1+28aaLFyzI0XW6MpnCPYJVS3mVrMr48My2jWL0jitpZMs +cjGy5i4afSsAoIwpCTjZRgFmv7Gflb+BGVUuEnOlBADBZ0X//+VHI1zZTApL8VhG +n7bt2EB/u5INdQ2wc29m1zqQB8T3rU5//5csVlTvW6i2w4gDHIAlIRNxvvdPNIPX +t/jYIXQwM//UDAc5IN0DEOXT5rMklel/mw7yVYfejiY5W4SxYhiGW3D4ybwKYQ7l +atQBBHYmGWLPE/YAjxdKFgP+LqWWdZ5KV6clKp43AkUk73hDMvGnl8Z/Vv2M+waj +66/MbJJdBgUW/Pu2NJGasxVSK8q36EXj9pNB0K8FVrx6u2eANEdrWj9MO/cchQ3s +C3I3et1N568qqnXOu/7mV1yVHJfS8sQc2tptMTneb7usmXAF5+OziUOcS7ukwSEX +nJy0Nk1hcmN1cyBCcmlua21hbm4gPE1hcmN1cy5Ccmlua21hbm5AcnVoci11bmkt +Ym9jaHVtLmRlPohgBBMRAgAYAwsKAwMVAwIDFgIBAheABQI/gWcwAhkBABIHZUdQ +RwABAQkQwKTLuYeXhWkpeQCdGJrYN/uT05T+grdci+zzNebybfYAmgK2OjM0TLkD +SZeSjVgKEx6tG7wltBBNYXJjdXMgQnJpbmttYW5uiFUEExECABUFAjc6990DCwoD +AxUDAgMWAgECF4AACgkQwKTLuYeXhWlAywCdGYJpwUWVH0GGNZ39SAt5NzOerMcA +n2Nfqz0v/sdr0mMPNbSziGNUevyBtCVNYXJjdXMgQnJpbmttYW5uIDxicmlua21k +QGRlYmlhbi5vcmc+iF0EExECABUFAjc6+dkDCwoDAxUDAgMWAgECF4AAEgkQwKTL +uYeXhWkHZUdQRwABAbX/AJ47R66dq4o3vobMe3LqOHhXEdWeUACfTvV0bshBX3MI +bIY53lhOnqkNvVS0IE1hcmN1cyBCcmlua21hbm4gPG1iQGcxMGNvZGUuZGU+iF8E +ExECABcFAjxw+b0FCwcKAwQDFQMCAxYCAQIXgAASCRDApMu5h5eFaQdlR1BHAAEB +jmYAni0grvGxgcgSuXK3vzLErIkfFK+jAJ9OfvRc1QinOAydyujUX5roXM/opLQh +TWFyY3VzIEJyaW5rbWFubiA8bWJAZzEwY29kZS5jb20+iGYEExECAB4FAjx7ebMC +GwMGCwcKAwQCAxUDAgMWAgECHgECF4AAEgkQwKTLuYeXhWkHZUdQRwABAZRBAJ4o +xvVUX6skfJud8oKoYvy0l/ArGQCePXVckzHYxtiuH7NsDTesxWN2Jx25Ag0ENzr5 +dhAIAKcsu8SB0lBBOxYbd/oX0mirpH6wmQCE9p+GAsUA84pj9xE+beb7hWlBLGeD +mfDWLoel7AsD7vVCciK7u/3I5XDPWE57TIJht0F4pfQ58p90EK2qqIxrVkmj8L51 +ohy0rot2VuklO/+2SlYj7a+wApfwPU9hkBCKmoQKbMNbkeX1C9O6cAOwa3bLyhd+ +5ZwVKtbsFXO08dkEmR0g7i0+jOzKVZdTAzE2uLg/3m58Uy9g3UMxhg4tbWZrS0Hs +cWdZXoAjo/cw3nC6utaZSy582gxpGXf4D7DjmUOW9AwkDbPZFuHCyYRrpO/Q+4kQ +vKTkDIi6m3w1P9eGm7eq7ds3Wu8AAwUH/j8DBqWtXC2m1G+9nsj9bUuYtC5OMKyi +9MRiwbrCdlkR/q7hRgpvojxiui6M69s5raBIDa+3k2mAHVHqfR+7QC+n4KTXIXHO +rN4GHD6jlEDwnVrylqawMFAgCRutD7ipTPffJ9G5cHqPLuBJo57P49uR+DZ+lpng +qr4XTRMW9k95RkM5I7GnUU+13Tj54AzThi4se1leKYQjWBYQLbi//MOFZ8EpPeAd +P4nNCULHRNj0wix4U7hwEBWKHndFSrQKypwotIsTnoyfme2JdArcr532tD8+3miV +NHqd2BiRYInQRCGsVaLKzEs79sxMreBpv2qp+LCLWZ6V4QMaInonLdmITgQYEQIA +BgUCNzr5dgASCRDApMu5h5eFaQdlR1BHAAEBnD0Anif1Vuv+XbRwwHOnUyvytsWJ +WeMYAJ9+8bxaWB4D8NDgqzYSzcgpCWdF1biOBERAD/ABBAClEc+ggo3tKaaLNJSQ +E+C6sUQjjqXQnFgOengMBFio5Ur7+si8DK9iKolgk6HuIYFH6MeCmFvURicKoclY +MVGKGx8mc3iq7awBIrU4j74Rj5XiXjeMui/jHggH90bf/ouHNcTTsHX5kziweTdq +WVYo7Agjdh5ckv6cYqlg8/+DSQAg/KqjY4hJBBgRAgAJBQJEQA/wAhsgAAoJEMCk +y7mHl4VpGNgAn2cLCf57hXUddxvbPBgtWX4WyPxDAJ9fg38QhJrqfK9+z+zL2pZ7 +GqGrdIhGBBARAgAGBQI3eHY0AAoJEHEtyVg9xXb3TzMAnR0w/cs3O5FAaFw+aVSD +k9uUJP6yAJ9loILfam+WveF+MrGnusXsDvf93YhGBBARAgAGBQI3eRy6AAoJEDdA +fgkueqrNIqgAniqrGi+nLmBPc/iORHs3j8yMnN2oAJ9xp5U/RAYg2iPtlROY0EXk +pvqYL4hGBBARAgAGBQI3jxN5AAoJEKnmZ/8mzHhTgkgAoNlFm5PawxyMGlXB0yNN +tWu7iGuHAJ9gH6O2TKuIj7fYloIoBLke1F3uXIhGBBARAgAGBQI7QP/MAAoJEHkW +Lzb39qrZZMgAn04SZfDYEEO0H8+5/pkG3Z1J68AbAJ9hyy44uuT9q+5pvcEllbkl +yEYtaIhGBBARAgAGBQI7QQXvAAoJEDv2CcaLr829DjAAoNQfXgbkxwImu4O3D53P +p6Yw+dn9AKCoXLfEm6zS+k3dDRiulTpJ94NMSIhGBBARAgAGBQI7SG89AAoJEOd1 +4yTbQbOHoFoAoJxye0ZLZnOzejGbaAjddDnFFrRFAJ9JiefttTviGzVcZNYi6x9m +IU3uKYhGBBARAgAGBQI7SzZQAAoJEA6nVrUUSEP1/PAAn1fjkC9n6gLfWZFiD9h2 +5rtlx8NqAJ9+GN3xGvYw5oJkrkK6E/hyJKcI+YhGBBARAgAGBQI7S1hbAAoJECtK +7KmxIjWtboYAniB0KO+NBf7tH6jfR4atZfB9oJEYAKDUsALj1UN3GoCKQVxBPYWy +nYA9w4hGBBARAgAGBQI7UsBUAAoJEPHSzMhJehdtJRwAn1ZW50Mgvhp5Eo6mt+rM +Mgwy2cJ5AJsEuWt5hQhJBhn704ZjghvziiAfoIhGBBARAgAGBQI7Yxq8AAoJEI8f +38m84JQ2t9wAnR9xQ46nFf/hQzZZCLVWNvtKuxN3AJ0bCgAa4eqwqB5hg/yuNPEz +FbwhqIhGBBARAgAGBQI8bmBGAAoJEIeVOB4bvrhK6WMAn3ZhE2bM5T2GaF/Fh8Tp +EIVVQ3FKAJ0Q9Uwjr/Epn/57Yit+lmbMfnVijIhGBBARAgAGBQI8cRerAAoJEJss +h2hy8fIND28An1Z5Hls+Jskp6DbiIfGErYHYcjaPAKCW1DtpYhFK2uV4Pza37KWi +lvx4cYhGBBARAgAGBQI8cUClAAoJEDoapjWQmlQG7xkAn0bSTKB3BHl66795wtmR +doFKZ614AJ42rgO2IJG5XRh/+/jrcGjztvsBSYhGBBARAgAGBQI8dK6yAAoJENGj +7q+v0QrPm3wAoIe0Co9vlKf6gwjz4Yky9BiXvYyCAJ9m923YzjngFMGB47gqKmS3 +U4IIYohGBBARAgAGBQI8e3KdAAoJEG74r8KGV0rKYiwAniujSnXrQZ2eNGC+mXTS +oLBEWmzjAJ0Zk27daFO6GUgfwM92bu6XW3ZeT4hGBBARAgAGBQI8fUKyAAoJECwY +oCq0xfN/PrQAniShB8M6BMHsw3rOuIvxOc3XbAv5AKCYx7ubF1eWysuTN7GyrUZB +44Z8QIhGBBARAgAGBQI8jL2vAAoJEIW5kHXCkQ5BtCIAoInMgQPBUeS3wW2kq6/H +Cv5f+S/iAKCrl00OZZomz14dgloHRsz8169iKIhGBBARAgAGBQI9Bsd9AAoJEIy7 +QVMRS68RLqIAniJuMJxQyTaBG1jqO1WN78OXrBMNAJ95cE8pmb0CEMax3jmm3qwJ +ReaZj4hGBBARAgAGBQI9KMbSAAoJEHw7eXCIx8H3MKoAnj8ejnMUKjC5koe6wJtc +9LVJT0RpAKCIzW4B7a9CLQ5fz8hPQRvsWRP/o4hGBBARAgAGBQI9KMbdAAoJECdl +aNdcYVOt6iUAoJuvqfjsSHKGO49j2NrKZMJ67CRdAJ0fnfurvWJ3uQIqruDSQZWH +p8KYu4hGBBARAgAGBQI9MZAnAAoJEBjNJaUi84rziG0Anj2uvYByl0PC5AdxzFLk +XXp5dk8pAJ49YzZVnhkMBMPAO0Sm/QI63vBvs4hGBBARAgAGBQI9MuXOAAoJEFCP +02O8k2g5ZSMAoN4H5EETb1cMQs17fGuL1joMtVLuAJ45UH/ZE+AZLSWAdfe9dDFO +ZQnkAIhGBBARAgAGBQI9Noz9AAoJEJEIIZ7c3okKP0MAn0EOq7NUy8WKGo1KV/EZ +n5xqKUiUAJwLjZ+oDrBSqK0DUiyLjjOEIU9VmIhGBBARAgAGBQI9PHAWAAoJEIRj +NbghwGWY11AAoInXmR/k8Ne9PdwnYSFOE5E4qmmRAJsG+HisIophbRek8Gv/+JJU +Kua4fohGBBARAgAGBQI9T4h+AAoJEFSPWeucFDVdf0UAniptwdlWlYCFFfKW/pnz +Dd8FHGWyAKCHM7EKGExVSBggS85+fw4SfBooJohGBBARAgAGBQI9UvZFAAoJEJUz +dHX4v2Q6fr8An1koj58GE8xW9THsD+MWOUQ7mCC8AJ0ZmZKZ2SLfkPiabIMT2SzF +w1pivohGBBARAgAGBQI9tOMPAAoJEFKS90Pr1ZNrDF8AoJSdILy4qjGGbQlliBCq +pWE2shTdAJ0bMLGPV22bdiCAb+ClRTUf+N30zYhGBBARAgAGBQI9vAmLAAoJEKjd +nYDckq4wdJ0An2EyKrDlGADPuTxalNV9Jl3lk3LzAJ99srXCSn1Q/yiZ4QRN09bG ++E3QMohGBBARAgAGBQI9vJT9AAoJEDbPukR4kWuEUlgAn38GC0wC5e52psalECLX +tbhSe5TPAJ94pkrDtmSHfiDzc4wcTHZyTkBx4IhGBBARAgAGBQI9yzuyAAoJEAmU +kfeRsNO3mSAAnAhDCThzCLAeYLmJuaqEdgUsXuBMAJ9CqoF4TxYaGjLCrvi1BNwm +k1WsS4hGBBARAgAGBQI+MbfNAAoJEO7w2zSzISYDinoAn0oHAHeQNngKkgOzsYWa +0yylqnLZAJ0Uw/vXC85jTknV0mnQVdq2gPjK6YhGBBARAgAGBQI+SvTqAAoJEJh2 +iWGe0QG/ozEAoMCIqXaTTFCIxKnv4F+EbB80OdkSAJ97SDPfLqiJzAMXG6lvjHDa +rw3XdIhGBBARAgAGBQI/UOXyAAoJEJFazEWo9ML9ZBMAn35HFpq2xA/wWHM7Xu4S +roXw4R4fAJ4lFCPx04BnsgssRiaE031lZQuv0YhGBBARAgAGBQJBfAG5AAoJEBhZ +0B9ne6HsqnEAn3HyxNjfzzEVjzLoy0XZ+ZQ5hP9/AJoDLUzLUkc2fLXnjVzBlm8g +ZkAcQ4hGBBARAgAGBQJBfBJgAAoJEIHC9+viE7aSrCgAn2EuRkEC/AiVvXodTQWk +S5YS3DclAJ0ZkaSD/AB1dfba4ew+eJq1ZhFH1ohGBBARAgAGBQJBfBK4AAoJEGtw +7Nldw/RzcSoAnRvnV5SsgKsmKVogURBP10GMeWz/AJ44hk9u/COHiSetWHPT6PIH +72vUeohGBBARAgAGBQJCKNAAAAoJELZr9ntxA8Xa4A8AoLOrStPezgIdnhfSDc53 +3a6f3krSAJ9zJFv7eYIDceXsrBNAVGbKXiEA9IhGBBARAgAGBQJCXCq4AAoJECqL +xADARsA5ez0AnjIC2fOR4A4laWtCc8DeaeCv+luuAKDhzoNo0SdivuqPXvMYZTZ7 +LFixiIhGBBARAgAGBQJEEXJjAAoJEBJ2JBfPBQjsGUYAnArkZVd+f8AsuxVJJ2/Z +6HmWOEGpAKCj6YVSBxQBpyoX3dl5TH98CHnbkohGBBIRAgAGBQI9J19CAAoJEAsP +KSnfge6DXRsAoIDfyLevFYw2Nyfp4OZlB9IUZH5tAJ9bSlzv7sZ7vBiiVgYbYddy +6U6+hIhGBBIRAgAGBQI/GXHjAAoJEDMLA4tsY3Rt3AIAoLCm358o91ksXqe9TEgy +qEouaO+YAJoC7eKWbnMe+zOncqmkIe92+3RIeohGBBIRAgAGBQJBi+CkAAoJENvD +6/wz4/5WsSQAni0OEioU1TqooxTW2d6FocGs+eZ+AJ9byIvaBCapruL0gLAxejwd +FIrU+ohGBBMRAgAGBQI9BOe4AAoJEHFe1qB+e4rJCI4Ani/RIDLie4DJBD5vcOQl +XkQ/B0boAJ9Gs8lCM5RJ5Md1WIlPvaLLff6YpYhGBBMRAgAGBQI9NJl7AAoJEDm2 +Yqiv44FpnHcAn2RrMkIIuRwWS+olbhI29rqLOYQcAJ96OTzBv9HnLQk97MgrIk0u +MTEoC4hGBBMRAgAGBQI9tWUKAAoJEMuWmJRMxwhdbz8An0jDzVqVBr3R8Paca3YG +rkg/B57VAJ42uzjJS7+2gWdvSCIPbfNqyzJUM4hGBBMRAgAGBQI9tkNMAAoJELLT +fwi1TAkwUw8An0XpAx/1YVEIAl/bBUh8vQNVfXQ+AJ9ZqEEth2Qm/btpLG21+9PN +CQimwohGBBMRAgAGBQI9vG9/AAoJEC4s9nt3lqYLkZwAoKliHAv9tlFYFquFB6Uo +NyJYRRVeAJ9/askE+TClHgOeX/tAutVWTeVgyohGBBMRAgAGBQI9vczLAAoJECn4 +5GVniJZfCtUAn3fwEjTyMPsSkMACHZlRwTKJTn+MAJ9RJGFw+H4SOfcFyzQl26OQ +xUDla4hGBBMRAgAGBQI9zVX8AAoJEO9n+8dii45pisgAoIlvGenK8VWdjEHdJ9Iq +zbsVQybaAJ9fR0pBQQF/VSq0iLz0UNfitcs4F4hGBBMRAgAGBQI+SY57AAoJEN56 +r26UwJx/9lYAoOVoRTgMTEI2mPFriutraU32X23OAJ9JwE+eS9nTIOmicFcKL3Nu +tCQTUIhGBBMRAgAGBQI/hFB8AAoJEMUUr45LpAHDePsAoNyxJbmjCjwi4sPKFF3B +0Mf2gn2xAKCtEVTTWYUILahVdnjru7PmlHlCIohGBBMRAgAGBQJBcnkMAAoJEE97 +8oSv+wwXC/8AnigNNsG2wTGZSPyaEwk2hYwNxzvhAJ49XlqwWx0yp3NRxzR3R7lo +cjcozYhGBBMRAgAGBQJCM5T6AAoJEOSLZbVLOU9+BAEAoJmB1Ghp0atCi86bnLcr +vxLBVJQOAJ47shbjSakiqp7V89s45voH0JZUdYhGBBMRAgAGBQJEEK6PAAoJEL7C +TATaqJiSTCIAoIE+Fx+fKPJYDhl2YoDdFKyJub3OAJ9IGj6D2KN4UMhhYhBMXEMR +7pAFmIhdBBMRAgAVBQI3OvnBAwsKAwMVAwIDFgIBAheAABIJEMCky7mHl4VpB2VH +UEcAAQG3FQCfZy6nZ6K2JJ3p8jnNjP+KnCgBf6IAn3WumBB9RjfvYCPL7EkOWhGR +J21NiQCVAwUQOHtkh0wn7WU2580JAQHcGQQAij9e1yHjYezeVWVhWhjg07qEfc/V +5PVQ5u5KW7zW0ztS8RtTIaaJaI8lLnJMV6gj5cx991GzaL4+nD0Hn+XpDacNGnO6 +vTlel4xrvcRJetC5dD6kd/vvb+mKiVwHbK+bF4hiBzbsreJ2T0HUEVKoSz1Wpbhr +EO2h5N3fPdHKDh6JASIEEAECAAwFAkKczAUFAwASdQAACgkQlxC4m8pXrXzJaQf+ +Nn46e4Gu7Jsj0iBOECOFTHCYwvCtBXYSiAJ2qNbVQ4G9zHCW25nMcmnCxoT5LISX +buvTpw5wSvDOlIsJtDvAfVK48SXXqoMJ5S/0oj6nJKJllMCGHEIhjCHyvWWVk79Z +pit5glaUBfG/mYqs07fm6KuYQ8Zt6kB0Sl8igdE/fozRkoUgeIjNUbVqLvr0JXz1 +TCRjQmlwzqc0Pgi/Hb5dbVBh6v3hXK0ELN6jvaNenxz2yDGIgJsI7g2etofHLGQj +g/pKkAnoHHs7/EeteY94Owz/5SwM7U3dfQ2rKq0Ff+U1UNpnnyQOjMc/xSODFA5R +q2vB0HeoGmoxBXQjvB+Pi4kCHAQQAQIABgUCQXwTXwAKCRCq4+bOZqFEaJ8SEACo +zWbFSR5Va3uz7ycxX8Ca6CT0RUyPFXgGfOH1TbvSKsW1Mfbqv/TL1RNI1yHZtAd5 +i8NGLCBsr/bJDZ/HYNdvGjWGKjklcFFjMDiGF/Q4c3CYSLl3JbFyovIX2Vd2FWxf +PoLFdBRQL8AJkcZSXgkSFUPaqkZ2HUGDbzoCM9H7u9tScmDYjhBnhlWQuFoy5wjp +baxAidZtcG4yccXfQtuJZKvyPwEp0TFUb1w2hKW7akS0i+wHcZpXlS2qqs2z/Bsy +0YqNYR2K6qBmbbVkuWiBGYatDyuSBD0XyoE1hcuFX92qt6KfMYgV5sjcwiGE/di7 +Bw1KbZfW4UKhvlJMYtCLncfkR/6qPNA2W4xAh2QDklSeR+W0gsTe2H817y9ud7+7 +xOnMC0u+QGFqXLzRA2O77oMfNFvi+3BvxS9kI+8PBP/aU/e7iGYGnOguvsZqv8NL +IbEX37AfK03w7G+WdhW8WuseXIjQzshpsE4JNY0vRyfaKCsaVjqkS4Nm3fXsC3KL +72FzZBLAhZ+650xce11DwshqffGPYrz9WDRC545AdTp2dzw3/XnH/GMJyjZs9mSB +zUsJ4MkLo+zO0tAguNnL2Olr1H34fmAJkgDT1C1ieLBmRlSiujyfd/xNEnugKAzJ +4qworARVplLRhhYtuTD+txWkxDUmOnu26DMnulpQSriOBERAEBQBBADTb0UqApeh +0QVKA86Vdw0FcbCj7//sD2EtgMYWFm6pQx/9j/7om2gMkaEFaJ/qylQci0P35Vdj +lBTuwt7a4bnLHqdcMMImfI1RiziGrGnU4dXupizQ/jkgZZs+De9JKM3G0u0Tl20+ +Nuqz/rIyDkhxRqu3uRD7CkzYb6sG3EnJkQAgwuBLPYhJBBgRAgAJBQJEQBAUAhsC +AAoJEMCky7mHl4Vp/3EAn3lLjZHnh5J8vDPX0EfXTiaCxcRwAJ9mXDiOfaSXENw+ +uZGLREwJhEeZxIjnBBgRAgAJAhsCBQJGlKAIAKidIAQZAQIABgUCRpSgAQAKCRD7 +iGK9/NKik3GsA/9kPscavUwGxHQuxeY8DpMF/kYBxY2cupj/JCEymaxZpA5ErBt0 +k3y0P2mNPy1FLmAO8zmr8M7/ehrwinMzYZuNY6o7pc7ldxtRsLnTcM4pRfM/9LKq +hXz4vFx5W5Qulb92uUnt4qBmepSikFAIajfEDGRjl91b37Sa8/nfkXWZxAkQwKTL +uYeXhWkzwgCfQaaSyjLGy3WIyGuMVzLdlmuaHtQAn21yptlhrgcvevUDTI6gLyom +emvvuI4EREAQLgEEANcDmpVzzww3xczTgL8ekK+Tr9hiwvEhtLkUtPtCQVxEVri7 +HvF0U78T5ep59Ex9I8lfGjBmUtJ1T1cFXRnbYys/+HMO8DEbUdoiRTLet3+mR/ek +2own7avqokaCSO1xr3n6Km02drp7H9HyUlOC+QKhP6FvtdhIpd4Hi7WQyJUdACD1 +VIwTiEkEGBECAAkFAkRAEC4CGwwACgkQwKTLuYeXhWmi1wCeIyRDSxYXMi2CmZYR +SkmOdAtG+tkAn0KyfLD/DbjXYGLUqIAU3fvZ88UWmQGiBDpU6CcRBADCT/tGpBu0 +EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5X +DFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj +6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD +/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGd +GroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps +2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRT +Lk0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kx +ipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31ae +v3HDy20YayxAE94BWIsKkhaMyohhBB8RAgAhBQI6VPBbAgcAFwyAET/HMgQdI+nq +Zt21AJydvCHfdNxhAAoJEMdGNjmy13leV7gAoKHV2q0XEP8GJkyp0/V5lgbwBmBM +AJ9TtVfw2khoaZ3LNV2tINSjj0Alp7QiUGhpbGlwIFIuIFppbW1lcm1hbm4gPHBy +ekBtaXQuZWR1PohdBBARAgAVBQI6VOgnBQsJCAcDAhkBBRsDAAAAABIJEMdGNjmy +13leB2VHUEcAAQFWUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr +2e6QnV5Z0yjjtCJQaGlsaXAgUi4gWmltbWVybWFubiA8cHJ6QGFjbS5vcmc+iE4E +EBECAAYFAjpU6LcAEgkQx0Y2ObLXeV4HZUdQRwABARPJAKDmKL2Aeo6OWwcZKyqS +WLD4drQxfgCguJ7k7XEuQr+tL0ndoin0RSQTkCHRzH//AAANOgEQAAEBAAAAAAAA +AAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQ +Dg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/ +2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7 +Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACQAHgDASIAAhEBAxEB/8QAHwAAAQUB +AQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQID +AAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0 +NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKT +lJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl +5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL +/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHB +CSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpj +ZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3 +uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIR +AxEAPwDqKXFKDSEgDJOBXSeeHaoJrqKIfMwqleanyUi/Osi4udqNLM+EUZJNNIlv +sakuqjnYazbzxKlopLOHYfwqa5S/8QvOxjtyY1z17msqWZpGAzuz1wP61LmuhrGk +3udHceO9RL4gSNB6EbjVU+Ndd3YEir9UFc+nLYC49jWhbt5UW0RIGbpyKzuzbliu +huWfjnUw377ypQv3vk2/rXVaV4o07VFCiUQzd43P8j3rzVpnLESIgHoopZJIYIxP +Dg89Vb7tNSZLppnsIIYAggj1FKa4XQ/G7r5dvexI0R4WVTgj6jpXbxyrNGskZ3Iw +yCD1FWncxaa3F24oNLRTJIyKKecUUwHjrWbql2Y/3KHk9a084HPauZu7gTXLseme +KEgkyLmuS8TaqXmNlG3yofnweprp7qdba1lnbpGhavPH3yN5rH55DuJNKo9LF0Y3 +d2T2sTt+8dflPQYzk1twaJK8AeVCxfkKOMVBo1qJLmJSPkHzH3ru4bRJlXjFc7Z2 +JXOBudBlIyEYAevaq8FkLRsld5J69xXpDaNC5PByffAqlJ4b8wkFiPTjpSci/ZnA +3cXDbmcsRkEmoILGWYkpu9zXfjwkzgGUqVHtWhbaFbWyjEa7vYUlIfszy+e1uLEh +njfY3Xjiu28EeJZJ3XSpxuVUzFJ3Hsa0dU02IwMCgI78VxEcB0nxAnlOUDfPGfQ1 +pF6mNSN0eu0lQ2c4ubOKYfxoGqatjjG0UtFMQTsFgdj2U1zGB2OfwroNTcrZPjvx +XP5pxJkZniF9miz5/iwv61xA+aUDOR3x3rq/F0hWwhjH8cmT+ArmIIvNmSJeD61l +U3OqivdOn0KNTPuU5xxgdBXZ2TAIOe1YGj2ItLYYGTitSK7ghchpBk9hWD1OqKsb +Ccke1WkdcYIFUYZo3I2uDn0q2FIIx3pGy1JHAJAAHNVpCu4kcCpFJaZgOiioJm2v +t6E9KQzPvZAUIHNcL4jjC3Fq/cOR+FdtdHnHrXH+JSjMmexP8qqLMah1vgq4kuPD +NuZc5jLRgnuAeK3s+lYng2PZ4YtAeSdx5/3jW5XUtjzpbsaTRSniimSUdZmCwrF3 +bmsWtDWj/pKD/ZrNzVLYh7lTVbCG8tQ1wGKKTgoeR71yGmWNzPdpLb/NsfOG4yK7 +2+XfoU20Y8uJmJPucf41geG38wSMRwpCiuVu8nc9JRUYRSNoXqiHywjJOy/LH1J9 +hWcraeFBup0jnI3FVXcfyrYvoEmsSdoLqQQ2ORyKVdDRcmNEORz2P51m20aRjcy5 +L0mKIWmpWpVc8mHa2M8c960NP1q9hjYSSJMy85wentg/zph0OSCJ47UCNJAA4JBz ++lVv7NayUlV3DG04bGc1Dl2NIxstTootVaMFlaEmY4UEkZ9hVPUtZS2lU3Aj3DjC +PnH8qp60vkWVrDHkMoULjocVizRXDxB41aSbJLh1BUjtjvmmmEtDVk8QWLLuD89g +3Ga5bxDceY0Ei5AJY4PrV9mit40juNPXbIPneNSNp+hrLvdO86SGCJsB5Pl3N68Y +FXFmMr9T0vw2mzw7YjrmEH8+a06itYkhto4kXasaBQPoKkNdR57EPSig0UyTH1sE +XSHsVrNzW7q1uZoBIvVKwqtbEvcfefPoN1GpADR4ye3P/wBesDQEaJHU93PFbNzP +5em3K7S25OlZumxFGXBGc5I9zya5ZRs2ehCfMkdJbqs0LRN91hg1pQQtDCBKPMI4 +3L396yLeTax7VdGrJbqRlWfsDWLZ1xWhPcXFvEhZoZRj8vzqghM9woMe1B8yoe3u +feo5pDcobiW4Tcpyq54H1qGDW0aXeFUhOCVOaSa6ltE2twubZZlHzQsGA9aW1WC6 +gVwVdT09foaj1PXbaeLy1CqzcbV706ygiZQs4aFnGUkjOD9D60SaYK4XenW5iJ2c +/WucVJX1qzEfOJlUH6cmupeJY1w11Iw9OP8ACsSNgNegRFyC/AA6Zq6aVznr6RO3 +4Hako5PUYorrPMENFIaKACQZiYY6iuWcFZCp7Gur61z+qQ+TclscNzTiTIoyLvjZ +emQRVLTTifyygUr156VezmsbUDLY3YlDYSQ8H0qaqujWhK0jo2woDk8DrXOs8l9e +TeQHI3EgjkYqpca4fLMcbEMoxyeM07RL42t+vmk7W6iuJxaPRTTdh10bpVMDu0eT +yDnp9aq2drdfaFaNhgckKwBxXaXKwtH52wEDuRWNJqVgGKPbINo5YDrSTNuWK3Zg +38N48m9iS2SQA2cYq9aapdJCIblnjKn5WHar32GzuxvjTAPYHFJq7W1qkEPAbpgU +eRMlbZlqHUjdW2cguDg46fWl0KJ7jxIWIysEe4nHeq1oYYrNSD0GcVueFICIbi6Y +YM0mVz/d7VtSWpy15e6dATSGkJpO2a6ThFJoppNFAhj3MUf3mFZGqXUdy6BMELU8 +GiXExDXcu0d1Xk1p2+nQWw/cwgH+83JqrWFqznorC7nGUgYL/ebgfrVfVdGa80h1 +UZlQFlx3xXXT7RE67yXI7dKrImxAw7c090C0dzxIFkk2SZznByav2skk0qFDzjLH +0xXVeLvBzMx1CxA2Ocso7E1xdtI9rO6SDb2NcjXQ9BSuro7bT74y2z2rNkA4znNS +tpNreyGZTtJTHXpXJR3ptFUhyNwzx61oQeIvs8flocnGCcVm1Y3jNPc04mTSRKGc +Nj7g+lc5qN897dPcHg54x2FNu9Qku5Bu4XJp+m6Re61MIrZDsj5eRuFH1pxjqROf +3Gr4etLnVL0LyE6s3YCvRLeFLW3SFOFRQBVHQ9Ihs7IxIoL5yzdCTV4xvE3D/g4r +qjCyPPnPmdyQkH8aCaZv28suPXHNKGBGQc07MgDn6UUhNFAGmqHkscewpjnJ4qZh +lKZjJ/CmXYrtFhSzDkn+lMWPAGOhHFXJUypHr/hUUe0t5ZHJGV/qKLisJDtKmNgC +p4wen0rl/EPgS0ut09rFjOSUX7y+49R7V1DJ5b5/hNVtb1mHRdHlvJ2xtwqcZyx6 +Cs5JM0hJpnkWoaBeW0525aMHA/wqrBoWoXMwSOI7mOABySa6ifW9W1KASBLe3twe +bhgCfwNNi8XQ6XgpKbmXp+7iChvbNYdTp5tNCzpHw6uSY5dRnVVz80SHJI9zXZix +tdOsRDaQpDHnhVHU+tSWFyL6yjnG5RIPmRuGQ91PuDQd1zc4AyqV0xSRySk5bkcc +eyMHkHOanWN2HJyOvNSiIAHPvUuAAvvxVXJsVli4IBwR1HrTXtznrjPtVhky+fUU +7naCfUU7isUGhZejZ9sUVcdCxxjt1op6CsWs/u/ypFHzfhS9Bj3pT1yKg0FwGB/G +q7Aq4YdRyKtIMg1E69PUYpDB8MgbsaxtZ05NYhXTp8i3kzvI6j0x/OtUuBGUP1qj +JJ5CvczSrGicszHhR70xdTy7XLS60y8bR5jmKGMNERwHH96r3gfR7aZ5NZvFL/Z3 +2wRkcbgMlj9M8VDqeo22t+JZL2V3Fq37qM9DtAxn8Sa6fwtAunatPprOJLe5Tzrd +/cDDD8ufwrFW5rGzb5Tb0xwLad1BCtIWAIx1AqzCjIAwOGPWoogzyunyhSR90VfE +f9DW2xh1IP3jORk9anVG8sbjyKfgA09edwouFiJ+GH4il2ZUjvQ/b609SN2KYC4A +GexopkzHyyB1ooSBs//ZiE4EEBECAAYFAjpWjyIAEgkQx0Y2ObLXeV4HZUdQRwAB +AQfRAKCSnx3toHhFsCAaIsCRkmFdI4Hn9gCbBDKIqvBEjybcnaBW+iZufcjAzsfR +zNf/AAANkgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBD +AAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEEx +NDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7 +Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACPAHUD +ASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA +AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAk +M2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlq +c3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG +x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEB +AQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx +BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5 +OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaX +mJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq +8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2aiiigAooooAKyNb8S6boUZN1Lulx8sS/ +eP8Ah+NZXjbxcdCt/sdjh7+UdcjES+p968fvLyW6leaa4mmlY5kkL4AP1qXLsaQh +fVnc6l8TdSncrYRRW6Zx03t/L+lYsvjjXnA8zUZY8nI2kr/QVzlu0b8+S2R/HvJN +WFgAYuwDFuvJ/lzms2/M2UbdDrLPxlrETK51CRxn7sm1gfzrs9F8b2d8ix3v+jyn ++Ij5T/hXkQj8gZX5hnlCMZq9YShm8vzDt7HuDQm0KUUz3ZHWRQ6MGU9CDkGnV5VZ +6xf6FJ5qTlY8/Mh5Vh9K77QNfi1uEkJskUZI7EeorRSuYyjY16KKKogKKKKACiii +gArO17VU0XR575sFkXCKf4mPQVo1wHxXvfJ0yztw+N8hdh3IHA/nSew4q7PNdT1G +a9vpLi4kaaaRyWY8KDRYWCXkuG5Qc+gzWe8mWAUYz19TW9pbGJAScZ6msJuyO2nG +7NOPTrcxhAMdOmOKp3eg36OWsw0qY4x2rVgkynIyfrite0bKDBrBNo3aOOtvDWr3 +dwPPjEKDOS1dJbeFJYY/3UqKxGC5TJ/Wt+Fdx4HNaMUSlM9yK1TbMJ2RwWo+GtXe +MiaZLlByCo2mpvCOpTaDrKpdEmA/KxIwVz612rR4PPWue13T4RcwXBUBWYI5A6Z6 +GmpNMmyasejghgCDkHkGlrD8J3ck+lfZ5m3SWreXu/vL/Cfy/lW5XQnc5GrMKKKK +YgooooAK8j+LF4ZNchtmACQQjGDySefy6V6jqeowaVp099cnEcK7j7+grwXxjq1x +r2ovqYRUV8DaCTtA7VMmtjWnBv3jMgjM0wAUnFbcCtHGFHOevtUek2RisUmkwS3O +4HIqeWTaP3e0HPzMemfwrmk7s7oWSuatk7BQG71v28OFUpjHt2rj7XWreH91NLGW +PQ7W/qK6bTdYs5IgFuI8njGajlsPmubtrmMGVuAo5q7GxWMcZBH51nmVDaIqMpEr +DJB7VcWf98Y+wXg9jVowlqTtIpGP6Vj+KNv/AAj1y4xuUAr9cjFajHnHWsvxG6DS +ij8h3H6c0yUW/Aju/n7xg7Rn6gkV2Fc14Lg22MszD53IBPf1rpa6I7HNLcKKKKok +KKKKAOQ+JchHhuOIMR5twufoATXkjOkjqqAHLYAzxXq3xLikl0uzKAkCYg49SvFe +YR2htbqKJyN3JODnNc837zO6l/DSNOLeijyuy7cEZzVG50jUbsmWKTamTny1GRzV +4TAPtUZ+la2nyJbBWmZogScBhgfnWN7G9jmrfR7/AM7ZJdq8GDw8Suf6VRtXubfU +FjMZR8jATjP0r0jfbMM7ULHvgVyl3BFPreICruTglTwvPr60+buKK1NeKe5S3W5l +iaNmHBTgKfU//WpJ/E13bYVJxM+MnEYyK25LKNtPtkPCK4U/TNYF94IinuWfcUVj +uDxnBBpITa7GppvitLnalxZzRseN6pkE/TtUviOVbmC0jhdSGk+b26VlGz1PSpkE +Vz9sthgGN/vr7hq6PT7Qajq9os4ZI0BfYB1AOcH/AD3rSOrsYzVlc6bQrZrXR4Ed +drldzD3P+RWjRRXUcQUUUUAFFFFAGN4r06bU9Blhtl3TIQ6qOrY7D8K8fvraW31J +VmR0ZQPlYYI/Cvea8q+IVi0PiFrgnImjBUY/P+VZTj1OijP7JyP2n/SMnPB9eldX +pV/5kIRsbfQ9K4yTMbhmyMnvUg1FoGYyI4THAXoPT+dYONztckkb2v69ZwSJa29q +gLf6ybYPlHt7+9Q6JdWA1NWgYBMdBXOzTf2id0aFg3anW+l3Fkv2tmcL1A/wo5VY +Sl9x6+ghnswgcEOOcdvemWs7zQHgSMjFGK+oNcZpd/Kl5Ct1JMIVAOA+M/WtGzu1 +0nXHWObdbXZ8xCT3PVTSuRyHTymN1QeUSwYcba1dHt1W5Z2xvVOg9z/9YVmC583G +OM9BWtoTectzN/CZNi+4H/661p2uc9S6ia1FFFdBzBRRRQAUUVi6x4v0HQwft2ox +K4/5ZodzfkOn40AbVcX8SrHdo6akg+e2ba2P7p/+v/OsDVvjhYws0elaZLO3Z5m2 +g/gM/wA6525+I+t+IQ+n3ywQ290rDy0jwQMZHJOetS9jSKdzm7i+USAlhkZ56Dr1 +rd0vy5o9r4cuvzcg54rjLzNvcFMY55xW3od8FKx4GR8zMemazlG6N4zfMap02KC6 +bEcTJ6Nx+tbumPYyRrb/AL+Jc/dBEig+wYcU20FtqSguuMcZ7mtCx8PrDMZGkJVG +yB/Kuf1Oly7Ej6XcyebgQ3IZTtdl2OD26cViw2lxeSrayYTyzklTnbg9veun1LUU +021IDb5Dwi+vvXOaVfIJZJN4LF8YHuadmTzHTqZEt/3eTIFwg7lu1dnpdn9g06K3 +7gZb6nrXn0mvWujeVqOoI8ltG6/LHyS3b/Gu20TxRo3iCMNp16kj4yYm+Vx/wE10 +U1ZHJWd3oa9FFFamAUUUUAeF+KPijqurI0Fq32K3PaJvmP1avPbi5kuZCWJOTyfW +mzOzNinwxBRuPXtSNCe3hSIBiMv/ACp1vcbdThkbp5gz9KYzEL9agcE7vXND1Hex +s6raecSVA3jkZ71nWdy1qWjkG3sQRWlBdi8tQ+cuvyuPcVFMsc3yyrz2P/16yi2t +GdE4p+8jWsfEMNsU3H7vf+92rdt/FyiI4Zcnt6GvPmsyv3HB46k4zUiQTRKF3gAH +Od3ehwi9SVOSVrHT6nrjzSYMgJUjknOKgsZnS4MrMVRerY/zk1mafAly2W3SAclg +NoNWPNaW+kUDbFF8qovQHufr/hVqFkTzXNG+v3v5T5oxGq4WM9AKxlMlheCS1leN +kO5CrYI59a0XOPvAfX1rN1OPPIB5TB+lUSekeF/ipNEqWutKbhBwJ1Hzj6jv/nrX +pWnaxp2rRCSxu4pwRnCtyPqOor5ht5G3Dca2bW+mtXEkEzxsDkMuQaCeVM+kqK8W +sPiPr1rB5bXImx0MqbiPxoouTyM80jh8xyxHyg1KVx1qxEEeNfK5FI6euKZViq5I +FJDGZA+Occ0sik9BVaYMqZUkFecjjFIksQtJZT7+iEjcPSt63W1mUNIRjFc9ZXhu +D5FwQSwwre/oa3raW3+xlGwWPr1FRUj1RtSl0GmW1jdlWCNz2Y/40yCBNQZijq0a +NtKp/X/P51nXk4RJdqYBPJJHJq74a2x6XM4I3NJyM46f5NaQgkyZVG9DRv7hNPsW +8pQP4VA7k/8A66g06Hy7dcnJbkk9yetU9TZpr+KHnKfO2fXoK0LYqYh1x6ZqpPUm +JKy45z+XaqV8AUQ89x06VeccHA6896rXSbrZj3Ug1JRjYKsQfXrVxX+Xg+4qCVQQ +D0NOhJYcdTSEtGWVkIyFU/gtFJGEywbA568c0UFmUomil/dAtk9B3q/nzBjHTqKW +BVjIPU45NMPDn3pkLQY6jBwRxTIoxJIE7HjmpW4/OmQcXC+maBdTG2FHdckFDxWp +p7yyyu+eMcD/AGj3qpdLsvpAMdTWxpkQjsVfpn5j+NVFXZCIL6N5YhG5GeWA6laT +w/c+TJLYy4Al5TI/iHb8v5VYlwblAW6qMZ9c1mztgSleCzAKR26c1T0dwL1sDNPN +Oed7HafYcCr8MnlSAZwrdSfWobSLZCij0xRLlXHHDVBojSLZGSTz29KYFDK6nncM +VHbTCSMqx+739RUJvWz+5A4/jbp+VIZSnGFOAOKbC3zZzjr0pbjvnkk9qihyZAB3 +4oFfU0IEO05BH9f0oq1hIkXIySKKBn//2YhGBBARAgAGBQI8ZiQyAAoJEMdGNjmy +13leJSIAoIx0Ql/m4Gf4ZZeFQ1Of+zq6499DAKCHBzmIEtE740kuUl5HGNvCJ4Qb +MLQtUGhpbGlwIFIuIFppbW1lcm1hbm4gPHByekBwaGlsemltbWVybWFubi5jb20+ +iEwEEBECAAwFAj6+zxoFCwkIBwMACgkQx0Y2ObLXeV4M5gCgnemzKjFcpG5MpeFC +TjVg24ptLhsAn03rO14zwfdxKS9ZSuGLeBG+d/eUuQMNBDpU6CcQDADMHXdXJDhK +4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebByHTh1+/bBc8SDESYrQ2DD4+jWCv2h +KCYLrqmus2UPogBTAaB81qujEh76DyrOH3SET8rzF/OkQOnX0ne2Qi0CNsEmy2he +nXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZCV7cIfwgXcqK61qlC8wXo+VMROU+2 +8W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZS +Tz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI6 +1Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/Cl +WxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgH +KXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVelMMm8AAgIMAI1R +XgrY9LqHnvhnc1oGwhB7mORU7jwxKiGMLqzb0KM+GVTv1xAhhaYGm41/CuhnrOW3 +LPpjYWbrlXQh+9WJxHvO8UUI6FqEy6TVyv5Cn3fo4wSr2wtkbFOMKWDCscZLtikx +JmsQLtuk6YRGOjgX+fliYIckIfxDMI5z37zSCNUSweIlUAGsLzLKSMovnHVX89IC +sThC0wtuQE8aZBg7DxvHqMIeg7jdCNTNupF8EwdmpZUnKgghkKn6fXdczj4079wN +WxnxuNyHQsg7IytPzmfbjJ9dGU/SzsEWMubn0mOF/h2O4laKQlrBYROXKkDLzo5h +FG7AJsjI1q4F5MrL5q9m8Xagu+nAfhSe52kLTr87SOSPaVCmf0QRTDXVHA7qyr3N +hPABTIp6s3TRxsJ/KJmXTUIijRu1xM7qFArdzrs9qWgn2VUfz+Yfsu6qQwsMfm6C +SnOZ53/xKit+pWRqSd7pviZHJIUIFdpVmgqYMfNwfahJIyEz17HKHp3OLVsa7ohU +BBgRAgAMBQI6VOgnBRsMAAAAABIJEMdGNjmy13leB2VHUEcAAQHlbQCg+N+fI3bz +qF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7ReMDlYoIZwRRmQILBDxUyXkBEACg +g6vxNPigg9FQz14CkPtR/dEq3sCjK1r4+2oyeoRno+pqZ6Z7ZfphgA/q5woweFAG +Og17KD2WXegoQ5pXbFvP+w9j9zm3g59XzTRSzZgScelTibPnKy6g8r8GDAY6IQra +R6pxe4297/NznqvRvKpTt5g1XP5LyjVBsEv9HAYJE1vyy10qSQRtEz3QunUzfELN +C4kiYNMZOnmgaFeW4APIIhWDtrrxqW3Ofjp1K4DAhqcnayrfvYbOtqh0sxJ246kv +Vc3Bc9pH6wDw/yub2deuPq6BZBLBJwrtu/20qD0nsZ9is/5j0aL1MZuVmr7xKYqe +ehyzJ1WdpJK52qng9natYedS+GefKDIw1Jq7ppQNWfVduTNITFTF0JswggjQuPqK +T8Td5GCywQWN/kGHbp6EdybiUXZ+9fp4eek0UB5M+srSwbkF4hQ0mBrqlsaoji4C +uXjc0c+Zx1D0pGfqqBCmvEV1tLul3U8h0TzR4opUA8mLKegQp5cjh/dHz7zTPDxV +gSr3blJ9FxI1Z69th/+jJj3q6joo3uW/5y8qQCrzdSCzs+TDEWwucZtJIuIhTct8 +AMPY/Ayt+Pf9jXfI+xSQgz3r7Eu5o+rEu02/cthaOc4b3KYDtNkjLKszgiext1BY +Oq06R+Yyh2qgsg9azzkfudvvpwhCpJ7EOxcdaP3bxwAGKbQlRGF2aWQgTS4gU2hh +dyA8ZHNoYXdAamFiYmVyd29ja3kuY29tPokCNAQTAQIAHgUCPFTJfAIbAwYLBwoD +BAIDFQMCAxYCAQIeAQIXgAAKCRDbaY1xmSQlYCQ7D/9MCQd8s1ueGLy81tlxq5LB +qnSo2cuNQsssxjnskxjbOJId08RdiOAh23fdKXm6T05vTAUAN8oJDsXoaI9jTPjo +avQ8o/wj94zTm8ni1OoQkTw5wDOte0qbw1B4msSfmeImdC0opJoYz6Nyp+4OXHCW +fhvmOvAbBvwuchC726NyhGXCzDlfNqFysphgc/epR93AbOHiNKQ0/oJTWaxR0KeG +j2K+ihOsKx/Tl/0pXVfo7zobAzO+UelHpvH4VMcnaxo2pjIn6eMyDxP4WuiyiqdL +D3PZI6R6PotPfIdtzCmKJzAXBW4SIBp9ZHdFXs8P5E8oYKBbnO1TDSAtYG8EnqGk +bbZvCVfd0Utz4miEpvv0EukdoAoqSLz7ZKStrM2jlQNIVVRFbA89srSAZYSGN3s4 +TA3LSxmDaw4Z6gRWBhOtuAeIfhLQ+QTC9h8aqyfWt2nP+4qA8du0FHJANopeBfJo +vz/4sSx4z0PkbQqUS9lnPxqoNqyqUzP1Ocpg7f8yFYvY28Xsc25c4ImI4ADxlo4r +/sK00k/vxcGUhg7wE0Xy9r+Rp31GMyUpMd3zF5uD2/qNhd9vVxKM7sWDZuDjczOJ +yodWjp2DdZWqe+AOvapAvPCQIwWc++Y/xOgina1V8uqadA+Ntc0+jhTM/E3smOfL +3A0cJIMKSYaU4kfTts6h2rkCDQQ8VMsEEAgA7lKuNHz6iYb+2pAZbxrjp5AHV86p +btVJQBWpGWkGLERGb6w2hYTL8YXr7JgteBmy1a/+l5ZYjnZFQ8603eZRC1g+/krr +uWmfiJxE/HtHVcVSDUxXNJiE67DpSdGPf8icIx3c91Xkui9ifS3VMSj1ezWLm5/O +YF1utTQ5QiwrvzTuaCs8jWDUzxI77FczQYQELuDmHevde4Ke66MeWCJabs9OQ6i6 +1vurJrj1WQQ9pvXOzcbdoQFtAF/vGK82rnr0p5cDyes3S5lCKC4nIhvokHotCf63 +YUU6afG9OLp/ASlcp2h21vmtDp7xSg6D7Ivn5cHtHnBvChG6vjQ9IO5gdwADBQgA +nNF7z5VcV00LbYQxN1vX77iKwJ1aEZVSYMrJnvthtJPM5alAsOQRRe85pgZsBfd2 +xgKbDZFsQaPei+n59nMPTxl68YsrYOWaBe9IRnEKBYIHSVwDAGsEdxyOKgphNO7c +QKcpRWdeqi9FQ11cWVLZrSqChmT9Z6uYGLDabKwAhYl6TrEQ2J9OzM586LARZHb8 +m2MOcGrla+XZZannjEVfaei5on8IuhOLalx/vx74C1qLi9B1fI/JyCsJlMQujkDr +pz80hwIyavutLB9TdQZn8TuNqL/m7cpU1YMbNIa/1Ow2Cio7zrhr/FvTX4KgMaGq +6ukx7qWDDbME96BF57IMtIkCIgQYAQIADAUCPFTLBAUJEswDAAAKCRDbaY1xmSQl +YPGsD/40gsxyQv4M8BFfPgnPEOYlSEBwpibr+XRdq7q98n3F9ZlXjJHq74RhX6ao +tL10wpeMb6fcFKhmaMu8Nhx4PUP9+h11I7EwmMeLn2prG/sSbsgCY4tsEW08NbDz +cXdj6+KvekpE6lYmOa4ORQTEODx81d9R8DxcqUCYHYn+iYMbEDnBZmHgPc5hkGvB +Nj2F+dGs4n0iBvxFSBoTSzHb9XksG3/cq8DdW59McJw1/nTyN2kLIvGjNqSeV+2P +2oeh5NRJAHs9X5W+Zar+sqvlHDa1e0jq2SrMhWdOD1qgTX3BzFyuhWW3IJLdcyFE +p6NsC/L2eJdkWwclT1xhEvm8LEsB21ndE2UNpIjOUcdFvEnYa84Di8ZpIvEvngG6 +q9tm5K14DXZYQczsN+rrOXgTYfxbEuCzpFCg1DZaRQmWkXcywzo7F2YUgw1nFe9T +lIrLJgXZcjg+ho3UNmquVr+qNV1IzYCkE6I70J/Q3fuXOfVdM2V0JQTaWfBOUFow +wVNyzI5XSl8TTwslsGN8roEAGBR33JwhBy6TldhErnR1pvIOVt0kkGXbEqIIYONv +fsdd2LIFZUfyegh8oFCJNDmKObKnuVyZH53Q3bgTn06D5TdBaCK9usVqUe+JZ1K4 +VLy+20kSiBqaLkel3417o+bqdpL3Uu8gXy1bsOhyo9m79ug8ookCIgQYAQIADAUC +PFTLCAUJEswDAAAKCRDbaY1xmSQlYGW9D/9ZQP1N5o7Ndm0Nh3WJ6oqSmjhWUQ2f +AZJqD/4U+z2fqOCQwI5QodSN/DJPRfbx4JnibPkui/8YBktB8SxhoqyD0W7oE5h0 +Xvj0+LeJ/ByhdZCgR/a2RAPu9D64xxh5p/7oyutI2sdLrsTs1OCeCMdaMz5ptrdb +oGpk4Wv94m1TOC+bztrRhEjDLrEJIPotpOYdSbq+moipSVJBMv9NrxfdeVb40Y4D +GGqtfsggarquJu9Lnq7PfrCdmdSzQcLI28yP1s6V0f3MZxH+stzTxtCCIsFjTsgx +Ubuxa/WYiW3qM+At+B6B3HDhBvjFdg2OBP12/2I/2ZiDQdZbUZJ42ND7oi1k34Pd +fExpCZRMWGr4UTJgtGqlCqSlTLTKmzxkI8d7Z+PHt7uQbew/GnFkzsU+VKtpfpIl +m3ym+0CgP6ap/nn5B2kSvf77p9iQQXHarl0L3cW7sQMlnPy8L5AqPWkg5+C/ihZW +gJWT7ujwnbrkrzddJxdBGEBvPNWEoCGzKBp6E0TXxgKfsp4dbszXcGLaaK/cUV2x +MgVLogjCPnAwaP3l60rc2nb3gV4JfVP9ogoI/Ikbf9nVeruT9dhVWZgNmvj7rRBV +VN7XjF0VN9ou7N3xuEiRaetd5pmr+Fme0HDCsSlVQuEOcP5LCGQpcwHMdz+DFGvW +OyACu33k12k2prkBogQ8VMvbEQQA9YjnqxRaPgKrbhTQqrzGMYBuP4QlbsQeEDA3 +y94jlPK++edfyUGUTnquXHDKmPnLwsqszYZCsC35nVP8FOsg0eATYYAj5A9uPDUX +GQkW1eNQFGoh5p4SxBQZKlVJCAJyVgMxXDtUwDbjQ9CkOONrv1YlajDz9h9yHfFU +jQrC47sAoOX8LBxMJVdAqGMOQGcI2lTWTfq1BACabalqZ3571+ePoAEsqSxZelhH +A/Se6oxlfxWNQilDGsgUSm53l7yeJn+8qZuiRm49wMlPZnzLA5isMAh0UyoTSnPs +8lnZDLbo4/s4H2Jz0+MahJSYtNtSKTNhuJv7Fh/kQGVltAaniUQeecoJK7YxhKbn +vsXKzg7YEL2DLKDA4AP/RDeDRhK7ehXbkeONeJsOPjvjdATxSa7Io+GIUFB1CSLg +aHfC43b8j7S5pEiZ8MOW+kwnP35G89h1K89nFpC47Xt8y/5DH4Z/tw3SdaEIr8TS +L3u/UOK4gZEc5uVhCGBAX/BdIYFWdO2UUjEaO3ox38lgH0HfNscqgN5zCEEc6lmJ +AiIEGAECAAwFAjxUy9sFCRLMAwAACgkQ22mNcZkkJWAthQ//QCSN1sFaeqFQEki7 +fg6E0n+t7mO+V1llNymp7G8Pq3iSI2d99oijVk2BQnrbhdLy+wjl9LyyzfvvaQ04 +QwAUvJNRgIaOpxkYb3z2tc31ho9eOYsQRmKxVzGWw1ii1OEnMBylsAaG58GpFI/5 +MTfucIlJBvXoESkHSoiyov2Pd1c3hJ/6OuFYbn5dvYplBi2K3pAq12OCmWticFvP +TBpVlvTED0h+I133oO1e1Rx999u1/PQgLem5qfuz3wLv9r8qkXgy1AqdOEBNsvXS +o09yWaDTKaZWb6k7viOq6k2aDOi4mr8qgrf8obs6fpOfg6WQw+DRL/T9KUHF0EUS +PVEMkbMc1V2iHURqXBGnIsa5JAi1eV1cMrp9T25DXWHlEfXRnPPjzTSJyJh2FmL9 +NnQrsmHf8f7DiR7uzCgA8+SZqRmr6o2j0FAPUrV4EmMYB7wTYPwPT7EXXmYs8m0o +vamXwGbIwT2Z/EGhOc3UdAQF232o156m097tib5HMbTT+8AcjX3TaeXDJpjI35Wy +bfJ8F2LEWmJsQwPC9MMCfy7SlW8BUqTBaelPvSYoKdLT6FOxtnoAVYn10WRIF7LE +SySJqENspSpv3ACJ/q1jZN6cXYKFlvKLR5Be/MWtnZ2AXqwHmR/XYGtXI6FRmNd6 +xrb+mP2QwkihMezVT+y2Q/EogXSJAmoEGAECAAwFCRLMAwAFAkQS4BkAUkcgBBkR +AgAGBQJEEuACAAoJEOJmXIdJ4cvJKsUAn3R2myTGfaAyxiDwL9l3ObofNnX9AJ46 +M4YTuhT9ETVc15IOaHY5VCLcUQkQ22mNcZkkJWCOtg//RVzC6tHMnmZXXA6jslgc +a2yf/q0zJIULR9azhcraU3yy8OzjVorX1i5Xh5Rr3SmZkHiNUMrOK0jCzyM9ykBa +58WOwwN1sZoNUQpUtmYja9kj/y444Atf0iIFW9TT4O31j25qEjz7cLZtmv+TnzcS +IaZekJrIZ/8D74eDqNrfy/WaAi0JK2iMiw4dqwLtIc2W7UTtXfSgiAtNrkp4smrO +6AUI2Xas7D+3zZiMlIv//W3ZSTF0vHtyBdmvcEPrs6DdjhsM+L7QHLnxD7HD86cv +Vh+9SzHelc5erhSWbwKMcZKykQ3uHhU9XCt60MYdbc8HHW92g0e9nEipZ7iS23uD +mzoKvfihtho2+j1w5uKM/S6N/fditlWJ9qHvLHVPLNKPp4DEHo4ns56LCY1cRUX7 +N4TOWu2iVSdtzg8NFvhfnKyWkUTCYFuU64Jiq9XcJLMAn2AY02RzQcF8LwbgzdyI +NK9pC0y0lH9ZrN6QyGinxILPVtwLsWO17JpDvKQf4+rmR9nHQSsvGJ/FjCDydMx5 +HaT+TfC4KRR8BBgTDgZkq6cllbeC1qgCz3LXgai9pIlvT9httrVcpOL0QHnKM5jd +7R8JZ1dt5qlltuWsC8Dw52kEGiBn095qmY1FFd02BxL7y7sxHp81m31yTErho+HQ +lcXTIscl65wt2LwowPG0n2iYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNw +Qo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYU +TF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz2 +8iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpu +QGdudS5vcmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2M +twUJClROYQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhA +tm3dxWeUxA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2q +agd/nRchl9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+E +wCV7i2e2u5kDKgRHeRfDEQgAnwKxwiRUep5JsTYlvlBODwFt20JWvSVhagsLuFai +5DyP5R2+acR33/Bc8tjvPQcQ/+oV0g8dkpVZgBhzgiYUocdb3zRlWDbCZ9qDSudI +p/ZBrw9PplQAn8uTMj1fJrTHDjNqdfMFlbjHdoHmG3TWIAK35/wzaVP+fTOnglKY +V5GBA3BAgamUSo0gdSTRJ6hwDPoHOX3OFZWHWfh2AaxGU1/2Sz2YOZH30e18gOiI +Klj0mND62MQzsRro8nkracmYZpE+3s1c6CgSPspY926Sjq5Lii4wd1uU54Aiy2L0 +0f4O8szcoLf/rq6czTvOSrBiwVQ5JEoUrMIjyHrbdGRQfwDg/A2sKSzVE19nOszO +ndICn0vPw068V+j0uQOWcwf+MRAaZ45wq9kY5204uJXDS4Pm9uXPZa209Ul8ra1I +n1EG3DhJAnn5Pl+yT6FP8dw29Q7gveCwGjBX1NqOhlj08wTbRAQbRqYODLOUNcNY +NYA0RKSjN5hiD8nCyl4QfiX4vKRfqrwakYgN8Z1mQC2T9NPWXy2PvJzAdOrv+fcy +nC8s/of84wpqSCXRa+cUKLZus7SvEJrNRhtTDlT0NbwlAh4ksCGu1dSrZZWCCLB6 +ke7CF7k0poiyePE6tTWOfZxNYQ+yYnHHIIcj3l+dqJxXxMOahxDyaF4XDo8Urmts +fVPYu3KSZ8yypyAYXWWu00Ibe/4y+Au+UsvnxMXhEp4PDwgAlAU/s1FMwC3sxjmR +r8Z/NjjOq0f5dplfVl3qShAfiAzxtSQcKn5dX/NP5iPIYcJK9i2K8oXebvnHnEcu +9ffd3T0pwGA2srBv/rCFcWM/TOHaFkFYUnvRDiZ4FnL2D+Wwlg8m5pQWECYApKxV +KjL0EyTgpJaam40Jv7sV2lrpvXUgMaeWHhwiqgSC1J4wVS6Gq5ldG3Fl8KLWYlxX +d1qZwR4xP0Ep8nBYd9+Pm60fCk0p5kvr+iPgelvlTnMsx7fvFqV7qNWEuKJApmb+ +n8yJX+h3FSTiU/Haaqc8jIap+GGE9C20QvaK3NiqMdIc2oqLPStBKCn+TEUBDLAB +wHTNDLQcV2VybmVyIEtvY2ggPHdrQGcxMGNvZGUuY29tPohxBBMRCwAhAhsDBQkU +sIqNAh4BAheABQsHCgkCBRUIAgoDBQJHeR6AAAoJEPKthaweQrNn+kQA33yabKyY +9z1ujVoxcLF7ROc0mSsX75srRXIjxTgA4NKwgnV1GN1QL6bKH4G7AFTgmJMQjWLy +wpguY3G0Gldlcm5lciBLb2NoIDx3a0BnbnVwZy5vcmc+iHQEExELACQCGwMFCRSw +io0CHgECF4AFCwcKCQIFFQgCCgMFAkd5HpcCGQEACgkQ8q2FrB5Cs2eXYwDfUNqv +I0xrFP47l0+sBBD5j8Z9H9FygT4ZuVZOxwDePf9XYQuNja+MQUqZEtZbvilME5zf +5wUMo3sVtLkBDQRH47TPAQgArMK+fv08+pw2sCF0DQtk717TSyHmcmn8e7ndGXEB +xZWy/sQWoZrKKr5/gmkCH3O0p/sSZhijfCzTeElFO0ASFaSAvaXcQqhUnjEcI4ic +3KLbI7fSqoqgvkJ8qwfIFovb8jMO/tBQgNmYAODTBlnLq5zJIvTvpqEAePBZdd90 +SGiC6vNADZ04D5Pbl3ZdXNwakv1y+eLc4jnYPcAkqsf8U7/ClpGcaADPLC0Kp1lN +6lYBXRV6QXpEa0qh2JT4PGu7981hFVvKjBdvClbz6E8I3aSny8acUF6bBRV+/H9k +2lW9xrD7+E3obBXJ55CWOL4ynoS69ii2XyVQxyWz+a7ZlwARAQABiF8EGBELAA8F +AkfjtM8CGwwFCQcajaEACgkQ8q2FrB5Cs2cuqQDfYDr3l9GbFNxAZSv/HSXKcZ5M +Jys5TLffQYPQXwDfRzV6imKyGJmI6tAaDVAgLDNld64LDP2wrcOezLkBogROsUyG +EQQAlCMDC6m1nkcdAK3MV884airO5/akCJhT0CWjd6LxbM27SremsW7HSaUoOSNX +SXpPgktdDcA7y6Y8cXteGm9+/ZHwNoXgYWnTpWjk50qLre0iCNLcpT1V0cMEev5B +/2YXOiog/7obnI+tjG/y7V41bNzAceKehSFbSi5hyz7EAZMAoIbBb88QRdsh1RKm +tHdVXsjuvldpA/0cp/wmWwWEfWMGKvtCk5i6Ayl8T6YHRjtqZwnMFrNbjEssulkQ +0XpDGRcAyO92utp12sl7h8DWl4OSEFh6rnFVJPrII8YQXahrAchB7Mtc5AzDFFmg +JqvJdp8WEVnx+nLl9shaRifHUSdLwdt909p+1CFm8ChDl7+eZE7YbvEWGQP+JNA0 +DHFqNSxCFzs667Cnic7op3BkaUN13zNuR1aVpepxUEhkk6LfiiHmQON7QHVAqvtq +/TO0svyy8nAeFhlWqcXX84tuoobmnsCowa137CXYV/SD7JVjy5X/b6cbs2sIty37 +eJLjoffnxQHvN+azf+JtxtTXhMTedhBQAgdlBGaIoQQYEQgACQUCTrgQCQIbAgBS +CRDyrYWsHkKzZ0cgBBkRCAAGBQJOuBAJAAoJEE8FQNV3+V+VkpoAnA5MTmFbkcoM +4N4OYwb3YGMfoAD0AJ9j2e0iEo9fhMfcSoKG9xssLopUTOj0AODNadm6ajGAly1I +oam+eLSbqxHfSkQEHOxhMiFjAN9q4LuirSOu65uR1bnTmF+Z92++qMIuEkH4/LnN +uQENBE64FVgBCAChkCmMrdCKW/PWuBQs2/lcTqz3i33KOUCynyj1aOzen9HUJVHy +mJnN4dZTjq3ARlSTuCSoJmQwcmom0wjDS2L9qqCnUctdyIoFxTetnMP3JkBhJ4j5 +IxtwkTznWa0SgEjvBdNUkLTBG/3lgfMFoqlQNh1or07wsHS+LlvaxvFnqMozssKq +YLC9mTVqWfXvTeRsCzYLvZ6jy4rqbJnDIJzHgqV3K6cyqA5NcZqoWj8OQNUbS+sV +CU8nkYkDYQA7wm2nwolEfROSdFtSTmL49PNQS1V3MUdLUb7SfsDmwfm59SDmJUp4 +iw3F535P/ei+G5cBYzHO0jN0nzUH/sfM7njjABEBAAGIXwQYEQgADwUCTrgVWAIb +DAUJBAqORwAKCRDyrYWsHkKzZ6TKAN0WMNFzexmPvciaqa2LyUVUI/ht3suw/tlV +SGDCAN9tCWF1UFBrQORgcrpgQBfNKPkUdAxxyiDrXfZ1mQENBE0ti4EBCACqGtKl +X9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3IUe8TuDrGT742XFncG9Po +MBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjgjvDAH8cZ+fkIayWtObTx +wqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7KRw6B5ucs4qSzp5VH4Cq +Dr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8uqA35ZiyczUvvJSLYvf7S +TO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB1BAY5s3FKqrkaxZr3BBj +euGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChkaXN0IHNpZymJAT4EEwEC +ACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECSb +OdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05shKZOAKw3RUePTU80SRLP +dg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH85zCwu7SHz9cX3d4UUwzc +P6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8Klf/wl6jXHn/yP92xG9/ +YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOcWkqwupB+d01R4bHPu9tv +Xy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgCE4F5XeCB/0ovao2/bk22 +w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2LgQEIAKHwucgbaRj0V7Ht +0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX1bDVwr/iTPaPPEtpi7oQ +oHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHULhzKsGg5FC6pRYcEyzRXH +tv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7nJdwG1cGQOZOIDQQM41g +BzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOMEJwlo0+NYx2Yn75x66bY +wdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6JsPmXEyeAyLiCWSh7Rwq8 +uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2fAgAKCRAkmznSTyXjtrsS +CACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU3BO8iQ0Koy+m0QKY1kWj +aHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4MepTgpxNiw4+XmykCkN1AfV +hvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu1GGTTOH0r12Ochc/um+Q +GAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1Lku4bIVG1Huwo1/0WHc2 +vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacutZXQQ2PPCIY7LlpuS/45C +XWbT5Y+mxY3y7dbz4aF+8uyCiJwEEAECAAYFAk0tjQQACgkQU7Yg0BzgxjBGTwQA +i5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfemIjxZZoMLCVM8ly8AC2JP +rIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HBMpG4gFuOuQmW9QQDjEdh +1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57Bas= +=WK93 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/gpg2.spec b/gpg2.spec index 9bd0a9d..c235b7b 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,9 +17,9 @@ Name: gpg2 -Version: 2.0.19 +Version: 2.0.20 Release: 0 -BuildRequires: automake +BuildRequires: automake >= 1.10 BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -38,6 +38,9 @@ BuildRequires: libpth-devel >= 1.3.7 %else BuildRequires: pth >= 1.3.7 %endif +%if 0%{?suse_version} >= 1230 +BuildRequires: gpg-offline +%endif Url: http://www.gnupg.org/aegypten2/ PreReq: %install_info_prereq Requires: dirmngr @@ -53,6 +56,7 @@ Summary: GnuPG 2 License: GPL-3.0+ Group: Productivity/Networking/Security Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 +Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Patch1: gnupg-2.0.18-tmpdir.diff Patch2: gnupg-2.0.4-install_tools.diff Patch3: gnupg-2.0.9-RSA_ES.patch @@ -68,6 +72,7 @@ gpg-agent, and a keybox library. %lang_package %prep +%{?gpg_verify: %gpg_verify %{S:2}} %setup -q -n gnupg-%version %patch1 -p1 %patch2 From 453e639477823deebed84e380b0c78404c6ad75fb6882e46af052a1087cbc6aa Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Thu, 16 May 2013 13:35:19 +0000 Subject: [PATCH 061/156] Accepting request 175847 from Base:System - set safe umask before creating a plaintext file (bnc#780943) added gpg2-set_umask_before_open_outfile.patch - select proper ciphers when running in FIPS mode (bnc#808958) added gnupg-detect_FIPS_mode.patch (forwarded request 175573 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/175847 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=68 --- gnupg-detect_FIPS_mode.patch | 51 +++++++++++++++++++++++ gnupg-set_umask_before_open_outfile.patch | 42 +++++++++++++++++++ gpg2.changes | 8 ++++ gpg2.spec | 5 +++ 4 files changed, 106 insertions(+) create mode 100644 gnupg-detect_FIPS_mode.patch create mode 100644 gnupg-set_umask_before_open_outfile.patch diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch new file mode 100644 index 0000000..3e96ea4 --- /dev/null +++ b/gnupg-detect_FIPS_mode.patch @@ -0,0 +1,51 @@ +Index: gnupg-2.0.19/g10/encode.c +=================================================================== +--- gnupg-2.0.19.orig/g10/encode.c 2013-03-14 14:23:58.009483967 +0100 ++++ gnupg-2.0.19/g10/encode.c 2013-03-14 15:49:50.524306304 +0100 +@@ -732,7 +732,10 @@ encrypt_filter( void *opaque, int contro + if( efx->cfx.dek->algo == -1 ) { + /* because 3DES is implicitly in the prefs, this can only + * happen if we do not have any public keys in the list */ +- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; ++ /* Libgcrypt manual says that gcry_version_check must be called ++ before calling gcry_fips_mode_active. */ ++ gcry_check_version (NULL); ++ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO; + } + + /* In case 3DES has been selected, print a warning if +Index: gnupg-2.0.19/g10/gpg.c +=================================================================== +--- gnupg-2.0.19.orig/g10/gpg.c 2013-03-14 14:24:00.031545611 +0100 ++++ gnupg-2.0.19/g10/gpg.c 2013-03-14 14:24:37.495687612 +0100 +@@ -1975,7 +1975,7 @@ main (int argc, char **argv) + opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ + opt.s2k_mode = 3; /* iterated+salted */ + opt.s2k_count = 0; /* Auto-calibrate when needed. */ +- opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; ++ opt.s2k_cipher_algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : CIPHER_ALGO_CAST5; + opt.completes_needed = 1; + opt.marginals_needed = 3; + opt.max_cert_depth = 5; +Index: gnupg-2.0.19/g10/mainproc.c +=================================================================== +--- gnupg-2.0.19.orig/g10/mainproc.c 2013-03-14 14:23:58.011484028 +0100 ++++ gnupg-2.0.19/g10/mainproc.c 2013-03-14 15:50:50.970127383 +0100 +@@ -685,9 +685,15 @@ proc_plaintext( CTX c, PACKET *pkt ) + often. There is no good way to specify what algorithms to + use in that case, so these three are the historical + answer. */ +- gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); ++ ++ /* Libgcrypt manual says that gcry_version_check must be called ++ before calling gcry_fips_mode_active. */ ++ gcry_check_version (NULL); ++ if( !gcry_fips_mode_active() ) ++ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); + gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); +- gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); ++ if( !gcry_fips_mode_active() ) ++ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); + } + if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) { + /* This is a kludge to work around a bug in pgp2. It does only diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch new file mode 100644 index 0000000..f941a41 --- /dev/null +++ b/gnupg-set_umask_before_open_outfile.patch @@ -0,0 +1,42 @@ +Index: gnupg-2.0.20/g10/plaintext.c +=================================================================== +--- gnupg-2.0.20.orig/g10/plaintext.c 2013-05-13 14:26:49.290737159 +0200 ++++ gnupg-2.0.20/g10/plaintext.c 2013-05-13 14:43:21.740575875 +0200 +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #ifdef HAVE_DOSISH_SYSTEM + #include /* for setmode() */ + #endif +@@ -39,6 +40,9 @@ + #include "status.h" + #include "i18n.h" + ++/* define safe permissions for creating plaintext files */ ++#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR) ++#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS) + + /**************** + * Handle a plaintext packet. If MFX is not NULL, update the MDs +@@ -140,10 +144,15 @@ handle_plaintext( PKT_plaintext *pt, md_ + log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); + goto leave; + } +- else if( !(fp = fopen(fname,"wb")) ) { +- rc = gpg_error_from_syserror (); +- log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); +- goto leave; ++ else { ++ mode_t saved_umask = umask(GPG_SAFE_UMASK); ++ if( !(fp = fopen(fname,"wb")) ) { ++ rc = gpg_error_from_syserror (); ++ log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); ++ umask(saved_umask); ++ goto leave; ++ } ++ umask(saved_umask); + } + #else /* __riscos__ */ + /* If no output filename was given, i.e. we constructed it, diff --git a/gpg2.changes b/gpg2.changes index f251875..3e28590 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue May 14 14:00:45 UTC 2013 - vcizek@suse.com + +- set safe umask before creating a plaintext file (bnc#780943) + added gpg2-set_umask_before_open_outfile.patch +- select proper ciphers when running in FIPS mode (bnc#808958) + added gnupg-detect_FIPS_mode.patch + ------------------------------------------------------------------- Fri May 10 19:33:24 UTC 2013 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index c235b7b..7c93ae7 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -64,6 +64,9 @@ Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch7: gnupg-broken-curl-test.patch +Patch8: gnupg-set_umask_before_open_outfile.patch +Patch9: gnupg-detect_FIPS_mode.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -81,6 +84,8 @@ gpg-agent, and a keybox library. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build autoreconf -fi From eb8cf1f04cc9f28bd0ed355f7f1a6c3a751b8cde1681a8dd637fe198cb4405eb Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Tue, 18 Jun 2013 08:20:25 +0000 Subject: [PATCH 062/156] Accepting request 179317 from Base:System - revert usage of gpg-offline to avoid cycles - add gnupg-2.0.20-automake113.diff to fix build with automake 1.13 OBS-URL: https://build.opensuse.org/request/show/179317 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=69 --- gnupg-2.0.20-automake113.diff | 13 +++++++++++++ gpg2.changes | 10 ++++++++++ gpg2.spec | 7 +++---- 3 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 gnupg-2.0.20-automake113.diff diff --git a/gnupg-2.0.20-automake113.diff b/gnupg-2.0.20-automake113.diff new file mode 100644 index 0000000..280a729 --- /dev/null +++ b/gnupg-2.0.20-automake113.diff @@ -0,0 +1,13 @@ +Index: gnupg-2.0.20/tests/openpgp/Makefile.am +=================================================================== +--- gnupg-2.0.20.orig/tests/openpgp/Makefile.am ++++ gnupg-2.0.20/tests/openpgp/Makefile.am +@@ -25,7 +25,7 @@ required_pgms = ../../g10/gpg2 ../../age + + + TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \ +- ../../agent/gpg-agent --quiet --daemon sh ++ ../../agent/gpg-agent --quiet --daemon + + + TESTS = version.test mds.test \ diff --git a/gpg2.changes b/gpg2.changes index 3e28590..87e1ee7 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jun 17 12:48:24 UTC 2013 - coolo@suse.com + +- revert usage of gpg-offline to avoid cycles + +------------------------------------------------------------------- +Mon Jun 17 12:40:10 UTC 2013 - coolo@suse.com + +- add gnupg-2.0.20-automake113.diff to fix build with automake 1.13 + ------------------------------------------------------------------- Tue May 14 14:00:45 UTC 2013 - vcizek@suse.com diff --git a/gpg2.spec b/gpg2.spec index 7c93ae7..38c3938 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -38,9 +38,6 @@ BuildRequires: libpth-devel >= 1.3.7 %else BuildRequires: pth >= 1.3.7 %endif -%if 0%{?suse_version} >= 1230 -BuildRequires: gpg-offline -%endif Url: http://www.gnupg.org/aegypten2/ PreReq: %install_info_prereq Requires: dirmngr @@ -66,6 +63,8 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch7: gnupg-broken-curl-test.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch +# PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL +Patch10: gnupg-2.0.20-automake113.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -75,7 +74,6 @@ gpg-agent, and a keybox library. %lang_package %prep -%{?gpg_verify: %gpg_verify %{S:2}} %setup -q -n gnupg-%version %patch1 -p1 %patch2 @@ -86,6 +84,7 @@ gpg-agent, and a keybox library. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 %build autoreconf -fi From 9eeb3a48b59132fc4631badb9e554a6c2bb646c03e1ef599db853df55e64da51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Wed, 21 Aug 2013 11:45:37 +0000 Subject: [PATCH 063/156] Accepting request 195696 from Base:System update to 2.0.21 (forwarded request 195623 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/195696 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=70 --- gnupg-2.0.20.tar.bz2 | 3 --- gnupg-2.0.20.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.21.tar.bz2 | 3 +++ gnupg-2.0.21.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-2.0.9-langinfo.patch | 14 +++++++++----- gnupg-broken-curl-test.patch | 18 ------------------ gpg2.changes | 15 +++++++++++++++ gpg2.spec | 8 +++----- 8 files changed, 30 insertions(+), 31 deletions(-) delete mode 100644 gnupg-2.0.20.tar.bz2 delete mode 100644 gnupg-2.0.20.tar.bz2.sig create mode 100644 gnupg-2.0.21.tar.bz2 create mode 100644 gnupg-2.0.21.tar.bz2.sig delete mode 100644 gnupg-broken-curl-test.patch diff --git a/gnupg-2.0.20.tar.bz2 b/gnupg-2.0.20.tar.bz2 deleted file mode 100644 index f2becbc..0000000 --- a/gnupg-2.0.20.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6e949b7f062cab8a3cf0910f91ecf04cabaad458c0aeeec66298651b8b04b79a -size 4286191 diff --git a/gnupg-2.0.20.tar.bz2.sig b/gnupg-2.0.20.tar.bz2.sig deleted file mode 100644 index c279f20f24a78935a4f9b3ac6cdd5021ca5ca3348ca6f6b5c955a4cc48d1418b..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-lw{(1lk2@oWkInqxhAwp6~B9b(4}&r0PL-occj|y2qAp=>Fca#kRdixiZw>&R|ju}-R0+{*2Dgk3ZAax z@fE7{_G3CW3kak~=a&^Tcp%?+J^;L)2U-mZ&!`%Gr(_q)DLB6;A~n!V?(0DYZ2BoT z#^NjvITY+rs(?T%}AGm94qKKDka7YbH5_k6dM=iP+j*q$@~iX6ZSJ l1Q5_^TnDtzz8sfA%4+x(06?E9L4T4= 1.10 BuildRequires: expect @@ -27,7 +27,7 @@ BuildRequires: libassuan-devel >= 2.0.0 BuildRequires: libbz2-devel BuildRequires: libcurl-devel >= 7.10 BuildRequires: libgcrypt-devel >= 1.4.0 -BuildRequires: libgpg-error-devel >= 1.7 +BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libusb-devel BuildRequires: openldap2-devel @@ -60,7 +60,6 @@ Patch3: gnupg-2.0.9-RSA_ES.patch Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch -Patch7: gnupg-broken-curl-test.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch # PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL @@ -78,10 +77,9 @@ gpg-agent, and a keybox library. %patch1 -p1 %patch2 %patch3 -p1 -%patch4 +%patch4 -p1 %patch5 -p1 %patch6 -p1 -%patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 From 3179981c14b26124ad7b65dd591e815f2c2bf55f8b6c6640ab1d6cec94c2a885 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Tue, 17 Sep 2013 13:02:35 +0000 Subject: [PATCH 064/156] Accepting request 199283 from Base:System - fix CVE-2013-4351 (bnc#840510) (forwarded request 199274 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/199283 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=71 --- gpg2-CVE-2013-4351.patch | 60 ++++++++++++++++++++++++++++++++++++++++ gpg2.changes | 5 ++++ gpg2.spec | 2 ++ 3 files changed, 67 insertions(+) create mode 100644 gpg2-CVE-2013-4351.patch diff --git a/gpg2-CVE-2013-4351.patch b/gpg2-CVE-2013-4351.patch new file mode 100644 index 0000000..ec1b1bc --- /dev/null +++ b/gpg2-CVE-2013-4351.patch @@ -0,0 +1,60 @@ +commit 8f8f3984e82a025cf1384132a419f67f39c7e07d +Author: Werner Koch gnupg.org> +Date: Fri Mar 15 15:46:03 2013 +0100 + + gpg: Distinguish between missing and cleared key flags. + + * include/cipher.h (PUBKEY_USAGE_NONE): New. + * g10/getkey.c (parse_key_usage): Set new flag. + -- + + We do not want to use the default capabilities (derived from the + algorithm) if any key flags are given in a signature. Thus if key + flags are used in any way, the default key capabilities are never + used. + + This allows to create a key with key flags set to all zero so it can't + be used. This better reflects common sense. + + Modified g10/getkey.c +Index: gnupg-2.0.9/g10/getkey.c +=================================================================== +--- gnupg-2.0.9.orig/g10/getkey.c 2013-09-16 16:51:02.752624501 +0200 ++++ gnupg-2.0.9/g10/getkey.c 2013-09-16 16:54:20.955952692 +0200 +@@ -1457,13 +1457,19 @@ parse_key_usage(PKT_signature *sig) + + if(flags) + key_usage |= PUBKEY_USAGE_UNKNOWN; ++ ++ if (!key_usage) ++ key_usage |= PUBKEY_USAGE_NONE; + } ++ else if (p) /* Key flags of length zero. */ ++ key_usage |= PUBKEY_USAGE_NONE; + + /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a + capability that we do not handle. This serves to distinguish + between a zero key usage which we handle as the default + capabilities for that algorithm, and a usage that we do not +- handle. */ ++ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that ++ key_flags have been given but they do not specify any usage. */ + + return key_usage; + } +Index: gnupg-2.0.9/include/cipher.h +=================================================================== +--- gnupg-2.0.9.orig/include/cipher.h 2013-09-16 16:51:02.752624501 +0200 ++++ gnupg-2.0.9/include/cipher.h 2013-09-16 16:56:27.028429026 +0200 +@@ -62,6 +62,11 @@ + #define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */ + #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */ + #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */ ++#define PUBKEY_USAGE_NONE 256 /* No usage given. */ ++#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \ ++ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256 ++# error Please choose another value for PUBKEY_USAGE_NONE ++#endif + + #define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5 + #define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1 diff --git a/gpg2.changes b/gpg2.changes index 6272bcd..1545167 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Sep 16 11:08:55 UTC 2013 - vcizek@suse.com + +- fix CVE-2013-4351 (bnc#840510) + ------------------------------------------------------------------- Mon Aug 19 17:59:48 UTC 2013 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index 12609fb..b44bf64 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -64,6 +64,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch # PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL Patch10: gnupg-2.0.20-automake113.diff +Patch11: gpg2-CVE-2013-4351.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -83,6 +84,7 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %build autoreconf -fi From 3118e2007ae7dc296223da85cfcd72fa5b2c5eb500d632ae5c6b66c5a0b3f8cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Sun, 6 Oct 2013 12:52:46 +0000 Subject: [PATCH 065/156] Accepting request 202374 from Base:System update to 2.0.22 [bnc#844175] [CVE-2013-4402] (forwarded request 202365 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/202374 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=73 --- gnupg-2.0.21.tar.bz2 | 3 -- gnupg-2.0.21.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.22.tar.bz2 | 3 ++ gnupg-2.0.22.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-2.0.9-RSA_ES.patch | 30 ++++++++++---------- gpg2-CVE-2013-4351.patch | 60 --------------------------------------- gpg2.changes | 11 +++++++ gpg2.spec | 4 +-- 8 files changed, 30 insertions(+), 81 deletions(-) delete mode 100644 gnupg-2.0.21.tar.bz2 delete mode 100644 gnupg-2.0.21.tar.bz2.sig create mode 100644 gnupg-2.0.22.tar.bz2 create mode 100644 gnupg-2.0.22.tar.bz2.sig delete mode 100644 gpg2-CVE-2013-4351.patch diff --git a/gnupg-2.0.21.tar.bz2 b/gnupg-2.0.21.tar.bz2 deleted file mode 100644 index d5090d0..0000000 --- a/gnupg-2.0.21.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:00df8902c7cef4d2440d36ca2a45985853eb36c34a4163bc995c3578030eeef5 -size 4300604 diff --git a/gnupg-2.0.21.tar.bz2.sig b/gnupg-2.0.21.tar.bz2.sig deleted file mode 100644 index 4776f67262f29250fd8c2bc821bfdccdeb2bb7b936bad5691424a4824eb7e102..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-nM4TS&-2@oWkInqxhXGayHgmoi>_AS zY;Mh~+ gnupg.org> -Date: Fri Mar 15 15:46:03 2013 +0100 - - gpg: Distinguish between missing and cleared key flags. - - * include/cipher.h (PUBKEY_USAGE_NONE): New. - * g10/getkey.c (parse_key_usage): Set new flag. - -- - - We do not want to use the default capabilities (derived from the - algorithm) if any key flags are given in a signature. Thus if key - flags are used in any way, the default key capabilities are never - used. - - This allows to create a key with key flags set to all zero so it can't - be used. This better reflects common sense. - - Modified g10/getkey.c -Index: gnupg-2.0.9/g10/getkey.c -=================================================================== ---- gnupg-2.0.9.orig/g10/getkey.c 2013-09-16 16:51:02.752624501 +0200 -+++ gnupg-2.0.9/g10/getkey.c 2013-09-16 16:54:20.955952692 +0200 -@@ -1457,13 +1457,19 @@ parse_key_usage(PKT_signature *sig) - - if(flags) - key_usage |= PUBKEY_USAGE_UNKNOWN; -+ -+ if (!key_usage) -+ key_usage |= PUBKEY_USAGE_NONE; - } -+ else if (p) /* Key flags of length zero. */ -+ key_usage |= PUBKEY_USAGE_NONE; - - /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a - capability that we do not handle. This serves to distinguish - between a zero key usage which we handle as the default - capabilities for that algorithm, and a usage that we do not -- handle. */ -+ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that -+ key_flags have been given but they do not specify any usage. */ - - return key_usage; - } -Index: gnupg-2.0.9/include/cipher.h -=================================================================== ---- gnupg-2.0.9.orig/include/cipher.h 2013-09-16 16:51:02.752624501 +0200 -+++ gnupg-2.0.9/include/cipher.h 2013-09-16 16:56:27.028429026 +0200 -@@ -62,6 +62,11 @@ - #define PUBKEY_USAGE_CERT GCRY_PK_USAGE_CERT /* Also good to certify keys. */ - #define PUBKEY_USAGE_AUTH GCRY_PK_USAGE_AUTH /* Good for authentication. */ - #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN /* Unknown usage flag. */ -+#define PUBKEY_USAGE_NONE 256 /* No usage given. */ -+#if (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \ -+ | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) >= 256 -+# error Please choose another value for PUBKEY_USAGE_NONE -+#endif - - #define DIGEST_ALGO_MD5 /* 1 */ GCRY_MD_MD5 - #define DIGEST_ALGO_SHA1 /* 2 */ GCRY_MD_SHA1 diff --git a/gpg2.changes b/gpg2.changes index 1545167..4b061f3 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sat Oct 5 11:44:42 UTC 2013 - andreas.stieger@gmx.de + +- update to 2.0.22 [bnc#844175] + * Fixed possible infinite recursion in the compressed packet + parser. [CVE-2013-4402] + * Improved support for some card readers. + * Prepared building with the forthcoming Libgcrypt 1.6. + * Protect against rogue keyservers sending secret keys. +- remove gpg2-CVE-2013-4351.patch, committed upstream + ------------------------------------------------------------------- Mon Sep 16 11:08:55 UTC 2013 - vcizek@suse.com diff --git a/gpg2.spec b/gpg2.spec index b44bf64..7361834 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.0.21 +Version: 2.0.22 Release: 0 BuildRequires: automake >= 1.10 BuildRequires: expect @@ -64,7 +64,6 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch # PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL Patch10: gnupg-2.0.20-automake113.diff -Patch11: gpg2-CVE-2013-4351.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -84,7 +83,6 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 %build autoreconf -fi From 8b70a61e6779d9eddeb61ca95cf0f30b623f574cd5c5bd3bc53c9b330aca0248 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Mon, 17 Feb 2014 06:18:17 +0000 Subject: [PATCH 066/156] Accepting request 222429 from Base:System - install scdaemon to /usr/bin (bnc#863645) (forwarded request 222380 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/222429 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=74 --- gpg2.changes | 5 +++++ gpg2.spec | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 4b061f3..8d3ed20 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Feb 14 16:14:14 UTC 2014 - vcizek@suse.com + +- install scdaemon to /usr/bin (bnc#863645) + ------------------------------------------------------------------- Sat Oct 5 11:44:42 UTC 2013 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index 7361834..ae6193e 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -126,6 +126,8 @@ ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot # additional files to documentation directory install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ $RPM_BUILD_ROOT/%{_docdir}/%{name} +# install scdaemon to %{_bindir} (bnc#863645) +mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} %find_lang gnupg2 %if 0%{?suse_version} > 1020 %fdupes %buildroot From 6dc88a678a5be2139f9c62a9f3ff7db166ef4a84a5e9fef69ed8805fbf018037 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Fri, 2 May 2014 17:21:25 +0000 Subject: [PATCH 067/156] Accepting request 232310 from Base:System - add patch by Stephan Mueller which adds an option to enable legacy ciphers in FIPS mode * added gnupg-add_legacy_FIPS_mode_option.patch (part of bnc#856312) - added BuildRequires: makeinfo (to build info pages from the patched gnupg.texi) (forwarded request 232207 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/232310 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=75 --- gnupg-add_legacy_FIPS_mode_option.patch | 63 +++++++++++++++++++++++++ gpg2.changes | 10 ++++ gpg2.spec | 3 ++ 3 files changed, 76 insertions(+) create mode 100644 gnupg-add_legacy_FIPS_mode_option.patch diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch new file mode 100644 index 0000000..bbaccf5 --- /dev/null +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -0,0 +1,63 @@ +Index: gnupg-2.0.22/doc/gpg.texi +=================================================================== +--- gnupg-2.0.22.orig/doc/gpg.texi 2013-10-04 19:08:32.000000000 +0200 ++++ gnupg-2.0.22/doc/gpg.texi 2014-04-30 12:42:35.129468147 +0200 +@@ -1795,6 +1795,24 @@ implies, this option is for experts only + understand the implications of what it allows you to do, leave this + off. @option{--no-expert} disables this option. + ++@item --set-legacy-fips ++@itemx --set-legacy-fips ++@opindex set-legacy-fips ++Enable legacy support even when the libgcrypt library is in FIPS 140-2 ++mode. The legacy mode of libgcrypt allows the use of all ciphers, ++including non-approved ciphers. This mode is needed when for legacy ++reasons a message must be encrypted or decrypted. Legacy reasons for ++decryptions include the decryption of old messages created with a ++public key that use cipher settings which do not meet FIPS 140-2 ++requirements. Legacy reasons for encryption include the encryption ++of messages with a recipients public key where the recipient is not ++bound to FIPS 140-2 regulation and therefore provided a key using ++non-approved ciphers. Although the legacy mode is a violation of strict ++FIPS 140-2 rule interpretations, it is wise to use this mode or ++either not being able to access old messages or not being able ++to create encrypted messages to a recipient that is not adhering ++to FIPS 140-2 rules. ++ + @end table + + +Index: gnupg-2.0.22/g10/gpg.c +=================================================================== +--- gnupg-2.0.22.orig/g10/gpg.c 2014-04-30 12:42:35.117468014 +0200 ++++ gnupg-2.0.22/g10/gpg.c 2014-04-30 12:42:35.129468147 +0200 +@@ -368,6 +368,7 @@ enum cmd_and_opt_values + oDisableDSA2, + oAllowMultipleMessages, + oNoAllowMultipleMessages, ++ oSetLegacyFips, + + oNoop + }; +@@ -744,6 +745,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"), + ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), + ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ++ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + + /* These two are aliases to help users of the PGP command line + product use gpg with minimal pain. Many commands are common +@@ -2948,6 +2950,13 @@ main (int argc, char **argv) + opt.flags.allow_multiple_messages=0; + break; + ++ case oSetLegacyFips: ++ if(gcry_fips_mode_active()) ++ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode"); ++ else ++ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); ++ break; ++ + case oNoop: break; + + default: diff --git a/gpg2.changes b/gpg2.changes index 8d3ed20..0845f19 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Apr 29 12:06:03 UTC 2014 - vcizek@suse.com + +- add patch by Stephan Mueller which adds an option to enable + legacy ciphers in FIPS mode + * added gnupg-add_legacy_FIPS_mode_option.patch + (part of bnc#856312) +- added BuildRequires: makeinfo (to build info pages from the + patched gnupg.texi) + ------------------------------------------------------------------- Fri Feb 14 16:14:14 UTC 2014 - vcizek@suse.com diff --git a/gpg2.spec b/gpg2.spec index ae6193e..f61cc28 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -30,6 +30,7 @@ BuildRequires: libgcrypt-devel >= 1.4.0 BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libusb-devel +BuildRequires: makeinfo BuildRequires: openldap2-devel BuildRequires: readline-devel BuildRequires: zlib-devel @@ -64,6 +65,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch # PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL Patch10: gnupg-2.0.20-automake113.diff +Patch11: gnupg-add_legacy_FIPS_mode_option.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -83,6 +85,7 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %build autoreconf -fi From 0eb530bef387a9b7875bc1bb6fc01533d672f53d1677f467f3cae0fdf3a7a36c Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Wed, 18 Jun 2014 08:59:08 +0000 Subject: [PATCH 068/156] Accepting request 236186 from Base:System update to 2.0.23 (forwarded request 236179 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/236186 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=76 --- gnupg-2.0.18-files-are-digests.patch | 40 +- gnupg-2.0.22.tar.bz2 | 3 - gnupg-2.0.22.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.23.tar.bz2 | 3 + gnupg-2.0.23.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-2.0.9-RSA_ES.patch | 45 - gnupg-add_legacy_FIPS_mode_option.patch | 33 +- gnupg-dont-fail-with-seahorse-agent.patch | 8 +- gpg2.changes | 28 + gpg2.keyring | 1416 ++++++++------------- gpg2.spec | 6 +- 11 files changed, 580 insertions(+), 1002 deletions(-) delete mode 100644 gnupg-2.0.22.tar.bz2 delete mode 100644 gnupg-2.0.22.tar.bz2.sig create mode 100644 gnupg-2.0.23.tar.bz2 create mode 100644 gnupg-2.0.23.tar.bz2.sig delete mode 100644 gnupg-2.0.9-RSA_ES.patch diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 1fc153f..1e9540c 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -1,7 +1,14 @@ -diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c ---- gnupg-2.0.18.orig/g10/gpg.c 2011-07-22 13:00:44.000000000 +0100 -+++ gnupg-2.0.18/g10/gpg.c 2011-08-06 21:07:32.000000000 +0100 -@@ -341,6 +341,7 @@ enum cmd_and_opt_values +--- + g10/gpg.c | 4 +++ + g10/options.h | 1 + g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- + 3 files changed, 66 insertions(+), 5 deletions(-) + +Index: gnupg-2.0.23/g10/gpg.c +=================================================================== +--- gnupg-2.0.23.orig/g10/gpg.c 2014-06-03 22:36:44.000000000 +0100 ++++ gnupg-2.0.23/g10/gpg.c 2014-06-03 22:36:55.000000000 +0100 +@@ -345,6 +345,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -9,7 +16,7 @@ diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -706,6 +707,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), @@ -17,15 +24,15 @@ diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -1996,6 +1998,7 @@ main (int argc, char **argv) +@@ -2001,6 +2003,7 @@ main (int argc, char **argv) opt.def_sig_expire="0"; opt.def_cert_expire="0"; set_homedir ( default_homedir () ); + opt.files_are_digests=0; opt.passphrase_repeat=1; + opt.emit_version = 1; /* Limit to the major number. */ - /* Check whether we have a config file on the command line. */ -@@ -2484,6 +2487,7 @@ main (int argc, char **argv) +@@ -2491,6 +2494,7 @@ main (int argc, char **argv) case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; case oForceV3Sigs: opt.force_v3_sigs = 1; break; case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; @@ -33,11 +40,11 @@ diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c case oForceV4Certs: opt.force_v4_certs = 1; break; case oNoForceV4Certs: opt.force_v4_certs = 0; break; case oForceMDC: opt.force_mdc = 1; break; -Only in gnupg-2.0.18/g10: gpg.c.orig -diff -rup gnupg-2.0.18.orig/g10/options.h gnupg-2.0.18/g10/options.h ---- gnupg-2.0.18.orig/g10/options.h 2011-07-22 13:00:44.000000000 +0100 -+++ gnupg-2.0.18/g10/options.h 2011-08-06 21:07:32.000000000 +0100 -@@ -194,6 +194,7 @@ struct +Index: gnupg-2.0.23/g10/options.h +=================================================================== +--- gnupg-2.0.23.orig/g10/options.h 2014-06-03 22:36:44.000000000 +0100 ++++ gnupg-2.0.23/g10/options.h 2014-06-03 22:36:55.000000000 +0100 +@@ -198,6 +198,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -45,9 +52,10 @@ diff -rup gnupg-2.0.18.orig/g10/options.h gnupg-2.0.18/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -diff -rup gnupg-2.0.18.orig/g10/sign.c gnupg-2.0.18/g10/sign.c ---- gnupg-2.0.18.orig/g10/sign.c 2011-07-22 13:00:44.000000000 +0100 -+++ gnupg-2.0.18/g10/sign.c 2011-08-06 21:07:32.000000000 +0100 +Index: gnupg-2.0.23/g10/sign.c +=================================================================== +--- gnupg-2.0.23.orig/g10/sign.c 2014-06-03 22:36:44.000000000 +0100 ++++ gnupg-2.0.23/g10/sign.c 2014-06-03 22:36:55.000000000 +0100 @@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, sk); } diff --git a/gnupg-2.0.22.tar.bz2 b/gnupg-2.0.22.tar.bz2 deleted file mode 100644 index 348852d..0000000 --- a/gnupg-2.0.22.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251 -size 4277117 diff --git a/gnupg-2.0.22.tar.bz2.sig b/gnupg-2.0.22.tar.bz2.sig deleted file mode 100644 index 462c9be97c54ddf5ba789f4e16d7b00da55f72a74565211df7dbec828e6bf0de..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-n}0aySE2@oWkInqxhXGayHgmoi>_AS zY;Mh~+|P2m1%VQR!}~{t{dJ8OCt? z!+y&qktLo-=t*tL@z7WXFgL;CPDauqC?9PJIc$!J1s|EL3lJFjo|`RcEWDLqS>)k& z9@ER11~b(s-Hhy+?A^VYr;8x4G(>No#+(jAoZQ!NUcce-G3t-=VoeYeQp;)nrHDf3 z+G2CajO>0_WA3^dvbUN?&1#8PFR7e9KLB_CL90Fvv5SHoJZ}TYl?E)Ju8yxwfuDBS zcAT<#s86!-IkhR8y$DqoxA-i6m7>aynok>q)yxw}8xjxSnjk*aGg7>@+NLc}Se8&- lFfZkvv2UQS;FybNRhf!8A4zmF4}-x7z)^;q0>a3E+dl63hGYN$ literal 0 HcmV?d00001 diff --git a/gnupg-2.0.9-RSA_ES.patch b/gnupg-2.0.9-RSA_ES.patch deleted file mode 100644 index e66e23b..0000000 --- a/gnupg-2.0.9-RSA_ES.patch +++ /dev/null @@ -1,45 +0,0 @@ -# adds back support for deprecated RSA_E, RSA_S algorithms ---- -# g10/misc.c | 8 ++++++++ -# 1 file changed, 8 insertions(+) -# -Index: gnupg-2.0.22/g10/misc.c -=================================================================== ---- gnupg-2.0.22.orig/g10/misc.c 2013-10-04 16:54:48.000000000 +0100 -+++ gnupg-2.0.22/g10/misc.c 2013-10-05 12:39:16.000000000 +0100 -@@ -1333,6 +1333,8 @@ pubkey_get_npkey( int algo ) - - if (algo == GCRY_PK_ELG_E) - algo = GCRY_PK_ELG; -+ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) -+ algo = GCRY_PK_RSA; - if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo), - GCRYCTL_GET_ALGO_NPKEY, NULL, &n)) - n = 0; -@@ -1353,6 +1355,8 @@ pubkey_get_nskey( int algo ) - - if (algo == GCRY_PK_ELG_E) - algo = GCRY_PK_ELG; -+ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) -+ algo = GCRY_PK_RSA; - if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo), - GCRYCTL_GET_ALGO_NSKEY, NULL, &n )) - n = 0; -@@ -1373,6 +1377,8 @@ pubkey_get_nsig( int algo ) - - if (algo == GCRY_PK_ELG_E) - algo = GCRY_PK_ELG; -+ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) -+ algo = GCRY_PK_RSA; - if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo), - GCRYCTL_GET_ALGO_NSIGN, NULL, &n)) - n = 0; -@@ -1393,6 +1399,8 @@ pubkey_get_nenc( int algo ) - - if (algo == GCRY_PK_ELG_E) - algo = GCRY_PK_ELG; -+ if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S) -+ algo = GCRY_PK_RSA; - if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo), - GCRYCTL_GET_ALGO_NENCR, NULL, &n )) - n = 0; diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index bbaccf5..6ac0990 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -1,8 +1,13 @@ -Index: gnupg-2.0.22/doc/gpg.texi +--- + doc/gpg.texi | 18 ++++++++++++++++++ + g10/gpg.c | 9 +++++++++ + 2 files changed, 27 insertions(+) + +Index: gnupg-2.0.23/doc/gpg.texi =================================================================== ---- gnupg-2.0.22.orig/doc/gpg.texi 2013-10-04 19:08:32.000000000 +0200 -+++ gnupg-2.0.22/doc/gpg.texi 2014-04-30 12:42:35.129468147 +0200 -@@ -1795,6 +1795,24 @@ implies, this option is for experts only +--- gnupg-2.0.23.orig/doc/gpg.texi 2014-06-03 22:22:56.000000000 +0100 ++++ gnupg-2.0.23/doc/gpg.texi 2014-06-03 22:25:03.000000000 +0100 +@@ -1851,6 +1851,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -27,29 +32,29 @@ Index: gnupg-2.0.22/doc/gpg.texi @end table -Index: gnupg-2.0.22/g10/gpg.c +Index: gnupg-2.0.23/g10/gpg.c =================================================================== ---- gnupg-2.0.22.orig/g10/gpg.c 2014-04-30 12:42:35.117468014 +0200 -+++ gnupg-2.0.22/g10/gpg.c 2014-04-30 12:42:35.129468147 +0200 -@@ -368,6 +368,7 @@ enum cmd_and_opt_values - oDisableDSA2, +--- gnupg-2.0.23.orig/g10/gpg.c 2014-06-03 22:24:52.000000000 +0100 ++++ gnupg-2.0.23/g10/gpg.c 2014-06-03 22:25:56.000000000 +0100 +@@ -369,6 +369,7 @@ enum cmd_and_opt_values oAllowMultipleMessages, oNoAllowMultipleMessages, + oAllowWeakDigestAlgos, + oSetLegacyFips, oNoop }; -@@ -744,6 +745,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"), +@@ -746,6 +747,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), + ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -2948,6 +2950,13 @@ main (int argc, char **argv) - opt.flags.allow_multiple_messages=0; - break; +@@ -2959,6 +2961,13 @@ main (int argc, char **argv) + opt.flags.allow_weak_digest_algos = 1; + break; + case oSetLegacyFips: + if(gcry_fips_mode_active()) diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index f0b3599..c5d9788 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,10 +2,10 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.0.15/g10/passphrase.c +Index: gnupg-2.0.23/g10/passphrase.c =================================================================== ---- gnupg-2.0.15.orig/g10/passphrase.c 2010-01-11 15:11:17.000000000 +0100 -+++ gnupg-2.0.15/g10/passphrase.c 2010-04-07 16:06:49.000000000 +0200 +--- gnupg-2.0.23.orig/g10/passphrase.c 2014-06-03 07:59:18.000000000 +0100 ++++ gnupg-2.0.23/g10/passphrase.c 2014-06-03 22:37:30.000000000 +0100 @@ -72,7 +72,7 @@ encode_s2k_iterations (int iterations) { /* Don't print an error if an older agent is used. */ @@ -13,5 +13,5 @@ Index: gnupg-2.0.15/g10/passphrase.c - log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); + log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); /* Default to 65536 which we used up to 2.0.13. */ - return 96; + return 96; } diff --git a/gpg2.changes b/gpg2.changes index 0845f19..0cc913c 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Tue Jun 3 21:55:34 UTC 2014 - andreas.stieger@gmx.de + +- update to 2.0.23: + * gpg: Reject signatures made using the MD5 hash algorithm unless the + new option --allow-weak-digest-algos or --pgp2 are given. + * gpg: Do not create a trustdb file if --trust-model=always is used. + * gpg: Only the major version number is by default included in the + armored output. + * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the + communication with the gpg-agent. + * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more + aligned to the regular key listing ("gpg -k"). + * gpg: The option--show-session-key prints its output now before the + decryption of the bulk message starts. + * gpg: New %U expando for the photo viewer. + * gpgsm: Improved handling of re-issued CA certificates. + * scdaemon: Various fixes for pinpad equipped card readers. + * Minor bug fixes. +- Packaging changes: + * add gpgtar utility + * update and use use source URL for tarball signing key + * removed gnupg-2.0.9-RSA_ES.patch, applied upstream + * updated for context changes: + gnupg-add_legacy_FIPS_mode_option.patch + gnupg-2.0.18-files-are-digests.patch + gnupg-dont-fail-with-seahorse-agent.patch + ------------------------------------------------------------------- Tue Apr 29 12:06:03 UTC 2014 - vcizek@suse.com diff --git a/gpg2.keyring b/gpg2.keyring index 50ad916..1efb704 100644 --- a/gpg2.keyring +++ b/gpg2.keyring @@ -1,50 +1,116 @@ - pub 2048D/1E42B367 2007-12-31 [expires: 2018-12-31] - uid Werner Koch - uid Werner Koch - sub 1024D/77F95F95 2011-11-02 - sub 2048R/C193565B 2011-11-07 [expires: 2013-12-31] + + + + +GnuPG - Signature Key + + + + + + + + + + + + +
- pub 4096R/99242560 2002-01-28 - uid David M. Shaw +
+

Signature Key

+
+

+To guarantee that GnuPG versions you download has not been hacked by +some malicious person, tarballs are signed. +

- pub 1024D/87978569 1999-05-13 - uid Marcus Brinkmann - uid Marcus Brinkmann - uid Marcus Brinkmann - uid Marcus Brinkmann - uid Marcus Brinkmann - sub 2048g/C3AF90C1 1999-05-13 - sub 1024R/08AEA692 2006-04-14 - sub 1024R/FCD2A293 2006-04-14 - sub 1024R/233A942F 2006-04-14 +

+Signature key is reported below. It can also be retrieved from the key +servers or obtained from the GnuPG source tree (doc/samplekeys.asc). +

- pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] +

+Instructions on how to verify the signature is available within README +file of GnuPG distributions. +

+ +
+pub   2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
+        Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
   uid                  Werner Koch (dist sig)
   sub   2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
 
-  pub   1024D/5B0358A2 1999-03-15 [expired: 2011-07-11]
-  uid                  Werner Koch 
-  uid                  Werner Koch 
-  uid                  Werner Koch
-  uid                  Werner Koch 
+Releases done in the years 1996 to 2010 are signed by this key:
+
+  pub   1024R/1CE0C630 2006-01-01 [expires: 2011-06-30]
+        Key fingerprint = 7B96 D396 E647 1601 754B  E4DB 53B6 20D0 1CE0 C630
+  uid                  Werner Koch (dist sig) <dd9jn@gnu.org>
+
+Releases done in the years 1998 to 2005 are signed by this key:
 
   pub   1024D/57548DCD 1998-07-07 [expired: 2005-12-31]
-  uid                  Werner Koch (gnupg sig) 
-
-  pub   1024D/B2D7795E 2001-01-04
-  uid                  Philip R. Zimmermann 
-  uid                  Philip R. Zimmermann 
-  uid                  [jpeg image of size 3369]
-  uid                  [jpeg image of size 3457]
-  uid                  Philip R. Zimmermann 
-  sub   3072g/A8E92834 2001-01-04
-
-  pub   1024R/1CE0C630 2006-01-01 [expired: 2011-06-30]
-  uid                  Werner Koch (dist sig) 
+        Key fingerprint = 6BD9 050F D8FC 941B 4341  2DCC 68B7 AB89 5754 8DCD
+  uid                  Werner Koch (gnupg sig) <dd9jn@gnu.org>
 
 
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.11 (GNU/Linux)
+Version: GnuPG v2.0.17 (GNU/Linux)
 
 mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4
 3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW
@@ -55,885 +121,401 @@ TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY
 urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq
 bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9
 quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv
-Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGEEExECACECF4AFCQ4Uh/0F
-AkG8aF4GCwkIBwMCAxUCAwMWAgECHgEACgkQaLeriVdUjc0EkwCfTXfXdqDS2COs
-ZRm0OUphuY0h4x4AnRSlWyPGnKUFxKOw8TwwCSLsdvZHmQGiBDbtSOkRBACURhKn
-GIFyXIeX61GAY9hJA5FgG4UalV55ohdz4whBgDzDGLE3XYlO8HCn4ggKilll6MOw
-Y0yZeg6PEU9Y3SqTzpQSV6qj2M7MgcS8xOpi6bNCu0iyZUik0KklUXMdI8e/CVmB
-pQJT9CofbD1dsP6z4dC6z3jil0+5Wbfw6yIXzwCgy/7Fagq5mN0H760/JEiiXILS
-1n0D/3H26lTaxo1vGput9Td1FQN7Vn6YDP0/To5ipsOODROV3zyUwF5QleY+8zTF
-JA3qD5KxRfA726WELOF1mB6Mw44UdkPniOoGdMH5oSx6qnNnlVZBBu3U+e1qfQwL
-QjHu0WX4Z2q00DKpWLThGv7Loh5NKi6OfTbMhfHoevCAzQnmA/wKc6J8GqthENTh
-KXxZaei3Ep0t+PlBmbUzuAYCXZhI6/0KyD6emyQ7LYIaPv9qEfMkMLhxicG0v/AA
-wOCBRKS3bkqc6wAYaO0bjUHJvem3HkWPux82t83+6YPyRnVjm/mwt0uEyKSvt7Md
-2DVrO3lEcKRkRHiYuf0nonPhl5Rs5bQaV2VybmVyIEtvY2ggPHdrQGdudXBnLm9y
-Zz6IawQTEQIAIwIXgAIZAQULBwoDAgMVAgMDFgIBAh4BBQJGtcWFBQkXLil/ABIH
-ZUdQRwABAQkQXeJJllsDWKJBTACfQI8TnuVIxE88u2napOMyUfoWZSMAn2t47LUM
-uyDEHRcYvEBiP/SRVvsrtBxXZXJuZXIgS29jaCA8d2tAZzEwY29kZS5jb20+iGME
-ExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAKCRBd4kmW
-WwNYomksAJ4q+Lv3fDvzDJl4JcOmzWHPsPg2QQCdHcj5DwCCM7YnRLiE58ApHdrg
-11S0C1dlcm5lciBLb2NoiGMEExECABsDCwoDAxUDAgMWAgECF4AFAka1xZEFCRcu
-KX8AEgdlR1BHAAEBCRBd4kmWWwNYokHUAKCKSLq+i1yHrG8ZXqJRk+d4SyanGwCe
-KFwqqRr3tbae+m4iK+EcyY+BR2a0HVdlcm5lciBLb2NoIDx3ZXJuZXJAZnNmZS5v
-cmc+iGMEExECACMCGwMCHgECF4AFCwcKAwIDFQIDAxYCAQUCRrXFkQUJFy4pfwAK
-CRBd4kmWWwNYomC9AKCOTnRhGus67gV2k+8K2SwytYDqVQCfcaEJKu8EBd0sx3F0
-24GX/RNwnZq5AQsEQF3bKQEIANEoVLSVnD/YxrBL3s/edXK3YUX1dZvyyLtP0mCX
-41EX3e6pQ4gLXmze7lJU9zB0iGgbTjBgodMsqHIECMWnhrN8uaIgEMOnfsNjdIC0
-lPpOyBQtH7IWRdtG+4g5Tk3/RbHOsroknCUVUTJo9fvOZZUowKP5IyPYWuaW25VL
-RoJ/SKjef3ttQC+5Td2CNMWgepbjTXuyZ9sThUzCctiLf/VJL2zTKwozo/HnIQze
-hCI5b/2lLjzBIV+zeVeLw3UGKSA91TkUUD7kEZJSHHIV/6Wp2PBwHIELstPd0KsV
-5ZA4vRR5WHrAbjw7rePyO57uZ9Ob7nn25ecP8nrk+IdxlOcABimITwQYEQIADwUC
-QF3bKQIbDAUJA1jvAAAKCRBd4kmWWwNYohLWAKCgnbPg6cDR1W3tkz894CwpcDQo
-VQCfcBXfK5kpfhYfDk+d/mwuYXktSSW5AQsEQ7gWIgEIANFah4LB/iVUglBqEzvK
-0VG88yuRJlDLTvb8jr/hA8qxocj4eegHw+NOYGnIEMsrxjo5/djWE1vvvF76baD7
-xar8FQoe9SLUX7HOzOmeLG0yv5A6LLpTuQIkDp8a+rSqbOtcZy/mteka9bDJl/KZ
-MtbhfZYqA0vxuE4PLS4n1lH9+GMTuecgeAhuhKcEBQ8cKwj0EW6axtTwUqwokI4G
-rOIcTIMduLHu4/oHJiyUfa1TD1Z1BTxjOjaZaiOCFemMTtRPS0BvhA1N3C6suCIQ
-gfm6awzjd6WvX/ad3ToqKBBf41HgyrK1H7bwm0QQq9QvAlmmYTGzgH44HjHyX7ot
-zT8ABimITwQYEQIADwUCQ7gWIgIbDAUJA8EVgAAKCRBd4kmWWwNYol3LAJ43JG07
-X/IjKI2Si1hF87nLfG4ehwCcDIDiNrFrvTaxGziI9H9ZYmQyASq5AaIER3ko1BEE
-AITOSpTeW3g46dEaTnGDrre9/WrhXvHzL7kP1TpzYC4jig7C2t63xUgLCgmv17ie
-C9j+VqiK6olGPIL8y5RdHjJgStNAL+psZ0kjx2yGACUpgDky49hRtfxWGuohJnBH
-Upsp/2DGOCyL0nlzkvJRIVdIZAMgYYmnGu8atilHpHb/AKD/aYLuxeQfHRjylB8y
-Od7iHEE7VwP/QSxhwtSQWXdgz/KyTwjAjN69JGNx6iUKrwNiPLphEufYi0EzdKkr
-xltkTLuZYmd+yoxMKvoKHAOgLe+RcnF9ZZDc2XUjujIlu0lDIe0/2xUXJYQ3zKza
-St1qbzuk414SzRjkisVUne/GuJNuM2wAwTSmeGXhO/fgc++1MiuLdr8D/j/T8lfN
-S48czJ0eF+/VG2FG5l+JVucRbvmBWilVWFXWOTWyoFuqQ+8t6uHAdlyyxZlgt3rZ
-WsU6r2vQ+ayELJ3nny4zZdxlBA8O2XbpV3fXf5NlUsZWY3/tifySOwHIQRvJX0NA
-Sz2Ao4qXBKF7CM6sZzlbXja6XHZyUG5p3anAiJcEGBECAA8FAkd5KNQCGwIFCQah
-TGwAUgkQXeJJllsDWKJHIAQZEQIABgUCR3ko1AAKCRDNP81ePVLCghD5AJ46ond0
-H0ny3nPQrXI5/CQxk12YzACfR+j9+k0y+vLYfzuDCWoSuLeWuvBYygCePPYlR8Tt
-yegne86Z/xquxNFgFjsAoL6wDuo4gsI+6/bzSNlyrkUYmLO7uQENBEd5KWMBCADe
-LY1DPSaB2NyWLeaLLTa1G0QTIXp2y6FpLvgC/PIzR8InRxNhkBDaswFBPuc/oASN
-QCvXTCjFsgPvc1jS6UpTHY3NnZlxB6s5NbW1YDPQE1CklJ73uNU9r8aBxMhsrzoq
-VO/PzLqUhcwWp/6sBjyFz5Zb+WNip4Id9J+ej537r2UJo/GiMh3JOWgp5/SqUTWz
-wowtU111eROlURVh6wrG11ZbQqFo7qMY1lAut8Vt4vJxKvjTdlls7fhRfPwmcxBD
-XxZycPOKO8VF3XJPI3bVxkoKFRuOJZK/fHnghgEYwrviKiG0vDISUOTqOE63haot
-a72gUUlDTJGrorvNO8C/ABEBAAGITwQYEQIADwUCR3kpYwIbDAUJBp/6XQAKCRBd
-4kmWWwNYohbBAKDA1ZUpbI3OWd+5Efnj482Urmv47gCgtXRryMuxJZ8MWhfBZ0Yq
-vH7DeKC5AaIEQF3aTxEEAP9SgfIbIPL6BQ1nqoblsTYoiwWPL48uBZPjkDfy8XsV
-R5V9aRQlggC4x4/MD3Ip5AUgReI7PcHnp4m3vcVLXPl+/7i7hAwd84iKzgN8I8VW
-0EevflcNm7nbWEnpjaGxJWFbhSLI1DmqnafoU8nZgGp2QoE+flgGDd559C3SiHRT
-AKDbqgS3EDhTbwfS+bAhW5Xi8/2CPwP9HueeuW9M/cyt8UvliLsj2eYMEIy7CeSL
-O13XfnqCjcnHK+b59/ADd99dpMaq3gKj7Aj1RIsRV2qWDJpDNXVxP7Cy+FzxelQs
-ytPQOV8H8AkB+RgmSyfxlNRUkC3sQU6jR9IwmPD4iB5fp/SqUpn++77TAArXqsfH
-bmlnwcuU1EAD/i7CEhxLBYS1N77hwxL8DWCqjpi+1PKG+6dc0BQFIU3uUhbzLGfq
-EobUDhveqgtlsvoEZ/lR8RgMv/uOjXEgiATQyTEa7s3M2vjXlpLjXjzklma3Lqmc
-am3dEf/5OR02yZif6hPU/x8f/VQle0kKNKdOCV1+dlo8aJH2UIZRRIvtiJcEGBEC
-AA8CGwIFCQcbVgAFAkR1rB0AUkcgBBkRAgAGBQJEdawTAAoJEGB4TpQBClft2RMA
-n1XiL/bC9hByZInCJTaCd8WS8kYCAKCfpAWwLIxkfwAeD/RI+2p00nQfvAkQXeJJ
-llsDWKKx7QCguc4/HiEs64Ey5p6Yihy67X8E0YsAnRXMFdXVP7ww8uldljPiD1Tg
-yurpiEYEEBECAAYFAjc3I8UACgkQ9u7fIBhLxNmHZQCglWbPDznIcnOxdDW+k7Yg
-A9+/n00An1ZjSiJipverUxLEFHAbSBWI0IntiEYEEBECAAYFAjc6+aMACgkQdQ9k
-lcidkz6GiwCdGe0KSP/vSyEZM/GClQXvjMD4RvMAoJwyTIdcjPZbQizDeAO3btn2
-CCwTiEYEEBECAAYFAjgUDhkACgkQYAeQgHPH80+I2gCdHeTAPusmEfN2bdkijpW1
-gpxBvGoAn1kzL7Mg7tC4pqlqw2fV3kRUy1a5iEYEEBECAAYFAjgqYh4ACgkQ4/JY
-VBKPDnkPkACgmzk7HMlJ1h0qw6OHyMtDE4RI4ToAni+Cm+01pHfzh0EnFQTvLE1M
-9PtoiEYEEBECAAYFAjnKOw4ACgkQK7tDpvCerwquXwCfbW9xGF2AHQakBPakh61x
-KmC8WEEAn3TytfY5qrTjxIj2HZFKN5QuQpYSiEYEEBECAAYFAjnKiy8ACgkQF6ZB
-bfeUj9ombQCfYQYxpipdMGBxbNd8jbL9RDmH3nMAoITmZnDJwXzpHNuSLY8o3c5Y
-hHXziEYEEBECAAYFAjnKnXcACgkQNfZhfFE679le7gCggQjsjFhjaIO1lWHfPusn
-0dqdhRYAn3rOW0XSeh64V9o+VItH2LZngmNAiEYEEBECAAYFAjnLMigACgkQUaz2
-rXW+gJcIVgCfRRq0G2fCcZOFoey9uZGAkWctKsQAoLw6lUhdeZDgULrDC7OQRIk7
-CnMtiEYEEBECAAYFAjnPp1IACgkQkVrMRaj0wv0IqwCfWGMeiZ58ysuZCAP9IsX3
-aKcSPtcAoJno1COOjAMhoWjUiHctgLZX9+gTiEYEEBECAAYFAjnQ39UACgkQbyOL
-wk/aWgxfIwCfb/GeMAD8w84hq5/aUQMCvVqUYqAAn07SKuWYsZLEUuPWIgYY0yoB
-yJxviEYEEBECAAYFAjnSCrEACgkQv+EgZWshSJq8jACfdf20dqs3IWOPHgFMdYb5
-VF+WkJUAn05quvyHB3Xug8csxWg6RwSfQBTBiEYEEBECAAYFAjpMy0UACgkQ7UaB
-yb89+bRUrQCg6aozpYiCEDPVAHe54/8/q48FLP8AniviG9fjxInPaSKB+LXRmQjc
-2jLZiEYEEBECAAYFAjqJgd8ACgkQYogE2yD8bPYGagCggMsqGJN61JuOQkY5MiKb
-4UPQpBwAniNYwQb+hlEzJF7qnPECh0MAxq8OiEYEEBECAAYFAjrBCNQACgkQt1an
-jIgqbEu30gCdEsSeFtJ5KziD5l/CvAhVZt9lnQUAnRrmbV8HkndXp3+DNoREgscZ
-k/rliEYEEBECAAYFAjrB0SkACgkQ0vCiU5+ISsiPkgCeOFayt7NkcymwTC2UKNjj
-yukNDvAAoLq/bOTNZECtztYIMDQ2VrzZ3m6KiEYEEBECAAYFAjr1eYsACgkQ7A6v
-cTZ3gCXdrQCgllIx6G2DkKSGKBhYCgsyywFBXLUAn2PJGrCOov0LS8jCMD2Xo4T7
-qfsjiEYEEBECAAYFAjr1mwEACgkQLBigKrTF83+E4ACffa4yaJ6Pj4uFZY7dVuiO
-fkuoTE8AniIdw0DVkHBuxlNp9PAglhztyE+oiEYEEBECAAYFAjtFbTsACgkQ53Xj
-JNtBs4ex3wCfXLPNscM4Uxtmy0/t5Ygg9lDWEQAAnR39P9eJtEeBtMPfbEGYc10A
-BqjkiEYEEBECAAYFAjtF2QAACgkQI/q1+wgWzBuJgACeIak+A98IheVSowXG4J6j
-zBA439MAn2IFA8EB/EkQ1rn7OEmFNX++PNZyiEYEEBECAAYFAjtF8RYACgkQJ4bC
-RH+KQBfSwgCaAvm7pL+LioYj/oKDBQ1pJAj+UqMAn10W8RKrYblMZ4L11R2TO9xO
-vFn6iEYEEBECAAYFAjtIDxYACgkQBgac8paUV/DLWACgifbHtSi50JxmSr18Wofe
-VcVcAXUAoJs99aH6/t9gkO34ajXjiIQxc0qMiEYEEBECAAYFAjtIJ18ACgkQ11ld
-N0tyliUx5gCggbhG1uzvdgHNY8oCt4cc6TfHUREAoJuRw8q2kbztnt8TQ4mjiTIN
-cBXziEYEEBECAAYFAjtJwaAACgkQUI/TY7yTaDkPjgCcDSJQUZBBP/5OvW48Q3BU
-kUkRSQkAn1Mjqe4WTFEEA8HK5h+KDcqR0aZIiEYEEBECAAYFAjtKFVcACgkQliSD
-4VZixzSYCgCeJpt98LMq02q9W1bK5iPUvCkcsSYAn1dqFcoXctXVnMj53z8zfAaW
-0BcwiEYEEBECAAYFAjtLFwcACgkQDqdWtRRIQ/XMGQCdH1u9tmtUYY3ExVLdT/H2
-IIQCU3MAoI69Y4Z17RDh4Bj2gmJwmEAmfDwbiEYEEBECAAYFAjtMF8oACgkQ1w1f
-WGA80Hj2mwCfazudYZSMmQWO85xZvg0uTB3rhZQAn3DSyrvXxIpmv0CcnBtUQu5N
-21kSiEYEEBECAAYFAjtRuWUACgkQ5DsVPMtGficbLACeNpRJOS9AZ7q7bhX2sBJg
-lKLloTsAoLm5FTnY6iAySfPZZlwAVeE6zMJwiEYEEBECAAYFAjtSxD8ACgkQO/YJ
-xouvzb1F7ACfVp8vhxAWCeRZN3InlvYLrxFTng4An1QO6+D3QUjX+0YRNZ3tpZDT
-Sd6QiEYEEBECAAYFAjtXQl8ACgkQeRYvNvf2qtklNwCfcg4Tss3C9Nf6NiyOAHhX
-O4JLhtkAn055IHb4i2IO5TQLSQi0tk4ktZVfiEYEEBECAAYFAjtnOlkACgkQwAsN
-NiHlPr2cagCg07IN1/MaXn+8yd4Ncp9/723gEBgAnjNCoGAAccbvCCVE29sXBNAv
-Uo8MiEYEEBECAAYFAjuYRI4ACgkQkC29kYw4qQpqwACfcyB4krJFqyeHoKzRYDqW
-8JDUdvcAn2pa3UDeKM7FVe8LgCQyz0McM4JqiEYEEBECAAYFAjwH+10ACgkQ2tKw
-XV88MYVF8gCeMoYaFN7v/VDmuYt+G1BXDxzcuusAnR8fAcIyBjSffB0yEIwaA7O9
-X7ZxiEYEEBECAAYFAjwIEdIACgkQaliC34RARgJ9zgCfS1K0bROVSB+9wX4g+xEE
-0phEAToAn3etSLME5hzsisIRMjUsGbBDe7+aiEYEEBECAAYFAjwjtVQACgkQRHJT
-9Ar9DKjv+QCbBE3lRMzyKxTbPUd9v+nB8EVqv4cAn0DxPkAIkuriAuwtOjCypTDN
-ydyxiEYEEBECAAYFAjxdq0AACgkQ7vDbNLMhJgNwvwCeMc0QmOS0ctJOX1J9a3DW
-kMyUdf4An3iIslZ7stkMOi1VdyE5fR2YDvNFiEYEEBECAAYFAjxw4+MACgkQGM0l
-pSLzivNlngCeLdkkRkcyHVKttl6Z9IQExE+gaNsAnRko+7BQOu5jXMfGarg1rE2z
-DhsFiEYEEBECAAYFAjxxJxIACgkQscRzFz57S3PkJwCg3qepdTsiNKuGYC6a1RlJ
-ZTBqkiEAn2G6ypvCpWAL43LWbMbyyf/rYxSoiEYEEBECAAYFAjxxQYIACgkQOhqm
-NZCaVAYvbACgz9mXzo/nC64mx03IFgL8oFuBAhIAoL91NILXxGYrkaOnM+2Ci20U
-vA3ZiEYEEBECAAYFAjxzeIMACgkQo+C50no0+t5J7QCgpSCgGQ8eMefvsDsF0DlE
-ZzuAHNoAoK1TFwuK7ZowUQJyWp1tKDtNDbx3iEYEEBECAAYFAjx+gfMACgkQjjtz
-nt0rzJ3/dgCgnDMnLna3yPskxeVf32wDbTHLxf0AnjWCw4lfYauS0LumGv9uHN9P
-aErhiEYEEBECAAYFAjyAY8EACgkQ14NrbAzZIOdEPgCgt5DiZfRFkvzAPecRDCIp
-3pOdUwkAnjj1CDE+Kzg2RiK9Z73QM8B0J4driEYEEBECAAYFAjyBd5kACgkQ/3vb
-rZlD49+lmwCfS9apz+gEHsRV6ELS4NtCLvrJsRkAn3AexpisdP+8KwolieJwaVPi
-tN2giEYEEBECAAYFAjyMzCQACgkQhbmQdcKRDkGoiACaAqrwXn6kf3aD7wss1rgQ
-mrCtJKIAoIU6uifoxBubp2+YjW6kjbnkFMD0iEYEEBECAAYFAjyXNDoACgkQoegC
-cNp0M5aGrgCeLBRQ8CAVzPO8OTz2TMFqYLIbFrcAoK2qJqojmF2+THtFCHz0hhiB
-AekNiEYEEBECAAYFAjyXNjgACgkQg2i7WWb7wYxzxwCfcrZ5yTwjn9Sh1S/yL3MB
-KBs8uxUAn0pC4GgIsbbaxcf1QA5AYwFiPcPEiEYEEBECAAYFAjyxODEACgkQJXt5
-TsZsoD0pVgCfTIJ88OFNFlnUFoNZemDdbd4ZqEsAn1y5ZyCl5SYkqFTGiVtkgtII
-EhK7iEYEEBECAAYFAjyxguAACgkQeuuK7Uc6ScnBgACfUlQrrDUb78b93JEvThA/
-f1ZankIAni448ZxagzPjnj/vH33yK14agnq0iEYEEBECAAYFAjyxj4MACgkQocWS
-fM5dzg4qigCdHrjYquNu2aphWggG5E0G6zCW5MEAn1NQJmKkTEUsbanbVOBx1G5w
-vYkeiEYEEBECAAYFAjyyhzsACgkQVlEzpFDUq7k99gCeMJc5KvC2gAHgCVjv6Hn7
-AKgY+rMAnRFIrjunb1Sh77542URoWAVmuPN0iEYEEBECAAYFAjzyIFQACgkQX180
-7qC7Pev9PgCfcW15D2cS4UTkn11BSqn+pgrA4KIAoKzLDc78X3OFDzVXTOvk8V89
-OshGiEYEEBECAAYFAj1uHIwACgkQKMb1a4F8NWhPPQCaAprFvggEHBTVR+KWzm0Z
-3l9ijLIAnAw2QtJ1Mlnz0ctNwSJwORM87/ARiEYEEBECAAYFAj2ERksACgkQ1Dyz
-BZX+yjSzyACgjUKL3CH2UYciEAarZU9H0ZYIIWQAnA6I1aJ0FgWiF2bd/jgWaBL2
-jtd4iEYEEBECAAYFAj2F5U4ACgkQdZc6ENbQhKbt/gCfblKSqJohqhaFawtXPs8T
-X1UqY/sAnjqwumhFN4YAAez36gItTB9BxcmJiEYEEBECAAYFAj43BmIACgkQkQgh
-ntzeiQqeGACfSyyIi1vPniQOq8xLfgjDxFkkVEYAoJSFbH8uhrwBMa8aOIRkjN9u
-RdY2iEYEEBECAAYFAj+Q/gMACgkQdt8qX2QD4/2lhwCgnv3QSQPCGbmTI67mtAxl
-9d4rZ4UAn1WXmoSknE2WYeqRUb6d4wAhG/jViEYEEBECAAYFAkCnUpQACgkQt+hx
-Iz4tn22gnwCfTWoR3vhEv0yp1Ks/vz7jow0Tw6QAn3YXgQn0DS9/9u7AyG5gjh18
-VLtuiEYEEBECAAYFAkCnUqEACgkQt+hxIz4tn22dOACgjeYArERuayyqZmozCahs
-gUyPihMAn0PkgZDTwKgSw690xdLuR2rWJrPQiEYEEBECAAYFAkGD05gACgkQ9oi/
-YaVie2EkhgCg582nMvFSTXDb/PdF0+kZTBQTCGQAmwSEka7EMzOzoCxEefZd+GQm
-EdcXiEYEEBECAAYFAkGGD60ACgkQ6gnEQD//YGyIWQCgruyF9KSG2GuqPVQIsizC
-CV8rjPcAnRQsBzfw9QLM960FP64YWUCqhYkYiEYEEhECAAYFAj0EW94ACgkQj/Ea
-xd/oD7Lv2ACfUACXl0hDfGeEdbGjhIa/hSaZCrkAmwV4SdeJnBoXV22VBEekmTfz
-HKHEiEYEExECAAYFAjyvU4oACgkQ6pxm6rn41tmEewCbB4FZ6z6dmSJ2epBIdeoS
-8KHLNhEAn2ZcUDKfuFpVVDuV/bMhpjbbHJRIiEYEExECAAYFAj0FswMACgkQoWMM
-j3Tgt2a46gCdFwSWzfEmyuvfjnmNPzCyvdO2R2cAoJRl1Ibl/2hPXjenl1f08pQL
-ThZAiEYEExECAAYFAj0GRB8ACgkQKb5dImj9VJ8FHACcDjdyCPMWjSbrXKCVFjDt
-uapl428AnRSI7e1VYRJcVdGmrAtmu360GrQpiEYEExECAAYFAj2J/ScACgkQ74J3
-yv6ZHpg4ogCgj8BllYTJEQ5sF62Qd2q9o2FNJ8cAn2K/7zpy9M/Oig+yIYofaN+5
-fnUUiEYEExECAAYFAj4ykiMACgkQaqtaJwF/Vr1MmgCfcNfOOm6/woHpEtuFVgYX
-vUh0tG4AnRTPBwdemHFViOojNJ0glWck/84ciEYEExECAAYFAkDa3nAACgkQRTxF
-SQIw1gIZCQCg/jjaczO/s9GkLq/kftPN8A6kLr8AoPwGlVzoq5yWxhgCkEMfV+KI
-tmDViEYEExECAAYFAkGE+RcACgkQ3ZHkUS+VgsFX/ACfRYBeswRWTHOdc4gLefxU
-VSGbj8wAnA3CWEF3MQOIpJQ5KSFLE2104h5riEYEExECAAYFAkGNFPwACgkQ+C5c
-wEsrK56k8QCguxJO7l5effxWbaYOgeVko8HiQ80AoKSJGsOZGx1nvQRKeRK/7DrZ
-bB2piEYEExECAAYFAkGqFTYACgkQztt/8ZMtg2MVMgCfZevJcAcVXa4hUUJSjkWo
-0j/b9MkAn2HZC4sNs9nMN1PvX95Ge39wfBEKiEYEExECAAYFAkIrN0cACgkQi0rE
-gawecV4jeQCdF+GUDJuQnCaFZqw6sNgZtol0UncAn1/VQvGDB0Or+JItHnUlCU98
-URNXiEkEExECAAkFAkGD3AUCBwAACgkQQSganqDijRh6lQCgmgm1rqgdF3qYuDQn
-/S1vFxggwpIAn1htaL3fD6o4LnT/8BIm6K6tPGPWiEwEEBECAAwFAj0BE/8Fgwa1
-sWoACgkQFBE43aPkXWatjQCdF96DM2kdreTGbWTKjTMTuwB3AtYAoOxTFERoyUCn
-7nTsufD4QpxIkJCiiEwEEBECAAwFAj2GAuUFgwYwwoQACgkQU+KFTgvh8OP+lgCf
-TLjRfVihRNQQ/MVIuHttesX/s/4An1ZBth8G2EvCfiOU2KoOjl3MZUJ4iEwEEBEC
-AAwFAj+ObrAFgwQoVrkACgkQCmLlNDenkUkzjQCeIR3z4h7TMEeNI9Sy5/4Sgclj
-9WsAoK9yVbdDuWQJQh/ZBUpx0GjxMSW1iEwEEBECAAwFAj+SeAcFgwQkTWIACgkQ
-78vN/2HwW4xfggCgg+yTSXldBhvFoDXoAeOwcC74YqkAn0b+tC5AZ2BQkg0vJXZ6
-tFXuOvhaiEwEEBECAAwFAkCoZL4FgwmwcCoACgkQEgljnRFKqFxfngCfbXYSsBtM
-M5hcUCsnm9IvyCmMhgAAnjtDe7q+5cW/JmzE3illB+u8fc9DiEwEEBECAAwFAkC/
-Rz8FgwmZjakACgkQ2S0k392WXIP5uwCfTlmW1u9U3nck5mCo6DeTHNTmUvkAn2jn
-jXhvqKoLfS2ERRwQlFFAw6NRiEwEEBECAAwFAkDbVF4Fgwl9gIoACgkQ9ijrk0dD
-IGxiBQCeJIrdN0kFT16KL4COSILMmcjVxygAni6OinWWNJqCk+k+BNIvKpm+QKm2
-iEwEEBECAAwFAkDxIncFgwlnsnEACgkQkvv9V4b8pZK7gACgwOU8kI9ZBzryS+Hx
-AeWEo4WjeC8Anjl67/wgPGr4XAS/XA1xmWzRwZiPiEwEEBECAAwFAkGsm40Fgwis
-OVsACgkQLEmBxMM0hsB4NgCeLxvQw1g9MSpWY9+2VbSK/4vNd4EAnicGGKdS3Zy4
-8E4GBZr62ZmWjr/iiEwEEBECAAwFAkHCEoIFgwiWwmYACgkQGFnQH2d7oezd+QCe
-JzuPIHb2H/PX1R9NYqC6z+63wFsAmgJUX4Ei+WzKGs2r8LVtIo03nc/niEwEEBEC
-AAwFAkHCKOAFgwiWrAgACgkQgcL36+ITtpJ6eQCfQ5aTW9WLJNVWTdp4fi618YDd
-nNEAn36Vz84EsZ0gpO0Je9S+geCrffj6iEwEEBECAAwFAkHCKTAFgwiWq7gACgkQ
-a3Ds2V3D9HOXdgCg91Pqo7tiv00Je9XoTIJq82ug6gsAn2Q37v0WzuggX1xyzDSR
-7oxz77owiEwEEBECAAwFAkIi82wFgwg14XwACgkQ2KgHx8zsInvpsgCfdHcjOaK7
-aK1MBAYBaWwkK4rfd7kAoKxblxsQzllz7sLvFbK7xG2ipuNJiEwEEBECAAwFAkIo
-ngEFgwgwNucACgkQLADuUthSlVgXawCcCbstExBnVkd/fHvatuzJ3sJ0g0gAn1t1
-CmnaMwV/HVQlUhfqefYlVN3giEwEEBECAAwFAkJTjYsFgwgFR10ACgkQlvNNek/0
-hjUNPgCfRJZleAq/j/4tbek4A3/lhgXJha0An1aToz0bp8HSf2NBjW1euvf/4VZC
-iEwEEBECAAwFAkKYjoAFgwfARmgACgkQTbbnG4BhqDBuUgCgyBpzBy8k7OKzjiYr
-KMGIWZqiMiYAnjHdHdzo6dKcV+J3ef4hl3VcLqDfiEwEEBECAAwFAkK9MmEFgweb
-oocACgkQr2QksT29OyBNEACfbNEfltwRZ1RmZEkt9ZTwOJSli5gAn3brUt3vc1JI
-xs8dlkwHV1fSJpH8iEwEEBECAAwFAkK9RW4Fgwebj3oACgkQ62zWxYk/rQd1UACg
-wJNmfL/Cs6bYMFPC1dRrNsf2GtAAnR6K37k2u63FX1lbg4aSMLCcNviCiEwEEBEC
-AAwFAkLinZ0Fgwd2N0sACgkQ9D5yZjzIjAkhqgCgj/Uy+2Xvfw9FAwPdWSaC+o4A
-VUEAoIvJ06LeJppo5EQqEt1mc8bYV1UjiEwEEBECAAwFAkLlBZcFgwdzz1EACgkQ
-g2E6UBaCfQMWAwCgk0N+XcWaLDssH7wYu0EtOFW1kKUAn3Vq83yrmg+F4TvieNmP
-hhqTP6W2iEwEEhECAAwFAj5ecYsFgwVYU94ACgkQUF6IRyLnX0ugAwCgnZ5NnBWJ
-3j9/7slzg5Iy/pU6UesAoLaNJiUgVfg+h3uP4vUJhum91P/biEwEEhECAAwFAj97
-CToFgwQ7vC8ACgkQW7P1GVgWeRq/ZACeL6lVKkE1iFiC/YonlBzLqNAdVkgAoIBH
-8VYDXLRIgBpyfSdwc1YxTeDDiEwEEhECAAwFAj+P7j8FgwQm1yoACgkQKLKVw/Ru
-rbuqxACfb1X6tBq7g3z5HgfCXv2sm2gQI5sAn1JLb8gDxuSRcWMHulGZY0hZJfvy
-iEwEEhECAAwFAkCn2cEFgwmw+ycACgkQt5wosOl/hW1B0wCgiQGkFQEonh2cRtw1
-xXowakWqx/EAnjp2Du5T+xpOdf4O+JwV5DmtKqW+iEwEEhECAAwFAkGE6LYFgwjT
-7DIACgkQGKDMjVcGpLQO+QCgsc+A/SO9bY78+ul2KU+7SCcztq8AnRbnT0G0HnJd
-QYMffrLF5Ing2fP5iEwEEhECAAwFAkGxhHAFgwinUHgACgkQAVLWA9/qxLltoQCg
-24DNLxMnSOcPFPCNLTPkyyjyQu4AoIe0tZDEDS7mvM6RQaHREvCuFIOZiEwEEhEC
-AAwFAkKWAqQFgwfC0kQACgkQi5YpQ/wkPzzhMQCgj+rrxz3tJgTrmh3g3+5rIcWE
-EUYAnjKOFjzGL/7SyFlpehh0Xa3oO69WiEwEEhECAAwFAkLrbeoFgwdtZv4ACgkQ
-wm9wFgHGy4MQfQCffyaecfqcThyxP9FNgZ2Uz4pBwAEAnjMFgtk5JN6gZ+Ztgqe+
-YyYrGvvuiEwEEhECAAwFAkLw+X4Fgwdn22oACgkQWNqWrwuQEUHBCgCgn3XtRj5q
-JxudfYkec540HnkoerEAnR2x0A8LAA49rsbhCiLZlmTaaD67iEwEExECAAwFAj0H
-TRcFgwaveFIACgkQPGLK2OTUMk2IMgCfUXkZfmZrMFIiYO8F/naQMBs/94UAn2Xr
-f2uaISYrPudIbRkxYm+R2NrZiEwEExECAAwFAj14eLIFgwY+TLcACgkQ0BqcGU12
-bN6ruACgi2uFjh4Sy0Kjyd760dvfpa/9jtMAnjHyPQ0tHYSqSZDD9qaQvb/F3PlM
-iEwEExECAAwFAj15MRMFgwY9lFYACgkQcFxTidXBs1halQCgiR5GTSx4fSCqkikz
-rOOOXAonDVcAnRFQ13dmkjLcRy4E8bxLtm8xPyAdiEwEExECAAwFAj2DrfMFgwYz
-F3YACgkQAtbtIeMsT0ugzQCaA50Snyeu82nth0ikNVnzHD4W0eAAnA9WxGBmmpvW
-YOq5LOTy2fVe2P+EiEwEExECAAwFAj2F/AoFgwYwyV8ACgkQ9Wsmo6Y5nnPZcgCf
-UvxNXjoWYEsAYJz3z+MWDeGrfJQAn3slXF9ced2OAN3YgYZNTlIC7UUaiEwEExEC
-AAwFAj2IEOQFgwYutIUACgkQg2XL3N1NTv7QVACgr+C/P7gqGDupYTC21jl07mPf
-G/cAoLZ9zkmr1YF6Br7szUKksSan6fwtiEwEExECAAwFAj2IOwAFgwYuimkACgkQ
-Hb1edYOZ4buWMwCff0YYdFZ7gdc1qjCaeXDhCfLe0OAAn1OJuZ/eKGk+i0V/ScLp
-OMLn/SCCiEwEExECAAwFAj22wZ4FgwYAA8sACgkQVkEm8inxm9HyigCfaNbjyIlH
-YA9cAv8sLkz5uHRoTe4AnRyDPfAFiBPZZhwJNDlmTEColXL/iEwEExECAAwFAj72
-Ip0FgwTAoswACgkQofbulCQLTD21TQCfcKuy3MEjJRrikDBgKtpIP1at2cQAmwRl
-ZNeKOT0UJ4RNt2piAHqTD47giEwEExECAAwFAj72z7wFgwS/9a0ACgkQBYtazUQc
-X4H/jgCfaQXW+LvjoJacVNYrdxhXUYx2a+4AoMQV/y+zjcnaNRbZTH6unq4fBDB5
-iEwEExECAAwFAj8AnloFgwS2Jw8ACgkQMozWs+vCdRW8xQCeJLRNfZLO7twP4DnA
-saP9wNdsI+AAoKChEzuM19HrksvckWmBVafawaPRiEwEExECAAwFAj8Fq5cFgwSx
-GdIACgkQTrg06OLM8A+J1wCgmucpP9rc1NjzPHDFNcQokRbp/REAnRvctW/8AwDa
-H/btQjPtXgQGCbrPiEwEExECAAwFAj+PlHgFgwQnMPEACgkQbHYXjKDtmC0gWwCg
-rfQwM+i6i82wTcXx8LRPVHm//88AnjOiqMYKpGj4cpkwdX2nhUlZEyGOiEwEExEC
-AAwFAj+QUxgFgwQmclEACgkQnQioDO2QjWrbcwCeNw1qkRaDRy3/fl41K0F7fbCq
-q58AnRXqq6031t7zmMdmZDvFlB5M6uFXiEwEExECAAwFAj+Qbb4FgwQmV6sACgkQ
-lSxWI2ynbPR51wCgkZpbx8pnoqj6mmXrUQgJSce7eRMAoJcbGZ0ls3JXAJRD5y0P
-YzznxLIriEwEExECAAwFAj+RGicFgwQlq0IACgkQ46aNyqaY2pkmnQCeLsrSrn63
-Mnhc7lwklc3UHlYHQLwAniZuyemrUEsU0fdQKHdafHg471iPiEwEExECAAwFAj+S
-mrkFgwQkKrAACgkQtamfe9tFLSc5AwCfaA0hJcLIfm1Eek+X2hs01q3f2lMAn04y
-qK1H85hZ+77goaEBj2YEEiYsiEwEExECAAwFAj+TKtsFgwQjmo4ACgkQrSAagZQ6
-Xw5tYQCbBE8yHKPJrUivqIYiVJL8y7voOqAAoJc/HBTNTrRSxyjK7nPmyBYlbY8m
-iEwEExECAAwFAj+UBecFgwQiv4IACgkQOiUrvZ0kS1UvJwCg2Lw5xCu5/pUTEFEr
-cShPUDM3uDIAoNLDQt61O5Wego+ez43N2N8doSqFiEwEExECAAwFAj+VCZoFgwQh
-u88ACgkQTDL5CJndlGiZvgCgiM3ez6j21lBLfJnMIKhGMrMhW/gAn0WLirWDnek/
-f9iDEMVcGMEnwOOciEwEExECAAwFAj+cMmsFgwQakv4ACgkQNgJWU6vgsQY8MQCc
-DE5hjYq9uHuyC7ZnBg47a5BkVdsAoNxLfUY6DeCekwPu3e+3qJsbwib7iEwEExEC
-AAwFAj/UdIUFgwPiUOQACgkQW5ql+IAeqTKRqACfd21FYGEziCv14kLK2bD6ghb8
-0jUAni5XNqaFLg8i+0bg/MSQVf88ZQKziEwEExECAAwFAkDcUg4Fgwl8gtoACgkQ
-zQ+com69o1nN6gCfUXjD5LUESFXa08Px3pbfXidXAuAAoMJ1/H/oFgcer7t+tACN
-2vC8GGYsiEwEExECAAwFAkDkGbAFgwl0uzgACgkQHckf8471INHpVQCfV67np1ke
-Bn20I5JABN5Swm51B+EAnRxMBVbypQcppBhdWnxQadrjhHVqiEwEExECAAwFAkDu
-oKIFgwlqNEYACgkQyA90Wa3Cns2o+wCgjBXhs2mEn9HFs5F8WR4AdTpWp0UAnj/Q
-ls/ZRkcy/RAfAN12XgHOkpyciEwEExECAAwFAkENp5kFgwlLLU8ACgkQK6gmAsLO
-gJlWDQCfe7E7rcFCn9xuL5Rh9MDVVueAJY4AoIL6CdZIlgg9Lt/HG2dDFgwPwbkG
-iEwEExECAAwFAkEYu4wFgwlAGVwACgkQ1W4oD4nfjasGFACgyTFOT3NMOo7DObxu
-lYi+WtYriqUAn1Y740hi4fWeByAn5qoUj8brf24piEwEExECAAwFAkEiMZoFgwk2
-o04ACgkQ+FmQsCSK63O7vwCePBtM5gchuVC3gXAMO7r1A/le76AAoIMM0oq6wuiH
-nT/dUAG858Cw09t0iEwEExECAAwFAkGA8OwFgwjX4/wACgkQsYn2tNI6QchEuQCe
-N/pbbqMBzHuAfWO/g9QfmlmVIW0An2WQXrXoE3xnVp2C85BtML2phOWPiEwEExEC
-AAwFAkGEAf8FgwjU0ukACgkQTjypAm4rQ9yB6ACfYnJx27fjxYsq+5UfQEemQt2V
-O3cAnApE8yUw0B3ZpqCyfRo8JQIb/cJUiEwEExECAAwFAkGEkIoFgwjURF4ACgkQ
-lPH09zrL0iMiigCcCIbdWZPauTvF4Pn724WxH6Qed5EAmwcodEzOE/rElE7fqScR
-mudd8Ur7iEwEExECAAwFAkGEvnwFgwjUFmwACgkQTbPZ7n9FhNqFGgCeNgwyzTJY
-1OABEu/EoBXEUOENxdMAnA6Ul/yxKQihc39VvKQfpdwPGUhRiEwEExECAAwFAkGE
-6B8FgwjT7MkACgkQLMilaHDIrOVJxQCeIJI+GgF1UfUOjkYsjkq260Q72OUAoL0e
-kc/ixpvh4Vs0j1q9Wx0fpQUwiEwEExECAAwFAkGFRwQFgwjTjeQACgkQDecnbV4F
-d/JDbACfW5h+kLB3Y0wokkr/sxy8RFXwp9kAnjMs2yoVbG2ZbkHQV2ZODRF66zuM
-iEwEExECAAwFAkGFVkIFgwjTfqYACgkQqI/9z8xhHubw1wCfWLT8UnjyRQIuxGPP
-WjtGVeezdP4An2GJa9XsZW3yv2eOPAsP93+npZtdiEwEExECAAwFAkGFXLkFgwjT
-eC8ACgkQT6RVPNdrU1mZHgCgq9+wyMgDr96Ism0gY9OxSqMA+88Ani8EIVnKhI6t
-rTzgZLZDrZ5pdzDuiEwEExECAAwFAkGG8eAFgwjR4wgACgkQbHYXjKDtmC3wYACg
-1f05WHi83tg/PMHoBkqlngdDIuIAoK7KZ/to5FrkfNphn6Zo0fozB1n0iEwEExEC
-AAwFAkGHwbsFgwjREy0ACgkQVm02LO4Jd+iS0wCfbUWuTf4DZrjdua5kNdfvk65g
-ojgAoLHPPvTdAlVKacX/rnPD7c36LfuYiEwEExECAAwFAkGH6+oFgwjQ6P4ACgkQ
-TTx8oVVPtMYoQQCfXmZAzk9EjL3qPz50zZgSUO8l3m4An0Xoqn603NHFaHfbBKdt
-WGijlgl5iEwEExECAAwFAkGMPFkFgwjMmI8ACgkQiSG13M0VqIMbDQCfSxC8XNls
-eJ9VQ50GJ66KwSDljmMAn33ApYFWTs8qa/EBIQSgqPlVEBO/iEwEExECAAwFAkGS
-MFkFgwjGpI8ACgkQ/2R3A0yRcenRkgCbB5vYhB0cv0S9X1y54Ci1KmaMDNkAnjeO
-H5rAZQsOQZXoDJPzHNrjYpLciEwEExECAAwFAkGTrb0FgwjFJysACgkQ1mvqN8E/
-x7b7ygCaAyFqMIKTMqQYuQ7hnGpMTx7FPmoAoJtfYoL1pFmVZ5Mhwkv9GFUee+HH
-iEwEExECAAwFAkGZWWUFgwi/e4MACgkQSvFUKpY6VLAkgACgiL8te7hejTXfDXRI
-OAZeVzd76/cAoJbmj0tdYt2QGc3j/4yMnmXrKPC/iEwEExECAAwFAkGc8GEFgwi7
-5IcACgkQV5nlLYTPmpDPdACfbASh9WQ47r2zzcVcjlfbvsz2VvgAn0KtwOo73pm3
-e7aPO/mYlLsP4V9iiEwEExECAAwFAkGqMckFgwiuox8ACgkQdDpVTOTwh9cWbgCf
-aMETpI9v6LZgWuTCzE7DceGsuW8AoIcBSwWGF0XkXpRYcvXfjvAg57+piEwEExEC
-AAwFAkGrJUQFgwitr6QACgkQzop515gBbccEhwCfZhBXUVoNKDbW5mpYGxfKrMfS
-cIgAnj0XoOlYmWWNN1hlKoSQrZSvh4FFiEwEExECAAwFAkG3PJoFgwihmE4ACgkQ
-EfLcQ8rmNEIRiwCgpAzSttJZSiGIffSr4/dixsFUVxAAoIwnyzPthchrUSMR10Av
-PAu8Czm9iEwEExECAAwFAkG4HyoFgwigtb4ACgkQ5Vyxg0d4n7u8mQCfdQ++3anp
-pXuhZp6cQIp1DCCz56AAnRA9B/n9ah1wL+IMjoBhFvgSW7JLiEwEExECAAwFAkG4
-K9cFgwigqREACgkQ4We9YdVB4USYCgCeLsm06Ov/Yoi9lfn4UB0IX3qwBFgAoIPE
-VT2gGxQYua51y70pjVYG6t4eiEwEExECAAwFAkG4Wg0FgwigetsACgkQBMQfNs0k
-hKmYzACfZgUeTlimmFrhBDEV6SsslxvVIGUAoKZR9c4+kfE0+BJ069AUZBkkeRKG
-iEwEExECAAwFAkG5dt4FgwifXgoACgkQPrq84hvwIdMBbgCeJhjUvC1klrCPhWqK
-hyfoKJE+hWYAnitsOnNDnjkKDdKta+mrdL23iPD5iEwEExECAAwFAkHCqnIFgwiW
-KnYACgkQPG1Ayb4vCvZS9ACfROLs6kU6Z93eoFUJl5H1M3U/L3sAoIgAGfCxQ3sA
-DvFiYg11GTGnDzffiEwEExECAAwFAkHq47IFgwht8TYACgkQvdkzt4X+wX/UgACf
-eM81+Z/SliH++ZzOmy5ZR9ljTo8AnA5DGAsPAbdU7j1NN0NXUg53dNvkiEwEExEC
-AAwFAkIIjHoFgwhQSG4ACgkQIqUcje1P4MASOwCeLyBkToAQ+3Bvup4B9POq1xip
-ZNgAnAui9pLAdwaGAZ8w5PFxuS2GoXxEiEwEExECAAwFAkI2qnwFgwgiKmwACgkQ
-1cW3Q8Sn6j4gRACfQWmnt2z+J0tB79JQ50hNEVrYuKEAoNAe1Y5xlLlDTSKJmnwj
-qnN0qaeriFsEExECABsFAjbtSOoFCQzJfIADCwoDAxUDAgMWAgECF4AACgkQXeJJ
-llsDWKK11gCfUgltInjqS+wGOrxfjiGjJsNmVtYAoJLaNHln4KYwLlYOo16kdcB7
-dqUDiF4EExECAB4DCwoDAxUDAgMWAgECF4ACGQEFAkBd2egFCRNri/8ACgkQXeJJ
-llsDCRDs0gCgy5RdOqhFvwUFYWj+dHb4LGt7xi0AoKduFxGMuM/loPShQnjvk/VV
-FesAiIMEExECAEMFAkKVnMMFgwfDOCU2Gmh0dHA6Ly93d3cudmFuaGV1c2Rlbi5j
-b20vcGdwLWtleS1zaWduaW5nLXBvbGljeS5odG1sAAoJEDAZDowfKNiuNUAAnjPH
-ZE2+qGvOkOkRYAmqCFMXw9euAJ4lr8dHPg0y8xeNH8M6rSswZaeHT4kAlQMFEDuB
-4BNSrOsu06QsYQEB6AYD/iRZgJ2U+hTGt879PPwLW1y7dQFbjMHqbyyM7eml9ZbC
-+m+jqNvMsniFCR5qvStMgbXuUZGGpd41mL5+vqF0wwM00nBQe+rr5grY2oMPCSEJ
-RNtHEamOsbc4GP59nrwbUhA7MKPSrPCvh9bvh+XQ7MSlar9eVBkqvnYmKdaKI1io
-iKIEEwECAAwFAj+WOcoFgwQgi58ACgkQ4WdUde/jR61yvQQAghvUxGu+fWc6RUEZ
-nrQ8n69FOPRq+od8fiYNF5iSWfBon3hmT8IQi3vRFbqCcKsd7fn+rl2zZjFU5f7S
-uzaF8+hODuH7B/jK+bW/dnhpgDRZyvmZMtLpeAOPh3IkrGEeknV1LeTZcRJnbGTZ
-iSu3LS8E/AVuSXmmj+2tXXBzSFKJARUDBRA3Q97TUoBXRHZTQB0BAchxB/9iTH4O
-9RoIshiUysQgMpncn9o9snx+sCO/NiSuAVleHNBP1d/Kvo6SGLJYoVfbfLPMNVyu
-Z4jGi8JQjsgVjpAz93nIevhjz7Xwd3JpS9oUvPej1mdWnUB4AnkKQfN+5+eso9Gk
-7OC9cWq20lU9tpVMDIlOj8GHR9kYfJ4fBbzdCGbG5Z9pzo+96gDUMzX5ZrHlChdV
-4eHJPMi60XeK+mpocQFQH3GBUSTeM3Sy93JoYJLdAA2ZcwMF5xI8HRx8u0rwCZNX
-nDTgPaRbDiW7587n3dWn7Pwmxu/CPtCQ4YO+WdjcKvHio7CqojtM8/7xuclkp3Wb
-1pE1s9w929ca9SHdiQEVAwUQOcqYVhpPhku+30gxAQGDOwgAjoKCGePm8h7g2edN
-YGosrPTMcZ8PNCMETXMZozgCbEd5oWvotRaZnta2CZyj/u5gOrE7z8XR2PNttenu
-HVDii5y0KwaaTR12/wrp9VJ61wLy/4zncnx/C9Nwg/Mu9Y2bMS8EuL16yWNrm6Yx
-prWsaaYy7G251NI7cseXcVnuAowzm6k8ovEwCAqVl4s7EUibNQQCuDgH4idUdr41
-0fDnpUalpvsGYf1wqhs93RbjU7pNEaLmnlz8zESHYaev+JpMVAfnw/jjWp97xyCu
-al75xrc/aj93anrobvU/sSKCDbteDzW9xYyjqZGu2npn+rBR4iUHZf9j/glwT0PV
-nH/jf4kBHAQTAQIABgUCQQm8qwAKCRAz/XFX/s5mTm10B/wK4tRztfYKQVVYYl3r
-duOE1rEntFEP3yV0H5qkIlPrXNi3j2hgOiUEBNDgFpuJ9rSz7IZ3GcIGlP2IlT9O
-icGwpabAtoB81S8rJKkzI+bBLCK2J1xJslIdjk2FO1u+KjLu1gu3RZYaYPc3bETX
-XmtECI2h5hNazvDw+QS1JTIkqr/vhl3TY9JAxiLwNBWn30phh8kRzvRJh1EI584v
-RVb7nTSd6PYpnpoEskJbXyAc+BV2QLPk95oj52MweGADFNv3uuyUq2WH9H1KP3Mn
-wNReTy++woQfLzobHHMyBr4ccC4uKlqOmBcZ+kkmEjxrJTRALelu2quUhpR7a0tc
-qFxSiQGiBBMBAgAMBQJBhRYSBYMI077WAAoJENJkZhEZk6qtGSkL/0qaizY3Ix+h
-wNj+UAN8sGhPLYNGSnPCgLyLMceByJP7fpF96Try6wIYsVAsXdltuC6wEsDNjIc7
-4FCduAc0HfhnJ5Yu3ciJ/DvR//vlbnE1pp+RysVf7V3CVNxLgOdfSBd76tgktcfb
-sh+R+qKR4JtWjojkET+XAOrCDYNj8P3nNxHzzYO9UHSBsNzrm46RBFNxtETh0nDx
-mgzfu6i2vpSwoRMbi/39VGlHJNYoA7itVZfZx8FebJA9KcirRDGtWcofsUhWWfnQ
-A2K+ahPIx+N0xVzuxjKZoXbkSC+LFwzaoYFUE6OcFsBkUY40QhCNKIWUX3kSZVUW
-ro6WuwMltQAkXG+03awShgpciqzZ3o+Oro8zmMoESJl9c5oUWuIfJwHpvrw7UrAr
-cZLdf6bcOjHlJqGv2XSRJIxeiUtLghPrZF8pqN7j58yL94QC7PsQLsRkcgGLp9aS
-v87O7XzGU9nlyOS7wR56pQPClpTO8tm6ckquKh7T5jIqnszVh2t4yYkCIgQQAQIA
-DAUCQcIpbgWDCJaregAKCRCq4+bOZqFEaCX4D/4kRmZ8eDsYuKrw8OS0yUK3PI9k
-4wyBGxUQmuJKgXFRAbCkUpATHvRh6ZXquWFSVbgkay3cfbGLfZWiT7TAz+k3eiVS
-tm/Mk88pqlTfu2pUq0/5bpqJF9zt/L/i2aY/030A4l5gsEccCsdy5F1FXQPbYGFT
-vjtPJx8hMstAG761HhaOib/A2O8jd7f8elZMGSTubtsFJ1/K2Po6sy/3ylJlfo/F
-zgvqTJYju4IPsIrq44D3k4kQDMahU2W4k6crQncV7w2wqC0zxmuZIuCio1wyvYG3
-ey/pjNfrOemSuA/gmmN38uBJM+vEQIPnUdJslc9H2eH4rVKFEQZuqUk+HUdwVQhJ
-KfwaMmSiGj4PeXphtFc6a3lqfhsiN+7lOnzk0dRMCxZEMgLjIC6pGquJ610zsYGR
-b/viXDUliNBJod7CeOHRH653/00U9aaqh1Km2He+BWmtZt+Kzw10YUm8oox0/E6X
-lE4EL8p/LP1uv8vbaGzTVxX5NIr9gVhrnOVDHHXtlFZxatg7ZLuSNkK6oiqsR2yn
-xk2ysmTQEzyi20UFxnH8ICsUyRyEDbJlbewQPtJRnknpV6QhsUA6bVytyYYA3RkJ
-qSDojEgAgz5LL+Zhm1Ttz9ccwxJY6/ZevzlScNrFxPnzmaotfWPgFis0yF+PLZGT
-uf/gssj8yYMAWhhtBJkBogQ3OvfdEQQAw/+RYsI0gH0jpxd1Y6dsbupdOX+dmT/U
-5Hha81a/nTrEP/vOIjx83r26zigtSXBDr+zrMTh18Xu2CYLOogsLcE6ayhdzMes6
-OSd57S7WmoWufFEQOB1+28aaLFyzI0XW6MpnCPYJVS3mVrMr48My2jWL0jitpZMs
-cjGy5i4afSsAoIwpCTjZRgFmv7Gflb+BGVUuEnOlBADBZ0X//+VHI1zZTApL8VhG
-n7bt2EB/u5INdQ2wc29m1zqQB8T3rU5//5csVlTvW6i2w4gDHIAlIRNxvvdPNIPX
-t/jYIXQwM//UDAc5IN0DEOXT5rMklel/mw7yVYfejiY5W4SxYhiGW3D4ybwKYQ7l
-atQBBHYmGWLPE/YAjxdKFgP+LqWWdZ5KV6clKp43AkUk73hDMvGnl8Z/Vv2M+waj
-66/MbJJdBgUW/Pu2NJGasxVSK8q36EXj9pNB0K8FVrx6u2eANEdrWj9MO/cchQ3s
-C3I3et1N568qqnXOu/7mV1yVHJfS8sQc2tptMTneb7usmXAF5+OziUOcS7ukwSEX
-nJy0Nk1hcmN1cyBCcmlua21hbm4gPE1hcmN1cy5Ccmlua21hbm5AcnVoci11bmkt
-Ym9jaHVtLmRlPohgBBMRAgAYAwsKAwMVAwIDFgIBAheABQI/gWcwAhkBABIHZUdQ
-RwABAQkQwKTLuYeXhWkpeQCdGJrYN/uT05T+grdci+zzNebybfYAmgK2OjM0TLkD
-SZeSjVgKEx6tG7wltBBNYXJjdXMgQnJpbmttYW5uiFUEExECABUFAjc6990DCwoD
-AxUDAgMWAgECF4AACgkQwKTLuYeXhWlAywCdGYJpwUWVH0GGNZ39SAt5NzOerMcA
-n2Nfqz0v/sdr0mMPNbSziGNUevyBtCVNYXJjdXMgQnJpbmttYW5uIDxicmlua21k
-QGRlYmlhbi5vcmc+iF0EExECABUFAjc6+dkDCwoDAxUDAgMWAgECF4AAEgkQwKTL
-uYeXhWkHZUdQRwABAbX/AJ47R66dq4o3vobMe3LqOHhXEdWeUACfTvV0bshBX3MI
-bIY53lhOnqkNvVS0IE1hcmN1cyBCcmlua21hbm4gPG1iQGcxMGNvZGUuZGU+iF8E
-ExECABcFAjxw+b0FCwcKAwQDFQMCAxYCAQIXgAASCRDApMu5h5eFaQdlR1BHAAEB
-jmYAni0grvGxgcgSuXK3vzLErIkfFK+jAJ9OfvRc1QinOAydyujUX5roXM/opLQh
-TWFyY3VzIEJyaW5rbWFubiA8bWJAZzEwY29kZS5jb20+iGYEExECAB4FAjx7ebMC
-GwMGCwcKAwQCAxUDAgMWAgECHgECF4AAEgkQwKTLuYeXhWkHZUdQRwABAZRBAJ4o
-xvVUX6skfJud8oKoYvy0l/ArGQCePXVckzHYxtiuH7NsDTesxWN2Jx25Ag0ENzr5
-dhAIAKcsu8SB0lBBOxYbd/oX0mirpH6wmQCE9p+GAsUA84pj9xE+beb7hWlBLGeD
-mfDWLoel7AsD7vVCciK7u/3I5XDPWE57TIJht0F4pfQ58p90EK2qqIxrVkmj8L51
-ohy0rot2VuklO/+2SlYj7a+wApfwPU9hkBCKmoQKbMNbkeX1C9O6cAOwa3bLyhd+
-5ZwVKtbsFXO08dkEmR0g7i0+jOzKVZdTAzE2uLg/3m58Uy9g3UMxhg4tbWZrS0Hs
-cWdZXoAjo/cw3nC6utaZSy582gxpGXf4D7DjmUOW9AwkDbPZFuHCyYRrpO/Q+4kQ
-vKTkDIi6m3w1P9eGm7eq7ds3Wu8AAwUH/j8DBqWtXC2m1G+9nsj9bUuYtC5OMKyi
-9MRiwbrCdlkR/q7hRgpvojxiui6M69s5raBIDa+3k2mAHVHqfR+7QC+n4KTXIXHO
-rN4GHD6jlEDwnVrylqawMFAgCRutD7ipTPffJ9G5cHqPLuBJo57P49uR+DZ+lpng
-qr4XTRMW9k95RkM5I7GnUU+13Tj54AzThi4se1leKYQjWBYQLbi//MOFZ8EpPeAd
-P4nNCULHRNj0wix4U7hwEBWKHndFSrQKypwotIsTnoyfme2JdArcr532tD8+3miV
-NHqd2BiRYInQRCGsVaLKzEs79sxMreBpv2qp+LCLWZ6V4QMaInonLdmITgQYEQIA
-BgUCNzr5dgASCRDApMu5h5eFaQdlR1BHAAEBnD0Anif1Vuv+XbRwwHOnUyvytsWJ
-WeMYAJ9+8bxaWB4D8NDgqzYSzcgpCWdF1biOBERAD/ABBAClEc+ggo3tKaaLNJSQ
-E+C6sUQjjqXQnFgOengMBFio5Ur7+si8DK9iKolgk6HuIYFH6MeCmFvURicKoclY
-MVGKGx8mc3iq7awBIrU4j74Rj5XiXjeMui/jHggH90bf/ouHNcTTsHX5kziweTdq
-WVYo7Agjdh5ckv6cYqlg8/+DSQAg/KqjY4hJBBgRAgAJBQJEQA/wAhsgAAoJEMCk
-y7mHl4VpGNgAn2cLCf57hXUddxvbPBgtWX4WyPxDAJ9fg38QhJrqfK9+z+zL2pZ7
-GqGrdIhGBBARAgAGBQI3eHY0AAoJEHEtyVg9xXb3TzMAnR0w/cs3O5FAaFw+aVSD
-k9uUJP6yAJ9loILfam+WveF+MrGnusXsDvf93YhGBBARAgAGBQI3eRy6AAoJEDdA
-fgkueqrNIqgAniqrGi+nLmBPc/iORHs3j8yMnN2oAJ9xp5U/RAYg2iPtlROY0EXk
-pvqYL4hGBBARAgAGBQI3jxN5AAoJEKnmZ/8mzHhTgkgAoNlFm5PawxyMGlXB0yNN
-tWu7iGuHAJ9gH6O2TKuIj7fYloIoBLke1F3uXIhGBBARAgAGBQI7QP/MAAoJEHkW
-Lzb39qrZZMgAn04SZfDYEEO0H8+5/pkG3Z1J68AbAJ9hyy44uuT9q+5pvcEllbkl
-yEYtaIhGBBARAgAGBQI7QQXvAAoJEDv2CcaLr829DjAAoNQfXgbkxwImu4O3D53P
-p6Yw+dn9AKCoXLfEm6zS+k3dDRiulTpJ94NMSIhGBBARAgAGBQI7SG89AAoJEOd1
-4yTbQbOHoFoAoJxye0ZLZnOzejGbaAjddDnFFrRFAJ9JiefttTviGzVcZNYi6x9m
-IU3uKYhGBBARAgAGBQI7SzZQAAoJEA6nVrUUSEP1/PAAn1fjkC9n6gLfWZFiD9h2
-5rtlx8NqAJ9+GN3xGvYw5oJkrkK6E/hyJKcI+YhGBBARAgAGBQI7S1hbAAoJECtK
-7KmxIjWtboYAniB0KO+NBf7tH6jfR4atZfB9oJEYAKDUsALj1UN3GoCKQVxBPYWy
-nYA9w4hGBBARAgAGBQI7UsBUAAoJEPHSzMhJehdtJRwAn1ZW50Mgvhp5Eo6mt+rM
-Mgwy2cJ5AJsEuWt5hQhJBhn704ZjghvziiAfoIhGBBARAgAGBQI7Yxq8AAoJEI8f
-38m84JQ2t9wAnR9xQ46nFf/hQzZZCLVWNvtKuxN3AJ0bCgAa4eqwqB5hg/yuNPEz
-FbwhqIhGBBARAgAGBQI8bmBGAAoJEIeVOB4bvrhK6WMAn3ZhE2bM5T2GaF/Fh8Tp
-EIVVQ3FKAJ0Q9Uwjr/Epn/57Yit+lmbMfnVijIhGBBARAgAGBQI8cRerAAoJEJss
-h2hy8fIND28An1Z5Hls+Jskp6DbiIfGErYHYcjaPAKCW1DtpYhFK2uV4Pza37KWi
-lvx4cYhGBBARAgAGBQI8cUClAAoJEDoapjWQmlQG7xkAn0bSTKB3BHl66795wtmR
-doFKZ614AJ42rgO2IJG5XRh/+/jrcGjztvsBSYhGBBARAgAGBQI8dK6yAAoJENGj
-7q+v0QrPm3wAoIe0Co9vlKf6gwjz4Yky9BiXvYyCAJ9m923YzjngFMGB47gqKmS3
-U4IIYohGBBARAgAGBQI8e3KdAAoJEG74r8KGV0rKYiwAniujSnXrQZ2eNGC+mXTS
-oLBEWmzjAJ0Zk27daFO6GUgfwM92bu6XW3ZeT4hGBBARAgAGBQI8fUKyAAoJECwY
-oCq0xfN/PrQAniShB8M6BMHsw3rOuIvxOc3XbAv5AKCYx7ubF1eWysuTN7GyrUZB
-44Z8QIhGBBARAgAGBQI8jL2vAAoJEIW5kHXCkQ5BtCIAoInMgQPBUeS3wW2kq6/H
-Cv5f+S/iAKCrl00OZZomz14dgloHRsz8169iKIhGBBARAgAGBQI9Bsd9AAoJEIy7
-QVMRS68RLqIAniJuMJxQyTaBG1jqO1WN78OXrBMNAJ95cE8pmb0CEMax3jmm3qwJ
-ReaZj4hGBBARAgAGBQI9KMbSAAoJEHw7eXCIx8H3MKoAnj8ejnMUKjC5koe6wJtc
-9LVJT0RpAKCIzW4B7a9CLQ5fz8hPQRvsWRP/o4hGBBARAgAGBQI9KMbdAAoJECdl
-aNdcYVOt6iUAoJuvqfjsSHKGO49j2NrKZMJ67CRdAJ0fnfurvWJ3uQIqruDSQZWH
-p8KYu4hGBBARAgAGBQI9MZAnAAoJEBjNJaUi84rziG0Anj2uvYByl0PC5AdxzFLk
-XXp5dk8pAJ49YzZVnhkMBMPAO0Sm/QI63vBvs4hGBBARAgAGBQI9MuXOAAoJEFCP
-02O8k2g5ZSMAoN4H5EETb1cMQs17fGuL1joMtVLuAJ45UH/ZE+AZLSWAdfe9dDFO
-ZQnkAIhGBBARAgAGBQI9Noz9AAoJEJEIIZ7c3okKP0MAn0EOq7NUy8WKGo1KV/EZ
-n5xqKUiUAJwLjZ+oDrBSqK0DUiyLjjOEIU9VmIhGBBARAgAGBQI9PHAWAAoJEIRj
-NbghwGWY11AAoInXmR/k8Ne9PdwnYSFOE5E4qmmRAJsG+HisIophbRek8Gv/+JJU
-Kua4fohGBBARAgAGBQI9T4h+AAoJEFSPWeucFDVdf0UAniptwdlWlYCFFfKW/pnz
-Dd8FHGWyAKCHM7EKGExVSBggS85+fw4SfBooJohGBBARAgAGBQI9UvZFAAoJEJUz
-dHX4v2Q6fr8An1koj58GE8xW9THsD+MWOUQ7mCC8AJ0ZmZKZ2SLfkPiabIMT2SzF
-w1pivohGBBARAgAGBQI9tOMPAAoJEFKS90Pr1ZNrDF8AoJSdILy4qjGGbQlliBCq
-pWE2shTdAJ0bMLGPV22bdiCAb+ClRTUf+N30zYhGBBARAgAGBQI9vAmLAAoJEKjd
-nYDckq4wdJ0An2EyKrDlGADPuTxalNV9Jl3lk3LzAJ99srXCSn1Q/yiZ4QRN09bG
-+E3QMohGBBARAgAGBQI9vJT9AAoJEDbPukR4kWuEUlgAn38GC0wC5e52psalECLX
-tbhSe5TPAJ94pkrDtmSHfiDzc4wcTHZyTkBx4IhGBBARAgAGBQI9yzuyAAoJEAmU
-kfeRsNO3mSAAnAhDCThzCLAeYLmJuaqEdgUsXuBMAJ9CqoF4TxYaGjLCrvi1BNwm
-k1WsS4hGBBARAgAGBQI+MbfNAAoJEO7w2zSzISYDinoAn0oHAHeQNngKkgOzsYWa
-0yylqnLZAJ0Uw/vXC85jTknV0mnQVdq2gPjK6YhGBBARAgAGBQI+SvTqAAoJEJh2
-iWGe0QG/ozEAoMCIqXaTTFCIxKnv4F+EbB80OdkSAJ97SDPfLqiJzAMXG6lvjHDa
-rw3XdIhGBBARAgAGBQI/UOXyAAoJEJFazEWo9ML9ZBMAn35HFpq2xA/wWHM7Xu4S
-roXw4R4fAJ4lFCPx04BnsgssRiaE031lZQuv0YhGBBARAgAGBQJBfAG5AAoJEBhZ
-0B9ne6HsqnEAn3HyxNjfzzEVjzLoy0XZ+ZQ5hP9/AJoDLUzLUkc2fLXnjVzBlm8g
-ZkAcQ4hGBBARAgAGBQJBfBJgAAoJEIHC9+viE7aSrCgAn2EuRkEC/AiVvXodTQWk
-S5YS3DclAJ0ZkaSD/AB1dfba4ew+eJq1ZhFH1ohGBBARAgAGBQJBfBK4AAoJEGtw
-7Nldw/RzcSoAnRvnV5SsgKsmKVogURBP10GMeWz/AJ44hk9u/COHiSetWHPT6PIH
-72vUeohGBBARAgAGBQJCKNAAAAoJELZr9ntxA8Xa4A8AoLOrStPezgIdnhfSDc53
-3a6f3krSAJ9zJFv7eYIDceXsrBNAVGbKXiEA9IhGBBARAgAGBQJCXCq4AAoJECqL
-xADARsA5ez0AnjIC2fOR4A4laWtCc8DeaeCv+luuAKDhzoNo0SdivuqPXvMYZTZ7
-LFixiIhGBBARAgAGBQJEEXJjAAoJEBJ2JBfPBQjsGUYAnArkZVd+f8AsuxVJJ2/Z
-6HmWOEGpAKCj6YVSBxQBpyoX3dl5TH98CHnbkohGBBIRAgAGBQI9J19CAAoJEAsP
-KSnfge6DXRsAoIDfyLevFYw2Nyfp4OZlB9IUZH5tAJ9bSlzv7sZ7vBiiVgYbYddy
-6U6+hIhGBBIRAgAGBQI/GXHjAAoJEDMLA4tsY3Rt3AIAoLCm358o91ksXqe9TEgy
-qEouaO+YAJoC7eKWbnMe+zOncqmkIe92+3RIeohGBBIRAgAGBQJBi+CkAAoJENvD
-6/wz4/5WsSQAni0OEioU1TqooxTW2d6FocGs+eZ+AJ9byIvaBCapruL0gLAxejwd
-FIrU+ohGBBMRAgAGBQI9BOe4AAoJEHFe1qB+e4rJCI4Ani/RIDLie4DJBD5vcOQl
-XkQ/B0boAJ9Gs8lCM5RJ5Md1WIlPvaLLff6YpYhGBBMRAgAGBQI9NJl7AAoJEDm2
-Yqiv44FpnHcAn2RrMkIIuRwWS+olbhI29rqLOYQcAJ96OTzBv9HnLQk97MgrIk0u
-MTEoC4hGBBMRAgAGBQI9tWUKAAoJEMuWmJRMxwhdbz8An0jDzVqVBr3R8Paca3YG
-rkg/B57VAJ42uzjJS7+2gWdvSCIPbfNqyzJUM4hGBBMRAgAGBQI9tkNMAAoJELLT
-fwi1TAkwUw8An0XpAx/1YVEIAl/bBUh8vQNVfXQ+AJ9ZqEEth2Qm/btpLG21+9PN
-CQimwohGBBMRAgAGBQI9vG9/AAoJEC4s9nt3lqYLkZwAoKliHAv9tlFYFquFB6Uo
-NyJYRRVeAJ9/askE+TClHgOeX/tAutVWTeVgyohGBBMRAgAGBQI9vczLAAoJECn4
-5GVniJZfCtUAn3fwEjTyMPsSkMACHZlRwTKJTn+MAJ9RJGFw+H4SOfcFyzQl26OQ
-xUDla4hGBBMRAgAGBQI9zVX8AAoJEO9n+8dii45pisgAoIlvGenK8VWdjEHdJ9Iq
-zbsVQybaAJ9fR0pBQQF/VSq0iLz0UNfitcs4F4hGBBMRAgAGBQI+SY57AAoJEN56
-r26UwJx/9lYAoOVoRTgMTEI2mPFriutraU32X23OAJ9JwE+eS9nTIOmicFcKL3Nu
-tCQTUIhGBBMRAgAGBQI/hFB8AAoJEMUUr45LpAHDePsAoNyxJbmjCjwi4sPKFF3B
-0Mf2gn2xAKCtEVTTWYUILahVdnjru7PmlHlCIohGBBMRAgAGBQJBcnkMAAoJEE97
-8oSv+wwXC/8AnigNNsG2wTGZSPyaEwk2hYwNxzvhAJ49XlqwWx0yp3NRxzR3R7lo
-cjcozYhGBBMRAgAGBQJCM5T6AAoJEOSLZbVLOU9+BAEAoJmB1Ghp0atCi86bnLcr
-vxLBVJQOAJ47shbjSakiqp7V89s45voH0JZUdYhGBBMRAgAGBQJEEK6PAAoJEL7C
-TATaqJiSTCIAoIE+Fx+fKPJYDhl2YoDdFKyJub3OAJ9IGj6D2KN4UMhhYhBMXEMR
-7pAFmIhdBBMRAgAVBQI3OvnBAwsKAwMVAwIDFgIBAheAABIJEMCky7mHl4VpB2VH
-UEcAAQG3FQCfZy6nZ6K2JJ3p8jnNjP+KnCgBf6IAn3WumBB9RjfvYCPL7EkOWhGR
-J21NiQCVAwUQOHtkh0wn7WU2580JAQHcGQQAij9e1yHjYezeVWVhWhjg07qEfc/V
-5PVQ5u5KW7zW0ztS8RtTIaaJaI8lLnJMV6gj5cx991GzaL4+nD0Hn+XpDacNGnO6
-vTlel4xrvcRJetC5dD6kd/vvb+mKiVwHbK+bF4hiBzbsreJ2T0HUEVKoSz1Wpbhr
-EO2h5N3fPdHKDh6JASIEEAECAAwFAkKczAUFAwASdQAACgkQlxC4m8pXrXzJaQf+
-Nn46e4Gu7Jsj0iBOECOFTHCYwvCtBXYSiAJ2qNbVQ4G9zHCW25nMcmnCxoT5LISX
-buvTpw5wSvDOlIsJtDvAfVK48SXXqoMJ5S/0oj6nJKJllMCGHEIhjCHyvWWVk79Z
-pit5glaUBfG/mYqs07fm6KuYQ8Zt6kB0Sl8igdE/fozRkoUgeIjNUbVqLvr0JXz1
-TCRjQmlwzqc0Pgi/Hb5dbVBh6v3hXK0ELN6jvaNenxz2yDGIgJsI7g2etofHLGQj
-g/pKkAnoHHs7/EeteY94Owz/5SwM7U3dfQ2rKq0Ff+U1UNpnnyQOjMc/xSODFA5R
-q2vB0HeoGmoxBXQjvB+Pi4kCHAQQAQIABgUCQXwTXwAKCRCq4+bOZqFEaJ8SEACo
-zWbFSR5Va3uz7ycxX8Ca6CT0RUyPFXgGfOH1TbvSKsW1Mfbqv/TL1RNI1yHZtAd5
-i8NGLCBsr/bJDZ/HYNdvGjWGKjklcFFjMDiGF/Q4c3CYSLl3JbFyovIX2Vd2FWxf
-PoLFdBRQL8AJkcZSXgkSFUPaqkZ2HUGDbzoCM9H7u9tScmDYjhBnhlWQuFoy5wjp
-baxAidZtcG4yccXfQtuJZKvyPwEp0TFUb1w2hKW7akS0i+wHcZpXlS2qqs2z/Bsy
-0YqNYR2K6qBmbbVkuWiBGYatDyuSBD0XyoE1hcuFX92qt6KfMYgV5sjcwiGE/di7
-Bw1KbZfW4UKhvlJMYtCLncfkR/6qPNA2W4xAh2QDklSeR+W0gsTe2H817y9ud7+7
-xOnMC0u+QGFqXLzRA2O77oMfNFvi+3BvxS9kI+8PBP/aU/e7iGYGnOguvsZqv8NL
-IbEX37AfK03w7G+WdhW8WuseXIjQzshpsE4JNY0vRyfaKCsaVjqkS4Nm3fXsC3KL
-72FzZBLAhZ+650xce11DwshqffGPYrz9WDRC545AdTp2dzw3/XnH/GMJyjZs9mSB
-zUsJ4MkLo+zO0tAguNnL2Olr1H34fmAJkgDT1C1ieLBmRlSiujyfd/xNEnugKAzJ
-4qworARVplLRhhYtuTD+txWkxDUmOnu26DMnulpQSriOBERAEBQBBADTb0UqApeh
-0QVKA86Vdw0FcbCj7//sD2EtgMYWFm6pQx/9j/7om2gMkaEFaJ/qylQci0P35Vdj
-lBTuwt7a4bnLHqdcMMImfI1RiziGrGnU4dXupizQ/jkgZZs+De9JKM3G0u0Tl20+
-Nuqz/rIyDkhxRqu3uRD7CkzYb6sG3EnJkQAgwuBLPYhJBBgRAgAJBQJEQBAUAhsC
-AAoJEMCky7mHl4Vp/3EAn3lLjZHnh5J8vDPX0EfXTiaCxcRwAJ9mXDiOfaSXENw+
-uZGLREwJhEeZxIjnBBgRAgAJAhsCBQJGlKAIAKidIAQZAQIABgUCRpSgAQAKCRD7
-iGK9/NKik3GsA/9kPscavUwGxHQuxeY8DpMF/kYBxY2cupj/JCEymaxZpA5ErBt0
-k3y0P2mNPy1FLmAO8zmr8M7/ehrwinMzYZuNY6o7pc7ldxtRsLnTcM4pRfM/9LKq
-hXz4vFx5W5Qulb92uUnt4qBmepSikFAIajfEDGRjl91b37Sa8/nfkXWZxAkQwKTL
-uYeXhWkzwgCfQaaSyjLGy3WIyGuMVzLdlmuaHtQAn21yptlhrgcvevUDTI6gLyom
-emvvuI4EREAQLgEEANcDmpVzzww3xczTgL8ekK+Tr9hiwvEhtLkUtPtCQVxEVri7
-HvF0U78T5ep59Ex9I8lfGjBmUtJ1T1cFXRnbYys/+HMO8DEbUdoiRTLet3+mR/ek
-2own7avqokaCSO1xr3n6Km02drp7H9HyUlOC+QKhP6FvtdhIpd4Hi7WQyJUdACD1
-VIwTiEkEGBECAAkFAkRAEC4CGwwACgkQwKTLuYeXhWmi1wCeIyRDSxYXMi2CmZYR
-SkmOdAtG+tkAn0KyfLD/DbjXYGLUqIAU3fvZ88UWmQGiBDpU6CcRBADCT/tGpBu0
-EHpjd3G11QtkTWYnihZDBdenjYV2EvotgRZAj5h4ewprq1u/zqzGBYpiYL/9j+5X
-DFcoWF24bzsUmHXsbDSiv+XEyQND1GUdx4wVcEY5rNjkArX06XuZzObvXFXOvqRj
-6LskePtw3xLf5uj8jPN0Nf6YKnhfGIHRWQCg/0UAr3hMK6zcA/egvWRGsm9dJecD
-/18XWekzt5JJeK3febJO/3Mwe43O6VNOxmMpGWOYTrhivyOb/ZLgLedqX+MeXHGd
-GroARZ+kxYq/a9y5jNcivD+EyN+IiNDPD64rl00FNZksx7dijD89PbIULDCtUpps
-2J0gk5inR+yzinf+jDyFnn5UEHI2rPFLUbXWHJXJcp0UBACBkzDdesPjEVXZdTRT
-Lk0sfiWEdcBM/5GpNswMlK4A7A6iqJoSNJ4pO5Qq6PYOwDFqGir19WEfoTyHW0kx
-ipnVbvq4q2vAhSIKOqNEJGxg4DTEKecf3xCdJ0kW8dVSogHDH/c+Q4+RFQq/31ae
-v3HDy20YayxAE94BWIsKkhaMyohhBB8RAgAhBQI6VPBbAgcAFwyAET/HMgQdI+nq
-Zt21AJydvCHfdNxhAAoJEMdGNjmy13leV7gAoKHV2q0XEP8GJkyp0/V5lgbwBmBM
-AJ9TtVfw2khoaZ3LNV2tINSjj0Alp7QiUGhpbGlwIFIuIFppbW1lcm1hbm4gPHBy
-ekBtaXQuZWR1PohdBBARAgAVBQI6VOgnBQsJCAcDAhkBBRsDAAAAABIJEMdGNjmy
-13leB2VHUEcAAQFWUQCfWWfTDHzSezrDawgN2Z4Qb7dHKooAoJyVnm61utdRsdLr
-2e6QnV5Z0yjjtCJQaGlsaXAgUi4gWmltbWVybWFubiA8cHJ6QGFjbS5vcmc+iE4E
-EBECAAYFAjpU6LcAEgkQx0Y2ObLXeV4HZUdQRwABARPJAKDmKL2Aeo6OWwcZKyqS
-WLD4drQxfgCguJ7k7XEuQr+tL0ndoin0RSQTkCHRzH//AAANOgEQAAEBAAAAAAAA
-AAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQ
-Dg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/
-2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7
-Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACQAHgDASIAAhEBAxEB/8QAHwAAAQUB
-AQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQID
-AAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0
-NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKT
-lJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl
-5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL
-/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHB
-CSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpj
-ZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
-uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIR
-AxEAPwDqKXFKDSEgDJOBXSeeHaoJrqKIfMwqleanyUi/Osi4udqNLM+EUZJNNIlv
-sakuqjnYazbzxKlopLOHYfwqa5S/8QvOxjtyY1z17msqWZpGAzuz1wP61LmuhrGk
-3udHceO9RL4gSNB6EbjVU+Ndd3YEir9UFc+nLYC49jWhbt5UW0RIGbpyKzuzbliu
-huWfjnUw377ypQv3vk2/rXVaV4o07VFCiUQzd43P8j3rzVpnLESIgHoopZJIYIxP
-Dg89Vb7tNSZLppnsIIYAggj1FKa4XQ/G7r5dvexI0R4WVTgj6jpXbxyrNGskZ3Iw
-yCD1FWncxaa3F24oNLRTJIyKKecUUwHjrWbql2Y/3KHk9a084HPauZu7gTXLseme
-KEgkyLmuS8TaqXmNlG3yofnweprp7qdba1lnbpGhavPH3yN5rH55DuJNKo9LF0Y3
-d2T2sTt+8dflPQYzk1twaJK8AeVCxfkKOMVBo1qJLmJSPkHzH3ru4bRJlXjFc7Z2
-JXOBudBlIyEYAevaq8FkLRsld5J69xXpDaNC5PByffAqlJ4b8wkFiPTjpSci/ZnA
-3cXDbmcsRkEmoILGWYkpu9zXfjwkzgGUqVHtWhbaFbWyjEa7vYUlIfszy+e1uLEh
-njfY3Xjiu28EeJZJ3XSpxuVUzFJ3Hsa0dU02IwMCgI78VxEcB0nxAnlOUDfPGfQ1
-pF6mNSN0eu0lQ2c4ubOKYfxoGqatjjG0UtFMQTsFgdj2U1zGB2OfwroNTcrZPjvx
-XP5pxJkZniF9miz5/iwv61xA+aUDOR3x3rq/F0hWwhjH8cmT+ArmIIvNmSJeD61l
-U3OqivdOn0KNTPuU5xxgdBXZ2TAIOe1YGj2ItLYYGTitSK7ghchpBk9hWD1OqKsb
-Ccke1WkdcYIFUYZo3I2uDn0q2FIIx3pGy1JHAJAAHNVpCu4kcCpFJaZgOiioJm2v
-t6E9KQzPvZAUIHNcL4jjC3Fq/cOR+FdtdHnHrXH+JSjMmexP8qqLMah1vgq4kuPD
-NuZc5jLRgnuAeK3s+lYng2PZ4YtAeSdx5/3jW5XUtjzpbsaTRSniimSUdZmCwrF3
-bmsWtDWj/pKD/ZrNzVLYh7lTVbCG8tQ1wGKKTgoeR71yGmWNzPdpLb/NsfOG4yK7
-2+XfoU20Y8uJmJPucf41geG38wSMRwpCiuVu8nc9JRUYRSNoXqiHywjJOy/LH1J9
-hWcraeFBup0jnI3FVXcfyrYvoEmsSdoLqQQ2ORyKVdDRcmNEORz2P51m20aRjcy5
-L0mKIWmpWpVc8mHa2M8c960NP1q9hjYSSJMy85wentg/zph0OSCJ47UCNJAA4JBz
-+lVv7NayUlV3DG04bGc1Dl2NIxstTootVaMFlaEmY4UEkZ9hVPUtZS2lU3Aj3DjC
-PnH8qp60vkWVrDHkMoULjocVizRXDxB41aSbJLh1BUjtjvmmmEtDVk8QWLLuD89g
-3Ga5bxDceY0Ei5AJY4PrV9mit40juNPXbIPneNSNp+hrLvdO86SGCJsB5Pl3N68Y
-FXFmMr9T0vw2mzw7YjrmEH8+a06itYkhto4kXasaBQPoKkNdR57EPSig0UyTH1sE
-XSHsVrNzW7q1uZoBIvVKwqtbEvcfefPoN1GpADR4ye3P/wBesDQEaJHU93PFbNzP
-5em3K7S25OlZumxFGXBGc5I9zya5ZRs2ehCfMkdJbqs0LRN91hg1pQQtDCBKPMI4
-3L396yLeTax7VdGrJbqRlWfsDWLZ1xWhPcXFvEhZoZRj8vzqghM9woMe1B8yoe3u
-feo5pDcobiW4Tcpyq54H1qGDW0aXeFUhOCVOaSa6ltE2twubZZlHzQsGA9aW1WC6
-gVwVdT09foaj1PXbaeLy1CqzcbV706ygiZQs4aFnGUkjOD9D60SaYK4XenW5iJ2c
-/WucVJX1qzEfOJlUH6cmupeJY1w11Iw9OP8ACsSNgNegRFyC/AA6Zq6aVznr6RO3
-4Hako5PUYorrPMENFIaKACQZiYY6iuWcFZCp7Gur61z+qQ+TclscNzTiTIoyLvjZ
-emQRVLTTifyygUr156VezmsbUDLY3YlDYSQ8H0qaqujWhK0jo2woDk8DrXOs8l9e
-TeQHI3EgjkYqpca4fLMcbEMoxyeM07RL42t+vmk7W6iuJxaPRTTdh10bpVMDu0eT
-yDnp9aq2drdfaFaNhgckKwBxXaXKwtH52wEDuRWNJqVgGKPbINo5YDrSTNuWK3Zg
-38N48m9iS2SQA2cYq9aapdJCIblnjKn5WHar32GzuxvjTAPYHFJq7W1qkEPAbpgU
-eRMlbZlqHUjdW2cguDg46fWl0KJ7jxIWIysEe4nHeq1oYYrNSD0GcVueFICIbi6Y
-YM0mVz/d7VtSWpy15e6dATSGkJpO2a6ThFJoppNFAhj3MUf3mFZGqXUdy6BMELU8
-GiXExDXcu0d1Xk1p2+nQWw/cwgH+83JqrWFqznorC7nGUgYL/ebgfrVfVdGa80h1
-UZlQFlx3xXXT7RE67yXI7dKrImxAw7c090C0dzxIFkk2SZznByav2skk0qFDzjLH
-0xXVeLvBzMx1CxA2Ocso7E1xdtI9rO6SDb2NcjXQ9BSuro7bT74y2z2rNkA4znNS
-tpNreyGZTtJTHXpXJR3ptFUhyNwzx61oQeIvs8flocnGCcVm1Y3jNPc04mTSRKGc
-Nj7g+lc5qN897dPcHg54x2FNu9Qku5Bu4XJp+m6Re61MIrZDsj5eRuFH1pxjqROf
-3Gr4etLnVL0LyE6s3YCvRLeFLW3SFOFRQBVHQ9Ihs7IxIoL5yzdCTV4xvE3D/g4r
-qjCyPPnPmdyQkH8aCaZv28suPXHNKGBGQc07MgDn6UUhNFAGmqHkscewpjnJ4qZh
-lKZjJ/CmXYrtFhSzDkn+lMWPAGOhHFXJUypHr/hUUe0t5ZHJGV/qKLisJDtKmNgC
-p4wen0rl/EPgS0ut09rFjOSUX7y+49R7V1DJ5b5/hNVtb1mHRdHlvJ2xtwqcZyx6
-Cs5JM0hJpnkWoaBeW0525aMHA/wqrBoWoXMwSOI7mOABySa6ifW9W1KASBLe3twe
-bhgCfwNNi8XQ6XgpKbmXp+7iChvbNYdTp5tNCzpHw6uSY5dRnVVz80SHJI9zXZix
-tdOsRDaQpDHnhVHU+tSWFyL6yjnG5RIPmRuGQ91PuDQd1zc4AyqV0xSRySk5bkcc
-eyMHkHOanWN2HJyOvNSiIAHPvUuAAvvxVXJsVli4IBwR1HrTXtznrjPtVhky+fUU
-7naCfUU7isUGhZejZ9sUVcdCxxjt1op6CsWs/u/ypFHzfhS9Bj3pT1yKg0FwGB/G
-q7Aq4YdRyKtIMg1E69PUYpDB8MgbsaxtZ05NYhXTp8i3kzvI6j0x/OtUuBGUP1qj
-JJ5CvczSrGicszHhR70xdTy7XLS60y8bR5jmKGMNERwHH96r3gfR7aZ5NZvFL/Z3
-2wRkcbgMlj9M8VDqeo22t+JZL2V3Fq37qM9DtAxn8Sa6fwtAunatPprOJLe5Tzrd
-/cDDD8ufwrFW5rGzb5Tb0xwLad1BCtIWAIx1AqzCjIAwOGPWoogzyunyhSR90VfE
-f9DW2xh1IP3jORk9anVG8sbjyKfgA09edwouFiJ+GH4il2ZUjvQ/b609SN2KYC4A
-GexopkzHyyB1ooSBs//ZiE4EEBECAAYFAjpWjyIAEgkQx0Y2ObLXeV4HZUdQRwAB
-AQfRAKCSnx3toHhFsCAaIsCRkmFdI4Hn9gCbBDKIqvBEjybcnaBW+iZufcjAzsfR
-zNf/AAANkgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgABAQAAAQABAAD/2wBD
-AAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIfIiEmKzcvJik0KSEiMEEx
-NDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7
-Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCACPAHUD
-ASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA
-AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAk
-M2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlq
-c3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXG
-x8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEB
-AQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
-BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5
-OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaX
-mJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq
-8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2aiiigAooooAKyNb8S6boUZN1Lulx8sS/
-eP8Ah+NZXjbxcdCt/sdjh7+UdcjES+p968fvLyW6leaa4mmlY5kkL4AP1qXLsaQh
-fVnc6l8TdSncrYRRW6Zx03t/L+lYsvjjXnA8zUZY8nI2kr/QVzlu0b8+S2R/HvJN
-WFgAYuwDFuvJ/lzms2/M2UbdDrLPxlrETK51CRxn7sm1gfzrs9F8b2d8ix3v+jyn
-+Ij5T/hXkQj8gZX5hnlCMZq9YShm8vzDt7HuDQm0KUUz3ZHWRQ6MGU9CDkGnV5VZ
-6xf6FJ5qTlY8/Mh5Vh9K77QNfi1uEkJskUZI7EeorRSuYyjY16KKKogKKKKACiii
-gArO17VU0XR575sFkXCKf4mPQVo1wHxXvfJ0yztw+N8hdh3IHA/nSew4q7PNdT1G
-a9vpLi4kaaaRyWY8KDRYWCXkuG5Qc+gzWe8mWAUYz19TW9pbGJAScZ6msJuyO2nG
-7NOPTrcxhAMdOmOKp3eg36OWsw0qY4x2rVgkynIyfrite0bKDBrBNo3aOOtvDWr3
-dwPPjEKDOS1dJbeFJYY/3UqKxGC5TJ/Wt+Fdx4HNaMUSlM9yK1TbMJ2RwWo+GtXe
-MiaZLlByCo2mpvCOpTaDrKpdEmA/KxIwVz612rR4PPWue13T4RcwXBUBWYI5A6Z6
-GmpNMmyasejghgCDkHkGlrD8J3ck+lfZ5m3SWreXu/vL/Cfy/lW5XQnc5GrMKKKK
-YgooooAK8j+LF4ZNchtmACQQjGDySefy6V6jqeowaVp099cnEcK7j7+grwXxjq1x
-r2ovqYRUV8DaCTtA7VMmtjWnBv3jMgjM0wAUnFbcCtHGFHOevtUek2RisUmkwS3O
-4HIqeWTaP3e0HPzMemfwrmk7s7oWSuatk7BQG71v28OFUpjHt2rj7XWreH91NLGW
-PQ7W/qK6bTdYs5IgFuI8njGajlsPmubtrmMGVuAo5q7GxWMcZBH51nmVDaIqMpEr
-DJB7VcWf98Y+wXg9jVowlqTtIpGP6Vj+KNv/AAj1y4xuUAr9cjFajHnHWsvxG6DS
-ij8h3H6c0yUW/Aju/n7xg7Rn6gkV2Fc14Lg22MszD53IBPf1rpa6I7HNLcKKKKok
-KKKKAOQ+JchHhuOIMR5twufoATXkjOkjqqAHLYAzxXq3xLikl0uzKAkCYg49SvFe
-YR2htbqKJyN3JODnNc837zO6l/DSNOLeijyuy7cEZzVG50jUbsmWKTamTny1GRzV
-4TAPtUZ+la2nyJbBWmZogScBhgfnWN7G9jmrfR7/AM7ZJdq8GDw8Suf6VRtXubfU
-FjMZR8jATjP0r0jfbMM7ULHvgVyl3BFPreICruTglTwvPr60+buKK1NeKe5S3W5l
-iaNmHBTgKfU//WpJ/E13bYVJxM+MnEYyK25LKNtPtkPCK4U/TNYF94IinuWfcUVj
-uDxnBBpITa7GppvitLnalxZzRseN6pkE/TtUviOVbmC0jhdSGk+b26VlGz1PSpkE
-Vz9sthgGN/vr7hq6PT7Qajq9os4ZI0BfYB1AOcH/AD3rSOrsYzVlc6bQrZrXR4Ed
-drldzD3P+RWjRRXUcQUUUUAFFFFAGN4r06bU9Blhtl3TIQ6qOrY7D8K8fvraW31J
-VmR0ZQPlYYI/Cvea8q+IVi0PiFrgnImjBUY/P+VZTj1OijP7JyP2n/SMnPB9eldX
-pV/5kIRsbfQ9K4yTMbhmyMnvUg1FoGYyI4THAXoPT+dYONztckkb2v69ZwSJa29q
-gLf6ybYPlHt7+9Q6JdWA1NWgYBMdBXOzTf2id0aFg3anW+l3Fkv2tmcL1A/wo5VY
-Sl9x6+ghnswgcEOOcdvemWs7zQHgSMjFGK+oNcZpd/Kl5Ct1JMIVAOA+M/WtGzu1
-0nXHWObdbXZ8xCT3PVTSuRyHTymN1QeUSwYcba1dHt1W5Z2xvVOg9z/9YVmC583G
-OM9BWtoTectzN/CZNi+4H/661p2uc9S6ia1FFFdBzBRRRQAUUVi6x4v0HQwft2ox
-K4/5ZodzfkOn40AbVcX8SrHdo6akg+e2ba2P7p/+v/OsDVvjhYws0elaZLO3Z5m2
-g/gM/wA6525+I+t+IQ+n3ywQ290rDy0jwQMZHJOetS9jSKdzm7i+USAlhkZ56Dr1
-rd0vy5o9r4cuvzcg54rjLzNvcFMY55xW3od8FKx4GR8zMemazlG6N4zfMap02KC6
-bEcTJ6Nx+tbumPYyRrb/AL+Jc/dBEig+wYcU20FtqSguuMcZ7mtCx8PrDMZGkJVG
-yB/Kuf1Oly7Ej6XcyebgQ3IZTtdl2OD26cViw2lxeSrayYTyzklTnbg9veun1LUU
-021IDb5Dwi+vvXOaVfIJZJN4LF8YHuadmTzHTqZEt/3eTIFwg7lu1dnpdn9g06K3
-7gZb6nrXn0mvWujeVqOoI8ltG6/LHyS3b/Gu20TxRo3iCMNp16kj4yYm+Vx/wE10
-U1ZHJWd3oa9FFFamAUUUUAeF+KPijqurI0Fq32K3PaJvmP1avPbi5kuZCWJOTyfW
-mzOzNinwxBRuPXtSNCe3hSIBiMv/ACp1vcbdThkbp5gz9KYzEL9agcE7vXND1Hex
-s6raecSVA3jkZ71nWdy1qWjkG3sQRWlBdi8tQ+cuvyuPcVFMsc3yyrz2P/16yi2t
-GdE4p+8jWsfEMNsU3H7vf+92rdt/FyiI4Zcnt6GvPmsyv3HB46k4zUiQTRKF3gAH
-Od3ehwi9SVOSVrHT6nrjzSYMgJUjknOKgsZnS4MrMVRerY/zk1mafAly2W3SAclg
-NoNWPNaW+kUDbFF8qovQHufr/hVqFkTzXNG+v3v5T5oxGq4WM9AKxlMlheCS1leN
-kO5CrYI59a0XOPvAfX1rN1OPPIB5TB+lUSekeF/ipNEqWutKbhBwJ1Hzj6jv/nrX
-pWnaxp2rRCSxu4pwRnCtyPqOor5ht5G3Dca2bW+mtXEkEzxsDkMuQaCeVM+kqK8W
-sPiPr1rB5bXImx0MqbiPxoouTyM80jh8xyxHyg1KVx1qxEEeNfK5FI6euKZViq5I
-FJDGZA+Occ0sik9BVaYMqZUkFecjjFIksQtJZT7+iEjcPSt63W1mUNIRjFc9ZXhu
-D5FwQSwwre/oa3raW3+xlGwWPr1FRUj1RtSl0GmW1jdlWCNz2Y/40yCBNQZijq0a
-NtKp/X/P51nXk4RJdqYBPJJHJq74a2x6XM4I3NJyM46f5NaQgkyZVG9DRv7hNPsW
-8pQP4VA7k/8A66g06Hy7dcnJbkk9yetU9TZpr+KHnKfO2fXoK0LYqYh1x6ZqpPUm
-JKy45z+XaqV8AUQ89x06VeccHA6896rXSbrZj3Ug1JRjYKsQfXrVxX+Xg+4qCVQQ
-D0NOhJYcdTSEtGWVkIyFU/gtFJGEywbA568c0UFmUomil/dAtk9B3q/nzBjHTqKW
-BVjIPU45NMPDn3pkLQY6jBwRxTIoxJIE7HjmpW4/OmQcXC+maBdTG2FHdckFDxWp
-p7yyyu+eMcD/AGj3qpdLsvpAMdTWxpkQjsVfpn5j+NVFXZCIL6N5YhG5GeWA6laT
-w/c+TJLYy4Al5TI/iHb8v5VYlwblAW6qMZ9c1mztgSleCzAKR26c1T0dwL1sDNPN
-Oed7HafYcCr8MnlSAZwrdSfWobSLZCij0xRLlXHHDVBojSLZGSTz29KYFDK6nncM
-VHbTCSMqx+739RUJvWz+5A4/jbp+VIZSnGFOAOKbC3zZzjr0pbjvnkk9qihyZAB3
-4oFfU0IEO05BH9f0oq1hIkXIySKKBn//2YhGBBARAgAGBQI8ZiQyAAoJEMdGNjmy
-13leJSIAoIx0Ql/m4Gf4ZZeFQ1Of+zq6499DAKCHBzmIEtE740kuUl5HGNvCJ4Qb
-MLQtUGhpbGlwIFIuIFppbW1lcm1hbm4gPHByekBwaGlsemltbWVybWFubi5jb20+
-iEwEEBECAAwFAj6+zxoFCwkIBwMACgkQx0Y2ObLXeV4M5gCgnemzKjFcpG5MpeFC
-TjVg24ptLhsAn03rO14zwfdxKS9ZSuGLeBG+d/eUuQMNBDpU6CcQDADMHXdXJDhK
-4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebByHTh1+/bBc8SDESYrQ2DD4+jWCv2h
-KCYLrqmus2UPogBTAaB81qujEh76DyrOH3SET8rzF/OkQOnX0ne2Qi0CNsEmy2he
-nXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZCV7cIfwgXcqK61qlC8wXo+VMROU+2
-8W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyDvWXpF9Sh01D49Vlf3HZS
-Tz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5u/2RXscBqtNbno2gpXI6
-1Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98iLMcfFstjvbzySPAQ/Cl
-WxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlAGBGNfISnCnLWhsQDGcgH
-KXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqrol7DVelMMm8AAgIMAI1R
-XgrY9LqHnvhnc1oGwhB7mORU7jwxKiGMLqzb0KM+GVTv1xAhhaYGm41/CuhnrOW3
-LPpjYWbrlXQh+9WJxHvO8UUI6FqEy6TVyv5Cn3fo4wSr2wtkbFOMKWDCscZLtikx
-JmsQLtuk6YRGOjgX+fliYIckIfxDMI5z37zSCNUSweIlUAGsLzLKSMovnHVX89IC
-sThC0wtuQE8aZBg7DxvHqMIeg7jdCNTNupF8EwdmpZUnKgghkKn6fXdczj4079wN
-WxnxuNyHQsg7IytPzmfbjJ9dGU/SzsEWMubn0mOF/h2O4laKQlrBYROXKkDLzo5h
-FG7AJsjI1q4F5MrL5q9m8Xagu+nAfhSe52kLTr87SOSPaVCmf0QRTDXVHA7qyr3N
-hPABTIp6s3TRxsJ/KJmXTUIijRu1xM7qFArdzrs9qWgn2VUfz+Yfsu6qQwsMfm6C
-SnOZ53/xKit+pWRqSd7pviZHJIUIFdpVmgqYMfNwfahJIyEz17HKHp3OLVsa7ohU
-BBgRAgAMBQI6VOgnBRsMAAAAABIJEMdGNjmy13leB2VHUEcAAQHlbQCg+N+fI3bz
-qF9+fB50J5sFHVHM7hYAn0+9AfDl5ncnr4D7ReMDlYoIZwRRmQILBDxUyXkBEACg
-g6vxNPigg9FQz14CkPtR/dEq3sCjK1r4+2oyeoRno+pqZ6Z7ZfphgA/q5woweFAG
-Og17KD2WXegoQ5pXbFvP+w9j9zm3g59XzTRSzZgScelTibPnKy6g8r8GDAY6IQra
-R6pxe4297/NznqvRvKpTt5g1XP5LyjVBsEv9HAYJE1vyy10qSQRtEz3QunUzfELN
-C4kiYNMZOnmgaFeW4APIIhWDtrrxqW3Ofjp1K4DAhqcnayrfvYbOtqh0sxJ246kv
-Vc3Bc9pH6wDw/yub2deuPq6BZBLBJwrtu/20qD0nsZ9is/5j0aL1MZuVmr7xKYqe
-ehyzJ1WdpJK52qng9natYedS+GefKDIw1Jq7ppQNWfVduTNITFTF0JswggjQuPqK
-T8Td5GCywQWN/kGHbp6EdybiUXZ+9fp4eek0UB5M+srSwbkF4hQ0mBrqlsaoji4C
-uXjc0c+Zx1D0pGfqqBCmvEV1tLul3U8h0TzR4opUA8mLKegQp5cjh/dHz7zTPDxV
-gSr3blJ9FxI1Z69th/+jJj3q6joo3uW/5y8qQCrzdSCzs+TDEWwucZtJIuIhTct8
-AMPY/Ayt+Pf9jXfI+xSQgz3r7Eu5o+rEu02/cthaOc4b3KYDtNkjLKszgiext1BY
-Oq06R+Yyh2qgsg9azzkfudvvpwhCpJ7EOxcdaP3bxwAGKbQlRGF2aWQgTS4gU2hh
-dyA8ZHNoYXdAamFiYmVyd29ja3kuY29tPokCNAQTAQIAHgUCPFTJfAIbAwYLBwoD
-BAIDFQMCAxYCAQIeAQIXgAAKCRDbaY1xmSQlYCQ7D/9MCQd8s1ueGLy81tlxq5LB
-qnSo2cuNQsssxjnskxjbOJId08RdiOAh23fdKXm6T05vTAUAN8oJDsXoaI9jTPjo
-avQ8o/wj94zTm8ni1OoQkTw5wDOte0qbw1B4msSfmeImdC0opJoYz6Nyp+4OXHCW
-fhvmOvAbBvwuchC726NyhGXCzDlfNqFysphgc/epR93AbOHiNKQ0/oJTWaxR0KeG
-j2K+ihOsKx/Tl/0pXVfo7zobAzO+UelHpvH4VMcnaxo2pjIn6eMyDxP4WuiyiqdL
-D3PZI6R6PotPfIdtzCmKJzAXBW4SIBp9ZHdFXs8P5E8oYKBbnO1TDSAtYG8EnqGk
-bbZvCVfd0Utz4miEpvv0EukdoAoqSLz7ZKStrM2jlQNIVVRFbA89srSAZYSGN3s4
-TA3LSxmDaw4Z6gRWBhOtuAeIfhLQ+QTC9h8aqyfWt2nP+4qA8du0FHJANopeBfJo
-vz/4sSx4z0PkbQqUS9lnPxqoNqyqUzP1Ocpg7f8yFYvY28Xsc25c4ImI4ADxlo4r
-/sK00k/vxcGUhg7wE0Xy9r+Rp31GMyUpMd3zF5uD2/qNhd9vVxKM7sWDZuDjczOJ
-yodWjp2DdZWqe+AOvapAvPCQIwWc++Y/xOgina1V8uqadA+Ntc0+jhTM/E3smOfL
-3A0cJIMKSYaU4kfTts6h2rkCDQQ8VMsEEAgA7lKuNHz6iYb+2pAZbxrjp5AHV86p
-btVJQBWpGWkGLERGb6w2hYTL8YXr7JgteBmy1a/+l5ZYjnZFQ8603eZRC1g+/krr
-uWmfiJxE/HtHVcVSDUxXNJiE67DpSdGPf8icIx3c91Xkui9ifS3VMSj1ezWLm5/O
-YF1utTQ5QiwrvzTuaCs8jWDUzxI77FczQYQELuDmHevde4Ke66MeWCJabs9OQ6i6
-1vurJrj1WQQ9pvXOzcbdoQFtAF/vGK82rnr0p5cDyes3S5lCKC4nIhvokHotCf63
-YUU6afG9OLp/ASlcp2h21vmtDp7xSg6D7Ivn5cHtHnBvChG6vjQ9IO5gdwADBQgA
-nNF7z5VcV00LbYQxN1vX77iKwJ1aEZVSYMrJnvthtJPM5alAsOQRRe85pgZsBfd2
-xgKbDZFsQaPei+n59nMPTxl68YsrYOWaBe9IRnEKBYIHSVwDAGsEdxyOKgphNO7c
-QKcpRWdeqi9FQ11cWVLZrSqChmT9Z6uYGLDabKwAhYl6TrEQ2J9OzM586LARZHb8
-m2MOcGrla+XZZannjEVfaei5on8IuhOLalx/vx74C1qLi9B1fI/JyCsJlMQujkDr
-pz80hwIyavutLB9TdQZn8TuNqL/m7cpU1YMbNIa/1Ow2Cio7zrhr/FvTX4KgMaGq
-6ukx7qWDDbME96BF57IMtIkCIgQYAQIADAUCPFTLBAUJEswDAAAKCRDbaY1xmSQl
-YPGsD/40gsxyQv4M8BFfPgnPEOYlSEBwpibr+XRdq7q98n3F9ZlXjJHq74RhX6ao
-tL10wpeMb6fcFKhmaMu8Nhx4PUP9+h11I7EwmMeLn2prG/sSbsgCY4tsEW08NbDz
-cXdj6+KvekpE6lYmOa4ORQTEODx81d9R8DxcqUCYHYn+iYMbEDnBZmHgPc5hkGvB
-Nj2F+dGs4n0iBvxFSBoTSzHb9XksG3/cq8DdW59McJw1/nTyN2kLIvGjNqSeV+2P
-2oeh5NRJAHs9X5W+Zar+sqvlHDa1e0jq2SrMhWdOD1qgTX3BzFyuhWW3IJLdcyFE
-p6NsC/L2eJdkWwclT1xhEvm8LEsB21ndE2UNpIjOUcdFvEnYa84Di8ZpIvEvngG6
-q9tm5K14DXZYQczsN+rrOXgTYfxbEuCzpFCg1DZaRQmWkXcywzo7F2YUgw1nFe9T
-lIrLJgXZcjg+ho3UNmquVr+qNV1IzYCkE6I70J/Q3fuXOfVdM2V0JQTaWfBOUFow
-wVNyzI5XSl8TTwslsGN8roEAGBR33JwhBy6TldhErnR1pvIOVt0kkGXbEqIIYONv
-fsdd2LIFZUfyegh8oFCJNDmKObKnuVyZH53Q3bgTn06D5TdBaCK9usVqUe+JZ1K4
-VLy+20kSiBqaLkel3417o+bqdpL3Uu8gXy1bsOhyo9m79ug8ookCIgQYAQIADAUC
-PFTLCAUJEswDAAAKCRDbaY1xmSQlYGW9D/9ZQP1N5o7Ndm0Nh3WJ6oqSmjhWUQ2f
-AZJqD/4U+z2fqOCQwI5QodSN/DJPRfbx4JnibPkui/8YBktB8SxhoqyD0W7oE5h0
-Xvj0+LeJ/ByhdZCgR/a2RAPu9D64xxh5p/7oyutI2sdLrsTs1OCeCMdaMz5ptrdb
-oGpk4Wv94m1TOC+bztrRhEjDLrEJIPotpOYdSbq+moipSVJBMv9NrxfdeVb40Y4D
-GGqtfsggarquJu9Lnq7PfrCdmdSzQcLI28yP1s6V0f3MZxH+stzTxtCCIsFjTsgx
-Ubuxa/WYiW3qM+At+B6B3HDhBvjFdg2OBP12/2I/2ZiDQdZbUZJ42ND7oi1k34Pd
-fExpCZRMWGr4UTJgtGqlCqSlTLTKmzxkI8d7Z+PHt7uQbew/GnFkzsU+VKtpfpIl
-m3ym+0CgP6ap/nn5B2kSvf77p9iQQXHarl0L3cW7sQMlnPy8L5AqPWkg5+C/ihZW
-gJWT7ujwnbrkrzddJxdBGEBvPNWEoCGzKBp6E0TXxgKfsp4dbszXcGLaaK/cUV2x
-MgVLogjCPnAwaP3l60rc2nb3gV4JfVP9ogoI/Ikbf9nVeruT9dhVWZgNmvj7rRBV
-VN7XjF0VN9ou7N3xuEiRaetd5pmr+Fme0HDCsSlVQuEOcP5LCGQpcwHMdz+DFGvW
-OyACu33k12k2prkBogQ8VMvbEQQA9YjnqxRaPgKrbhTQqrzGMYBuP4QlbsQeEDA3
-y94jlPK++edfyUGUTnquXHDKmPnLwsqszYZCsC35nVP8FOsg0eATYYAj5A9uPDUX
-GQkW1eNQFGoh5p4SxBQZKlVJCAJyVgMxXDtUwDbjQ9CkOONrv1YlajDz9h9yHfFU
-jQrC47sAoOX8LBxMJVdAqGMOQGcI2lTWTfq1BACabalqZ3571+ePoAEsqSxZelhH
-A/Se6oxlfxWNQilDGsgUSm53l7yeJn+8qZuiRm49wMlPZnzLA5isMAh0UyoTSnPs
-8lnZDLbo4/s4H2Jz0+MahJSYtNtSKTNhuJv7Fh/kQGVltAaniUQeecoJK7YxhKbn
-vsXKzg7YEL2DLKDA4AP/RDeDRhK7ehXbkeONeJsOPjvjdATxSa7Io+GIUFB1CSLg
-aHfC43b8j7S5pEiZ8MOW+kwnP35G89h1K89nFpC47Xt8y/5DH4Z/tw3SdaEIr8TS
-L3u/UOK4gZEc5uVhCGBAX/BdIYFWdO2UUjEaO3ox38lgH0HfNscqgN5zCEEc6lmJ
-AiIEGAECAAwFAjxUy9sFCRLMAwAACgkQ22mNcZkkJWAthQ//QCSN1sFaeqFQEki7
-fg6E0n+t7mO+V1llNymp7G8Pq3iSI2d99oijVk2BQnrbhdLy+wjl9LyyzfvvaQ04
-QwAUvJNRgIaOpxkYb3z2tc31ho9eOYsQRmKxVzGWw1ii1OEnMBylsAaG58GpFI/5
-MTfucIlJBvXoESkHSoiyov2Pd1c3hJ/6OuFYbn5dvYplBi2K3pAq12OCmWticFvP
-TBpVlvTED0h+I133oO1e1Rx999u1/PQgLem5qfuz3wLv9r8qkXgy1AqdOEBNsvXS
-o09yWaDTKaZWb6k7viOq6k2aDOi4mr8qgrf8obs6fpOfg6WQw+DRL/T9KUHF0EUS
-PVEMkbMc1V2iHURqXBGnIsa5JAi1eV1cMrp9T25DXWHlEfXRnPPjzTSJyJh2FmL9
-NnQrsmHf8f7DiR7uzCgA8+SZqRmr6o2j0FAPUrV4EmMYB7wTYPwPT7EXXmYs8m0o
-vamXwGbIwT2Z/EGhOc3UdAQF232o156m097tib5HMbTT+8AcjX3TaeXDJpjI35Wy
-bfJ8F2LEWmJsQwPC9MMCfy7SlW8BUqTBaelPvSYoKdLT6FOxtnoAVYn10WRIF7LE
-SySJqENspSpv3ACJ/q1jZN6cXYKFlvKLR5Be/MWtnZ2AXqwHmR/XYGtXI6FRmNd6
-xrb+mP2QwkihMezVT+y2Q/EogXSJAmoEGAECAAwFCRLMAwAFAkQS4BkAUkcgBBkR
-AgAGBQJEEuACAAoJEOJmXIdJ4cvJKsUAn3R2myTGfaAyxiDwL9l3ObofNnX9AJ46
-M4YTuhT9ETVc15IOaHY5VCLcUQkQ22mNcZkkJWCOtg//RVzC6tHMnmZXXA6jslgc
-a2yf/q0zJIULR9azhcraU3yy8OzjVorX1i5Xh5Rr3SmZkHiNUMrOK0jCzyM9ykBa
-58WOwwN1sZoNUQpUtmYja9kj/y444Atf0iIFW9TT4O31j25qEjz7cLZtmv+TnzcS
-IaZekJrIZ/8D74eDqNrfy/WaAi0JK2iMiw4dqwLtIc2W7UTtXfSgiAtNrkp4smrO
-6AUI2Xas7D+3zZiMlIv//W3ZSTF0vHtyBdmvcEPrs6DdjhsM+L7QHLnxD7HD86cv
-Vh+9SzHelc5erhSWbwKMcZKykQ3uHhU9XCt60MYdbc8HHW92g0e9nEipZ7iS23uD
-mzoKvfihtho2+j1w5uKM/S6N/fditlWJ9qHvLHVPLNKPp4DEHo4ns56LCY1cRUX7
-N4TOWu2iVSdtzg8NFvhfnKyWkUTCYFuU64Jiq9XcJLMAn2AY02RzQcF8LwbgzdyI
-NK9pC0y0lH9ZrN6QyGinxILPVtwLsWO17JpDvKQf4+rmR9nHQSsvGJ/FjCDydMx5
-HaT+TfC4KRR8BBgTDgZkq6cllbeC1qgCz3LXgai9pIlvT9httrVcpOL0QHnKM5jd
-7R8JZ1dt5qlltuWsC8Dw52kEGiBn095qmY1FFd02BxL7y7sxHp81m31yTErho+HQ
-lcXTIscl65wt2LwowPG0n2iYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNw
-Qo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYU
-TF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz2
-8iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpu
-QGdudS5vcmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2M
-twUJClROYQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhA
-tm3dxWeUxA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2q
-agd/nRchl9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+E
-wCV7i2e2u5kDKgRHeRfDEQgAnwKxwiRUep5JsTYlvlBODwFt20JWvSVhagsLuFai
-5DyP5R2+acR33/Bc8tjvPQcQ/+oV0g8dkpVZgBhzgiYUocdb3zRlWDbCZ9qDSudI
-p/ZBrw9PplQAn8uTMj1fJrTHDjNqdfMFlbjHdoHmG3TWIAK35/wzaVP+fTOnglKY
-V5GBA3BAgamUSo0gdSTRJ6hwDPoHOX3OFZWHWfh2AaxGU1/2Sz2YOZH30e18gOiI
-Klj0mND62MQzsRro8nkracmYZpE+3s1c6CgSPspY926Sjq5Lii4wd1uU54Aiy2L0
-0f4O8szcoLf/rq6czTvOSrBiwVQ5JEoUrMIjyHrbdGRQfwDg/A2sKSzVE19nOszO
-ndICn0vPw068V+j0uQOWcwf+MRAaZ45wq9kY5204uJXDS4Pm9uXPZa209Ul8ra1I
-n1EG3DhJAnn5Pl+yT6FP8dw29Q7gveCwGjBX1NqOhlj08wTbRAQbRqYODLOUNcNY
-NYA0RKSjN5hiD8nCyl4QfiX4vKRfqrwakYgN8Z1mQC2T9NPWXy2PvJzAdOrv+fcy
-nC8s/of84wpqSCXRa+cUKLZus7SvEJrNRhtTDlT0NbwlAh4ksCGu1dSrZZWCCLB6
-ke7CF7k0poiyePE6tTWOfZxNYQ+yYnHHIIcj3l+dqJxXxMOahxDyaF4XDo8Urmts
-fVPYu3KSZ8yypyAYXWWu00Ibe/4y+Au+UsvnxMXhEp4PDwgAlAU/s1FMwC3sxjmR
-r8Z/NjjOq0f5dplfVl3qShAfiAzxtSQcKn5dX/NP5iPIYcJK9i2K8oXebvnHnEcu
-9ffd3T0pwGA2srBv/rCFcWM/TOHaFkFYUnvRDiZ4FnL2D+Wwlg8m5pQWECYApKxV
-KjL0EyTgpJaam40Jv7sV2lrpvXUgMaeWHhwiqgSC1J4wVS6Gq5ldG3Fl8KLWYlxX
-d1qZwR4xP0Ep8nBYd9+Pm60fCk0p5kvr+iPgelvlTnMsx7fvFqV7qNWEuKJApmb+
-n8yJX+h3FSTiU/Haaqc8jIap+GGE9C20QvaK3NiqMdIc2oqLPStBKCn+TEUBDLAB
-wHTNDLQcV2VybmVyIEtvY2ggPHdrQGcxMGNvZGUuY29tPohxBBMRCwAhAhsDBQkU
-sIqNAh4BAheABQsHCgkCBRUIAgoDBQJHeR6AAAoJEPKthaweQrNn+kQA33yabKyY
-9z1ujVoxcLF7ROc0mSsX75srRXIjxTgA4NKwgnV1GN1QL6bKH4G7AFTgmJMQjWLy
-wpguY3G0Gldlcm5lciBLb2NoIDx3a0BnbnVwZy5vcmc+iHQEExELACQCGwMFCRSw
-io0CHgECF4AFCwcKCQIFFQgCCgMFAkd5HpcCGQEACgkQ8q2FrB5Cs2eXYwDfUNqv
-I0xrFP47l0+sBBD5j8Z9H9FygT4ZuVZOxwDePf9XYQuNja+MQUqZEtZbvilME5zf
-5wUMo3sVtLkBDQRH47TPAQgArMK+fv08+pw2sCF0DQtk717TSyHmcmn8e7ndGXEB
-xZWy/sQWoZrKKr5/gmkCH3O0p/sSZhijfCzTeElFO0ASFaSAvaXcQqhUnjEcI4ic
-3KLbI7fSqoqgvkJ8qwfIFovb8jMO/tBQgNmYAODTBlnLq5zJIvTvpqEAePBZdd90
-SGiC6vNADZ04D5Pbl3ZdXNwakv1y+eLc4jnYPcAkqsf8U7/ClpGcaADPLC0Kp1lN
-6lYBXRV6QXpEa0qh2JT4PGu7981hFVvKjBdvClbz6E8I3aSny8acUF6bBRV+/H9k
-2lW9xrD7+E3obBXJ55CWOL4ynoS69ii2XyVQxyWz+a7ZlwARAQABiF8EGBELAA8F
-AkfjtM8CGwwFCQcajaEACgkQ8q2FrB5Cs2cuqQDfYDr3l9GbFNxAZSv/HSXKcZ5M
-Jys5TLffQYPQXwDfRzV6imKyGJmI6tAaDVAgLDNld64LDP2wrcOezLkBogROsUyG
-EQQAlCMDC6m1nkcdAK3MV884airO5/akCJhT0CWjd6LxbM27SremsW7HSaUoOSNX
-SXpPgktdDcA7y6Y8cXteGm9+/ZHwNoXgYWnTpWjk50qLre0iCNLcpT1V0cMEev5B
-/2YXOiog/7obnI+tjG/y7V41bNzAceKehSFbSi5hyz7EAZMAoIbBb88QRdsh1RKm
-tHdVXsjuvldpA/0cp/wmWwWEfWMGKvtCk5i6Ayl8T6YHRjtqZwnMFrNbjEssulkQ
-0XpDGRcAyO92utp12sl7h8DWl4OSEFh6rnFVJPrII8YQXahrAchB7Mtc5AzDFFmg
-JqvJdp8WEVnx+nLl9shaRifHUSdLwdt909p+1CFm8ChDl7+eZE7YbvEWGQP+JNA0
-DHFqNSxCFzs667Cnic7op3BkaUN13zNuR1aVpepxUEhkk6LfiiHmQON7QHVAqvtq
-/TO0svyy8nAeFhlWqcXX84tuoobmnsCowa137CXYV/SD7JVjy5X/b6cbs2sIty37
-eJLjoffnxQHvN+azf+JtxtTXhMTedhBQAgdlBGaIoQQYEQgACQUCTrgQCQIbAgBS
-CRDyrYWsHkKzZ0cgBBkRCAAGBQJOuBAJAAoJEE8FQNV3+V+VkpoAnA5MTmFbkcoM
-4N4OYwb3YGMfoAD0AJ9j2e0iEo9fhMfcSoKG9xssLopUTOj0AODNadm6ajGAly1I
-oam+eLSbqxHfSkQEHOxhMiFjAN9q4LuirSOu65uR1bnTmF+Z92++qMIuEkH4/LnN
-uQENBE64FVgBCAChkCmMrdCKW/PWuBQs2/lcTqz3i33KOUCynyj1aOzen9HUJVHy
-mJnN4dZTjq3ARlSTuCSoJmQwcmom0wjDS2L9qqCnUctdyIoFxTetnMP3JkBhJ4j5
-IxtwkTznWa0SgEjvBdNUkLTBG/3lgfMFoqlQNh1or07wsHS+LlvaxvFnqMozssKq
-YLC9mTVqWfXvTeRsCzYLvZ6jy4rqbJnDIJzHgqV3K6cyqA5NcZqoWj8OQNUbS+sV
-CU8nkYkDYQA7wm2nwolEfROSdFtSTmL49PNQS1V3MUdLUb7SfsDmwfm59SDmJUp4
-iw3F535P/ei+G5cBYzHO0jN0nzUH/sfM7njjABEBAAGIXwQYEQgADwUCTrgVWAIb
-DAUJBAqORwAKCRDyrYWsHkKzZ6TKAN0WMNFzexmPvciaqa2LyUVUI/ht3suw/tlV
-SGDCAN9tCWF1UFBrQORgcrpgQBfNKPkUdAxxyiDrXfZ1mQENBE0ti4EBCACqGtKl
-X9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3IUe8TuDrGT742XFncG9Po
-MBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjgjvDAH8cZ+fkIayWtObTx
-wqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7KRw6B5ucs4qSzp5VH4Cq
-Dr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8uqA35ZiyczUvvJSLYvf7S
-TO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB1BAY5s3FKqrkaxZr3BBj
-euGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChkaXN0IHNpZymJAT4EEwEC
-ACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJECSb
-OdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05shKZOAKw3RUePTU80SRLP
-dg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH85zCwu7SHz9cX3d4UUwzc
-P6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8Klf/wl6jXHn/yP92xG9/
-YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOcWkqwupB+d01R4bHPu9tv
-Xy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgCE4F5XeCB/0ovao2/bk22
-w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2LgQEIAKHwucgbaRj0V7Ht
-0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX1bDVwr/iTPaPPEtpi7oQ
-oHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHULhzKsGg5FC6pRYcEyzRXH
-tv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7nJdwG1cGQOZOIDQQM41g
-BzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOMEJwlo0+NYx2Yn75x66bY
-wdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6JsPmXEyeAyLiCWSh7Rwq8
-uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2fAgAKCRAkmznSTyXjtrsS
-CACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU3BO8iQ0Koy+m0QKY1kWj
-aHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4MepTgpxNiw4+XmykCkN1AfV
-hvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu1GGTTOH0r12Ochc/um+Q
-GAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1Lku4bIVG1Huwo1/0WHc2
-vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacutZXQQ2PPCIY7LlpuS/45C
-XWbT5Y+mxY3y7dbz4aF+8uyCiJwEEAECAAYFAk0tjQQACgkQU7Yg0BzgxjBGTwQA
-i5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfemIjxZZoMLCVM8ly8AC2JP
-rIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HBMpG4gFuOuQmW9QQDjEdh
-1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57Bas=
-=WK93
+Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGIEExECACICGwMECwcDAgMV
+AgMDFgIBAh4BAheABQI/6YJpBQkMMyPLAAoJEGi3q4lXVI3Nou8AnAuw9XXJ9zYP
+7JP7ZbXUf9+00wO/AJsHB45GEJv878Q6SDZRNckFHh6SgIhGBBARAgAGBQI1oic8
+AAoJEGx+4bhiHMATftYAn1fOaKDUOt+dS38rB+CJ2Q+iElWJAKDRPpp8q5GylbM8
+DPlMpClWN3TYqYhGBBARAgAGBQI27U5sAAoJEF3iSZZbA1iiarYAn35qU3ZOlVEC
+ELE/3V6q98Q30eAaAKCtO+lacH0Qq1E6v4BP/9y6MoLIhohdBBMRAgAdAwsEAwUV
+AwIGAQMWAgECF4AFAj/pgnMFCQwzI8sACgkQaLeriVdUjc2CugCfZn7gqBWjafNb
+vZOAInCQA/Rw5zYAnRkyKWw5abGYQboHiwcwuQHiKvgYiF0EExECAB0DCwQDBRUD
+AgYBAxYCAQIXgAUCP+mCcwUJDDMjywAKCRBot6uJV1SNzYK6AJ9Gs4h+WWneZKYa
+keAjG+DlXy+0xwCfQG8pV6E6f7XZi+f0EId+DfiNRluIYQQTEQIAIQIXgAUJDhSH
+/QUCQbxoXgYLCQgHAwIDFQIDAxYCAQIeAQAKCRBot6uJV1SNzQSTAJ9Nd9d2oNLY
+I6xlGbQ5SmG5jSHjHgCdFKVbI8acpQXEo7DxPDAJIux29keIRgQQEQIABgUCNuj6
+3QAKCRAHAyqWiQTI4hKYAKDNyIrKze113YZz/ZZsdFCShO0rBQCcDFiAZxivd6I7
+ll4fWIA0ckmSmaiIRgQQEQIABgUCOcwPPAAKCRAyw1uAR7qTV/b8AJ9WUVGMiFle
+V6EVCKuxKc9YnfoQ1QCgzGUqNeYfb3xgI68racTrOXJVvhuIPwMFED1dFpBsryRo
+IByznhECwRQAn1Ho60oFxkas1xl+sCpZ80cukB8fAJ48MPZI3wHW7Vf9egVKS3EO
+76eEJYhGBBARAgAGBQI1pysWAAoJEAQ1xdJF3KZpeMoAmwZEvOS95jEKj/HnbFBD
+Dp5C4dw0AJ4nsZgDnGDAG7FCEJI6+LoIIUit44hGBBARAgAGBQI1pytxAAoJEITk
++JQB5ZloGOgAnjVcqopXEyMYEZfF98STKmutKPiKAJ9xHmxZW3KtVSTRf/ITSNSs
+/0gClIhGBBARAgAGBQI21moBAAoJEJKyepXkBBOquBcAoNljEbSHXMLH54/J4Hit
+AsiI18amAKDrDLnxCzmC+8m/OTNu4mZamePP3ohGBBARAgAGBQI314yyAAoJENa2
++kuMjp8j2KwAoK9+TObp3jf+TwnPVIfXGkmHSbcMAKDo8zs+isKynXOMF2g50STZ
+waWTHYhGBBARAgAGBQI32QNDAAoJEM024CF+PI6rjjkAoKo8mBja4lOGW+miluBh
+3LiTaDNJAKDQrqc4kkfaQcVlXjDVYVael74oJohGBBARAgAGBQI4JoPuAAoJENXo
+h0OUdhKzCAMAnRfk1mf0+yiUdMuSENhKMXyysZ2sAKCvMSdEEmGomWCgsQfLWMzC
+LR7+5YhGBBARAgAGBQI4WM8aAAoJEHEtCxfQPYpPbZwAnRr7nX029eq1E0Pv9FwQ
+rgs3Zu+nAJ4s25RKi089/avsVVqnm87egAzB2YhGBBARAgAGBQI4XUq+AAoJEEPM
+0G/dqdt2qekAoN1HvYZQ6AxvNVLx3M06s/ytk21NAKDNn0RgGyCBiyQeLuV3Gkuq
+xke7kIhGBBARAgAGBQI4YMPoAAoJEHFG8OMwcClIpb0An1H9sxwJF5/2bKL0HZsL
+XO43aq1sAJ9z7U0cOGYNIrRNpHlJ67ZPJX0tx4hGBBARAgAGBQI4mP1QAAoJEGXc
+QrfU5YAmi8wAnihZi/5OG9CnzMx1UKdtBAvvt4t2AJ9lX+jCeoO3TF8QykdMXSFI
+dDHL3ohGBBARAgAGBQI4q/0WAAoJEDW6YX9GCEVakzQAmgNaF00/D/eOgHmtLEjE
+0IH1H2yUAJ9EKs47I9s8U7IYJOGoQRy7LD1JRYhGBBARAgAGBQI4vt9pAAoJEC5A
+rMtkcKsmHDkAoL3TIizomIuEKO6vwHMFcFndsaAaAKCJAkq+I2mjYimFE7ajlaL0
+jyecGohGBBARAgAGBQI483onAAoJEIQ/V9estY1PhJYAn0hEgISY812GhhZRzuE/
+sc5RWEd+AJ9SxHhtH0oJNrKcGYq8AoD9yJMGHohGBBARAgAGBQI5DSiPAAoJEFL+
+72cgfnGZx5UAn1UiUx9sLoaeLeMtdmztURfk1ZAJAKCJ3juG6XKBMjLl4+SmCM47
+VkM/9ohGBBARAgAGBQI5Rs0pAAoJEH/i7V71FDsqLkoAnivh01I3uQurWc5bnb7f
+T1GIOmfyAJwOE/KCrJV89Rko61XC+20dlzKzGohGBBARAgAGBQI5TM2WAAoJEAJx
+6COq/B+4jTYAnjOMlKc5tuqspHgAUgAVmBda5XNGAKCIqZ3Fu33suLyRABGZ+tN3
+tJ1QZ4hGBBARAgAGBQI5Zs0MAAoJEEcWKRmClXtmuPEAoJe7siEXNYVflP+Glf71
+M2xvkSa3AKCerd0dwvhmi4Ao4ujBnuZI4YUIhIhGBBARAgAGBQI5bedgAAoJEDLG
+kzuo7SAfxjMAn2I7CSRyEz8mkaD3emaM1WYxvbb5AKCFOlNjoxNmu3SSWfgrW1EE
+SYPQY4hGBBARAgAGBQI5kqZcAAoJEMfg9pSiTYtOVeUAoMTgBNUjD+AYQEzIU1zY
+kiW1NgZhAKDW3GzsDPqzs3nF+mkMnggYPFnEnohGBBARAgAGBQI5tN9hAAoJENGO
+Dw57qpD6cEkAoLm4o/nqc2SDZ2eKr5hYDTUfWBlCAJ9g8KJvMM6+/1tEPaolM/hV
+WKBx6ohGBBARAgAGBQI5ypYLAAoJEJ853fBeKcbCFbgAn3PjBy25SYCXCOWeNg+H
+ebn7Pi7GAKDKtfxnXigrcdNvARmZtWHNMzvHMIhGBBARAgAGBQI5zQ+XAAoJEPd9
+ddcOjOSBz8YAn2a5jCk052U+frr+sFRQ1MqKmrxKAJ9J71OdRNZLefkD7ihJ2Ymc
+o8Gsp4hGBBARAgAGBQI5zzSCAAoJEKZZdW0/TbZp0ssAn1qZ7PJCIHf6ErUG111c
+5bWjCbW3AKC/3Cf/ZNZK2mKZOmfCCRn9sBBlRYhGBBARAgAGBQI55+EEAAoJEEQ0
+VrKnu+CclHMAoNOx0T2hZqYtHoxhruXjMvAOpfHtAKCvYm+l6Yah/UuM6OrsKbXr
+7ulq9YhGBBARAgAGBQI58yQiAAoJEOY1PDi4UosBhq8AoN9OP59IYJ+NQYJmpdoy
+PFgJitPfAJ4tlu7qDh0lpQUBJKIrCjG0od4yIYhGBBARAgAGBQI6A6zWAAoJEAa2
+rnqGiisg4Y0An2Y/8oNJ+Oj40zqQGYn0rCZNTbbqAKDmvIQiqEcdQn/SoIhELxW2
+YZs+WYhGBBARAgAGBQI6Gfa2AAoJEL4aU+syO97mR7kAnjSX4QP7gR6x1BYTCC89
+u2gSXAQtAJ9nReACgNU/D+TLqimlMS9TqnTyZIhGBBARAgAGBQI6QjVhAAoJEN9J
+A6fJssLArhgAoMONOWaoVjK4DXsFNID5Zc/kvVevAKC3q/YHRHK92h4cWcZmaY7E
+cuMP7YhGBBARAgAGBQI6c0fgAAoJEIj3xI8iNZX1HdIAnAug/Inx3NbV/a5vNgES
+SQc3jWn1AJ4pu8BlA1FywwpMkIC6GXAWeHsoaohGBBARAgAGBQI6kBGJAAoJEPOk
+M758VsXv+K8An0lw/DejITM3yqmem+l/5GoP3Uv0AJ9kDPVOHQq1JfJDk3WWz/jQ
+vh3MdIhGBBARAgAGBQI6k/ROAAoJEGnBgyv5Otrs1aQAoNARp9b/2AqdQ0Ug0moS
+RhRexiUuAJkBwZY54+uszs8Q7P+HTeSqWVi3zohGBBARAgAGBQI6ln0BAAoJEKu/
+XM0hJhuIIhgAoP6jS+IboXddicsmt6kyXhWBYDJtAKDljV7NQnqWDBmdRzYW3CYh
+/hvPyIhGBBARAgAGBQI6nlT1AAoJEPqlSVpCsy/Jc7wAn12uIYBL9WfhmS2Sh0O+
+mIO2j580AJ9nJvBuz4q07lkgDUFVJQlruD1IfIhGBBARAgAGBQI6xKZNAAoJECAs
+PjFYbhLlDsgAn0tfgJSaxWUd5s0ZGmKob7b84onEAKC15V+DRTrE1tArKxy/itSN
+iMtQG4hGBBARAgAGBQI6zP4MAAoJEP2mrjmFey4hMioAn0UGCzQKKSmQqGw0B3x8
+abYWUC+aAJ9cpULGVtTlggjdM2AEDI+LaYyaeIhGBBARAgAGBQI6ziMsAAoJEOB5
+DjbKcLrc2aEAnR1WTr4J4dpFuNtvRTsEXbVcm2RlAKDoZbCBC9I+VuGCQhkK4Xe7
+8bqNL4hGBBARAgAGBQI61vgkAAoJEJeJjZL0kb0h64gAoNU2VN5G1PryITJbB49E
+xmAjcmRGAJ0crDTB0H8MiiTRPt4PaDf+sh9CnohGBBARAgAGBQI7FTOnAAoJEOTO
+X3gKLDxeqsgAnjMWBiiEToG6ATHKHZhkbFh52sTdAKCi4/cu+BYrzhNL+KHZXc8F
+bP49t4hGBBARAgAGBQI7GQwoAAoJEF4Gyczs+hnFZhYAoOMcc6W4Rg3pd+9eEtqx
+ZHlDDIoEAJ9VG0vhxw9szHap9L0bNN3awkZanIhGBBARAgAGBQI7JUB0AAoJEB3T
+gN9DaBQASVsAn28snlWv8ljqxPsS2e7xqJxzND3GAKCsObLMGdGyED2YKlu0sSa4
+E7cE+4hGBBARAgAGBQI7PonmAAoJECTQzUdmDtvZdT0AoJwx1hvhf+2pMN+e0u05
+bb0ebVfnAKDpZKStArdW8xS/idhP9R7UaHyZvYhGBBARAgAGBQI7ScU3AAoJEDec
+kqFodBLoiG0AoItVFw4742i3VVL75rHpS/iRTyXXAJ46OJxgMvJ9knQ0l4so5JiB
+otS/8IhGBBARAgAGBQI7Vf1SAAoJEFbTlPwk1QvEjPoAn21RJvXsS2r7ULpXtiKI
+cK3/+9jYAKC3qGXWrrPZmFKAksFXo3rCyzQZYYhGBBARAgAGBQI7awLUAAoJEBd4
+3VVgXTjQKI4AoKzDCRFCypusHv+HobIOrB7IIT8TAKDJ0Env5dzMRub+k88oAKje
+3AyYxYhGBBARAgAGBQI7b+zBAAoJEK6vjC0HwEYDSbYAnjD/E6PAovkpDzSAoTzW
+gmhIqOjfAJ41Nryc49NSfzwmHjHKA02eGmjvZYhGBBARAgAGBQI7eNsgAAoJEI/A
+t40JszEG65oAn3gQAikxZTrE3G4YZbyI2SfWVE9dAJ9DR1B56JLQOBjHcVub0frd
+boRnFohGBBARAgAGBQI7hEQBAAoJEFwx4sMqF2LdKY4An01JbxbW3DrWPwxoLaNc
+K8u8rgnGAKCEF+4ICy2QiFUTOjXVeevFwKaKHohGBBARAgAGBQI7kOZuAAoJEFwI
+fke31CB7qREAoJ8lDAoLcN7vtSgtx8BfwRMW2Q0qAJ9Ru/GtQglsVha+XrgC1Vzd
+B4zqT4hGBBARAgAGBQI7sbiiAAoJELBm2s/e4NveRe0An15yU2qDEyVxOCkaof5A
+J74yKDTQAJ9ZyEiwLE1gQKuabrs/bUL3yvDWP4hGBBARAgAGBQI7v1c6AAoJED/O
+KBDjNrEGu8wAn323cSQPxAIku2BOJ6Ai/T6EWuaqAJ4xOQHIAR2RQNZY9N2cHXIS
+Ehu+oIhGBBARAgAGBQI7zECMAAoJEL6VZu5GV3J0pmsAoJjHoGQYZnqA2nkkD82K
+lFm8ypDtAJ4jDyaF0RmkcfcmpjOA9LOg8rp8D4hGBBARAgAGBQI73t7LAAoJEIeo
+vXamM4UazXQAnjd2m9MQaZ8q7mVBxEpup10sFMZwAJwIJvIeB+kUppNTea6ijo0w
+pCuF8YhGBBARAgAGBQI7430SAAoJEB/tJKqSZfr7xIIAmQHbJSna96OkNqDCdSQl
+gm0TAoPUAKCByEtRAOO+3GtDu2byKOXqqQQf9IhGBBARAgAGBQI78y1IAAoJEPFm
+QMK+QtymtcIAn2rhARKRI+Ilaf+8NmfX64/NsFw+AJ9LFE0WZD7BSPmErPYKtH3q
+4nB304hGBBARAgAGBQI7/a2UAAoJEDdpZyTeGKgb45EAn3Ttnv2G66peIp6Qd0LK
+9HyHMG52AKDCEdDCDgpOp9xE9y3Qfy3XaeK2johGBBARAgAGBQI8OvrmAAoJEH0J
+HgBCHFE0amsAnjzZ1rzTcQr1X5FVcQjlkqja3y0LAKDRr652u3GCVSTU4TFj6//+
+yKrSSYhGBBARAgAGBQI8WSziAAoJEJgXkxOJvYru6ZcAn2aTbYiVEFX814lG6qaS
+K8LanQOjAKDiEB6Q6EF5ZwG9NqIKt9CxWCYzY4hGBBARAgAGBQI8XB4lAAoJEC27
+dr+t1Mkzbv0AoLd0yc8rHrSTfzvXAMtQyAKh4HuMAJwPgqYNdOXUM3hkTHipMN72
+v2MXcohGBBARAgAGBQI8fAA1AAoJEPJk0qCezPAhoGMAoNE5kpHw0fI7yu7py5vD
++O1nYLdSAJ49Nt+hkrRCdJeiwTRhw3S434jADIhGBBARAgAGBQI8iA8eAAoJEKO8
+fk+VSKRRLTIAn0wHfcDCzH7lVwvdck1DE99ZKp3UAJ93Rnr7Ut8FiWOsgaSjEYOM
+/Wn2bohGBBARAgAGBQI8pwmAAAoJEGFhpSo9Vtc9TFMAninforCqZtGuJ1zaipXc
+9sIicMIjAJ9bsGgNfFpkIaOkhwoYcZ+m0kZkLohGBBARAgAGBQI8xSCzAAoJEOnW
+IbyLxfYrs9IAoOYpFNtlaOU4mzgA9q64FU+aRCejAJ9LpWSYdz9FQStASLILJYYH
+0cj8vohGBBARAgAGBQI8yc+PAAoJEKmGnWIe6RjWJ0QAoJ2nEZs/HYmJ9FF1jn+l
+phCnWZOaAKC2cRtAnlpSmgj2fWWtzBPAjMRulIhGBBARAgAGBQI80OgmAAoJEDFc
+jj1lbLW1N0sAmgIlqOJ3G3EE9CPIJ60xVH5+//Z9AJ9Ou9+9E+Fze6zMB7Vn7j/L
+AzsfwIhGBBARAgAGBQI84DImAAoJEEPaqJTf81JOjJkAnjo8IJSyn1RDc0C/SByu
+ZlqSRjjRAJwKxnmGh3EMe1ZVtO3ZGe50S7Tda4hGBBARAgAGBQI84PTyAAoJELoW
+FZDMNQMyLZ0AoOAdy099LVvSlHyVqjtRc3RctixdAKDyxlwDweoBvGYQpsT6iqb7
+xPpkcIhGBBARAgAGBQI86d10AAoJEGsY5C12UxliJoEAoKgP1pbGf7WFJR8q3Nyk
+HoMYoirnAJ4k4kusg6EL9nt/WBcKmzWDO2sEs4hGBBARAgAGBQI88QRCAAoJEPsP
+OnXTORgQ0a8AnRcSVlV84X56jTnSftapXggAxG/yAKCbIogHWD0SrzV0DXgjo+AE
+IuYXCohGBBARAgAGBQI88l+3AAoJEE6prRadbVuu/aUAnivV8DalPGw3QcuFmpBK
+wSwEMCY7AJ96Mb0eJVCmj/+nbtDIhXj9ihCCAohGBBARAgAGBQI89JjcAAoJENOh
+xR3NTfIFU0QAnj0YNNd5gZNHfNmIb1jai+5dgSX2AJ9bovKcoZIZxeOoFPpmlF66
+WIozL4hGBBARAgAGBQI89QC/AAoJEE6prRadbVuuw40An1sLHPZXu05p4/wqDnqN
+bECMZ9QgAJsFRiiz9IbLbtJ6JolVDGHpvLrrN4hGBBARAgAGBQI89QDzAAoJEBnb
+ZojaeNCo04YAoILQe2cG58KsPTSyIkKTg+mwkQouAJ0eCgjvNWrhPHiSRnegEsbF
+o4zsK4hGBBARAgAGBQI9H2xgAAoJEGHsr3XM5FOYekcAoMY+mIbdRh9YTGKrskfW
+QQCQ87bxAJ0ZZTr2iwukIOXW8ryk4zlD72ZWi4hGBBARAgAGBQI9bjqiAAoJEHLT
+tWP+y1FLj0kAnjGZGzl4VHxvUa+c4gD/GMrw6wgEAJ45Gy0INAp+Rh6NJbNECzjH
+OFjstIhGBBARAgAGBQI9cUfYAAoJEFwRFAeEa7Skd/AAniL6ZGAUqQGs8siu2ia0
+SnVoLBQyAJ9DrvhmP3aaZf+/GwR8Gx+Lt7uwTYhGBBARAgAGBQI9eF2CAAoJEG9K
+95D+u1J7GAkAoIVs4Kxb0R7luN6Pi+WhXNfii4QbAJ0UZLJ/ySM8ZbHnGTUNIooe
+ecnLjIhGBBARAgAGBQI9h9ZMAAoJEMR6qYKMZW0ODu4AoMMA74PG6QjDICxdsLWe
+hhuJf3VzAJ9aHtt/ld1W/DTWSjdvH6AP9g6ZeIhGBBARAgAGBQI9k3U6AAoJENBl
+k7NU+gyIiCcAnj46+kM9W4dDxs0dqNGCOXfzfXUjAJ9DWG0bLQ/tixVsWApUHTd+
+ffQM2IhGBBARAgAGBQI9p/iCAAoJECxm82ySywptILkAnikhz+yOxNJMNnj/aB9C
+h4i0fQmUAKCHRje8FE5DZSPWf+OwYcixOm+TxIhGBBARAgAGBQI9rwp0AAoJEDxV
+WkwvmGAIsxsAoJgH82l8l5GRGwXBl26AHj8ZA6zaAJ9bKL45L0jyrSRF1V5FPLxY
+twXDe4hGBBARAgAGBQI9tsipAAoJEIIYfzQ7kw7P9UAAoJ4URNsGaPSQkTSKLO9E
+rSPkRdHXAKCynlouXdSQ70FBn4j6mG5I40cnGIhGBBARAgAGBQI93wWnAAoJEE1r
+ZOIZBCWd+yoAn0IBXJN0bR73EG7dtOPB4Vf+MIqjAKDky8A5HD2DHDrED/bCDDBG
+JeS134hGBBARAgAGBQI98WVmAAoJEP4Xknlj8hRJ51kAnijQacczGC7jafSF5un6
+nRG65a7kAJ41Z8eK4JMaTNVLkkM3n1e7hh7RAohGBBARAgAGBQI+n5+UAAoJEO5p
+t4fBbO/YeOIAoJA3UYEf9kntgTFeNY8pOAnCY4ouAKDjI2BHDR3zlcNPNcaczJO1
+Uvxd64hGBBARAgAGBQI+n5/CAAoJEDBJWXZ7Y/q9XWYAniEPJv06FUNu2iZr2eON
+fn137TmAAKDQoEEKk4kZ8bYxI6HmRRbBU7hQTYhGBBARAgAGBQI+thg2AAoJEB4q
+exxFM9Jns00AoIJMwTx+2aRpo3WNCdulrRUzx/ZwAJ4waxt3zbR0M15kEF8mlB0h
+198mOYhGBDARAgAGBQI4no7wAAoJECShvswraT6/w8oAn0XLPn0F4s9wQ4pGXNPC
+m7MJ6E5zAJ9CbanRlaKAXoD1LP5bmADGkRBqfYhGBDARAgAGBQI+1KueAAoJEK4I
+uPUH3Hp+6ngAnRTP6a9ztIe15H5seESNWjlpGzBcAJ96No/FG7JY9qHg2WoJs/F4
+/KKlH4hKBBARAgAKBQI7heRSAwUBeAAKCRCNvZIahzuneBt2AKDtP0g+JAHXbWpf
+HSl8MD1TnCKKYACeL5DRtpWgKqbDYn5FvT4hWvNfIh+ITAQQEQIADAUCOiGBggUD
+A+3ogAAKCRAySnMapnzv/Wl4AKDrpmoVRbgU7mbL+ZmtsRt3VT2XMwCgtb4hCIQG
+pLYRG/j4tEkcniu3KqmITAQQEQIADAUCO96rcgUDAFMOgAAKCRDjPKcIjmJ+pPM4
+AKD2l/j2XkSV7If4J7Vr2qK2GNPw9ACgxY7FrKEHy8t8/dBJK+NBhV7n2SCITAQQ
+EQIADAUCPY6TfwWDAICXJwAKCRAAUOX6oWT9DUZMAJ0ZTxGE8x1MAEZBxwWqJqrs
+SFsyRwCeOiIx4wCHuLhprrpCHfcKUz5AEn6ITAQQEQIADAUCPbnlVQWDAFVFUQAK
+CRAZUZWL/wBnRwQSAKCAzuiSsLqv5wz/DzCpE75zZOUAdQCdHKtHbuDS1KUv2LGh
+mUxoAHlfzNOITAQQEQIADAUCPlvZdQWDAZW4NAAKCRDaU4KRKI89jrDlAJ4/d8HB
+RrGOeKp0WZe2SV3QtlB4QQCgnHAcC5ZZBgP7kUKPmMFWj6Et1waITAQQEQIADAUC
+PpHkAgWDAV+tpwAKCRDKVrvTQrehyqKmAJ9ZVoLBRYdx0k6qmvdNLPcfjCoflwCc
+DnAP7Iv3E1ZvDYjTMv8TzbprCQSITAQQEQIADAUCPtSrKgUDAeKFAAAKCRCuCLj1
+B9x6fncZAJ0YvhJJEXXd7InRv7zmbQJDNYXt9wCgwVs69iDWOZd7w+HCx1ATOxe7
+5BCITAQREQIADAUCPhC4NwWDAeDZcgAKCRByG62+aRFQJHOfAKCdS0+8OHL25Q3F
+fVubvmgWNWFjIwCg317DNzRpf4Q9+47MI5G2dqXpTeaITAQSEQIADAUCPXN9XgWD
+AJutSAAKCRBNj+1jRDFgA2QCAJ47vI/6RoVP8Ft1FBEg9BoufYjTHACgq2xCtE+t
+517ScNWOaLEuLTFrG1OITAQSEQIADAUCPcHdAAWDAE1NpgAKCRD7uVmij+pODRne
+AJsFZABV8zGyfY2tqiF7hFvNqJSDawCfXd0TaLK3f6w1ZLSUXubjqv+4FfyITAQS
+EQIADAUCPiXheAWDAcuwMQAKCRDk5U0RmgzamXdiAJ9FrLzU1iosekYj4lhyD4aG
+yujd3wCeNzhz44vmT5Bf8ZH9C5NSuJfOcc2ITAQSEQIADAUCPiXi6QWDAcuuwAAK
+CRCTzKj2+Q404rd7AJ9Ga2K/WEXdoQVGCRi8UvaTJPLQfwCdFvcVVpXBmkByTUuU
+F2mKSOTzdbmITAQSEQIADAUCP2mklAWDAIftFQAKCRD9EXAI2MiHX1NTAJ9FwxVt
+4ni2lZy4X1tslTEdP/JMWgCff7VETWUoJ21ehXIyecEJ+hIQTLWITAQTEQIADAUC
+PaGNQQWDAG2dZQAKCRCL2C5vMLlLXPckAJ4vTZrQma+f2OEkDj1l2RrkfHc6IACg
+hd0OG8Kz31yfPwtRDg//FC/3XXSITAQTEQIADAUCPb6/NAWDAFBrcgAKCRAJHm/E
+FCxT9N4hAJ9w972dsHdayzDxXM2PgSiuLibQ2QCeKp/SJztgiHxIb5fLWBfkJW5Y
+GqGITAQTEQIADAUCPdEXBAWDAD4TogAKCRBFaHG18acrUoTiAJ9O2kYrMui5yUwd
+AS942rjUN3UScgCfeE3ZFp8sMlAPm56JKeXYy8+1tfCITAQTEQIADAUCPdpsbwWD
+ADS+NwAKCRD7jyVk9dpr49bLAKDo1adhDf4/NoSC8vdnniAV9ZvpZwCgh9pv0BD7
+gObIIocl1WS2dEiHKIOJAHUDBTA4ny05OyKrYzxvKPEBAYDhAwCRGhZyddRiZTKU
+iJMU+JFNQ6VyRnPsOb4V/MY6o05ZGwktQHq8jNhRs/8Dyg4x7Rve2G6bZnooK8eW
+WfTv8KferE2KSoipPd2EcszzrSeBoWoTEePCwbumJx6aSZ8QsoOI3gQQFAMABgUC
+PnNvCAAKCRD/YM2ca4P1c1V3Av9ahxx12+OfQS3/1LcSvkbw7m8VF1z4/L1SxJNd
+xIUeKSdJabPMokhfrIbdTpGKS2HxL8P0OxY4EcyfI1P2nYEM5mCOTIUTkIRXOJFL
+r7uqH2fwt1H+XzDnqb8zK/vjDFkDAKveP0k1IUTXXsCZb98qKJWWQiTSwOuVPaTK
+go0YD0Of40nHTudnGYtckRFHvHw9ZWxxjazy7MOJwKwUum3NK5j+QIm071E1+yeU
+De3Pl4m6VrYyG4EB/Cn+rZYFcqLFR4kBFQMFEDbWahiOXwMHK6ndaQEBnS0H/2/m
+Q4p2HuvANo8cUvG8bt+WwPxc68wz8sfS4DGyZR5tdjAhFYPOJmoOYUemfNO3kszu
+fJo8mOCB9IKaUsq3HlmAiBcz0PtavA9GBxeDdIdu4ptdN6JJBE/yCgx4AOVAV36x
+fyXjSbAoX2SVBdHv/TYJP4szkD8qdcziapDVyMUuILCHHYb5GzHg8QNMOgEvdbow
+T+nEjOfQ0m6Gn2gNW8q5aYq3Ao9ZIdGPwJHno4HF5kb6w8rdTJIz9kR0QvSIRm+B
+hHCl/+3y+dLz8uL8zql6boWfAtqVDC/+8wUVC8GIcmpEnVXGx0dUMxtqnUs7sDZA
+aCE+R4OcA3iPIKypdW2JARUDBRA32QNkTcMRMTj+5sMBAcoRB/9s20z4l7mn39Nl
+4+0KkiMI6NDuO7IMTR27lDCQe6bw9KvIP0/o19LsegotepuNmjlI6dueBt90Teu/
+QXY4hxuOwzq4nE73S6vblraoPoq0KLCXp/ntKSLBU35o9cwNRvK62wA6lQhM+EqY
+mwywecFw4VXamkd7ALXiAGbYtcaE4hXNdiq2q5C5/gWllLbwW4vd27A/skkxP5CH
+nghi1vSBB6JPHYndUDFlzTNlbs0nSkqMWoriTpLmdgLotBwHRMnGOX4TqiKOAf67
+cRqXQVwQQsTYvlUWqtAlp9dwYiCNgbzTpgp/O/UfPajMbo9dF90Z0UCB4I+JoP1+
+854uvOBTiQFfAwUQNaIeQwNvEbj/PqoLEANjMgUdHoj1KL2DM9A1FwWzbOetOnml
+XkyTp/VqpGBnEvcTipRnfF49CHACjd9LLeQLAuYUaq/Nq61IwefwrlXW75PkJIeo
+sVgqqPkUa24H/HCgoNcfpQ4/T6Xkg/wfVFOOZ7cWGpqF5z7M8bc1Pnu9zZG7a3o+
+a4DCvLYEy5IUwGzvDNeTILcNsjngxX4go+Mcw5GK8ry4jyOadr2F01XIGJ8KTUZz
+GQcFIIW9TzEl4+wD9D//MJ6W+uesiIx9jgJBOYrOR70xLNsBlAhF12CsYCyJfW0T
+xndgx3yUOm66MctUR1Zmjqzng4m7Kceu0UU5t1qm7S4itP50RdIBIxRsS40Isvdo
+KesS0YkLDEHZM9C8IK9HYErOiXowZbED6eZ115CJvav4Zegpct2cdymwCMDuWReT
+cgXInswsUrq4OuMZsYmzYUpJ25SNL8hviQGcBBABAwAGBQI+pMTzAAoJECvQVSqb
+AePAAS8L+gNgrZp/r7mrZd6bUAsSpCL5FyfYhrQ9ZW7YjN+b8JKRsD7TRbxx6u19
+Ho3A0uSzXUfYeq2nj6rCG9UiI0r6fHRGrIonngq6TtjN+fhn3meGufDgbcweOsZW
+pyKcDB2oPiZdYBeMJMW/I8/yRoqOfQ/YiKDmFl1hUmSVAMuzzsXxmOaI0zbmph7+
+sSNhTm/bI+98YdRdppkWvT/m5sTtvBHOsG6n7HYT8d88bsZsPjWPqMTSKym4OW63
+pK+jV6tooQKGZ2CsPrTMG5jlNoH2YD7G+V/caMeoZiYimKvwTng9YtmbyCSOGxAq
+HhEjXGjxrRJW4TWcVjjgfHq6AuL7/019hNkrnHVoGmb4C9MZFuimszCC1k27yKzV
+NczOUDm/aAiZU5u19ZXShEgYfo+QgLdChUitzBfYS3GWmoG0YWjB8wFrJW0sBZHM
+efJ+j7aAcIxHd2/GqE/PaHDRysTdvtKzqEJQSs93o+/NbVFMEAEupcPjoIZJJlHe
+appx8Yehi4kCIgQQAQIADAUCPfGs5gUDAgIpAAAKCRDnOTJpHFO3NcpTD/96V7Vd
+NkUzrYz6N2ScclZ5euCb891NGgqBwE2R0/lj2MQIoWIjZ6DxgFu+kRfxOfPQkanG
+FR905abzQTbsK3KFJ3LIjrtl+MYpJ0tlHFcQXU2TBPPbN4aksfmldTvSmF8e3WMe
+OREDpYGcBetIJ0l/wB+sgD/j5KbLR0IRL9ZYV0g8p4/iCzEAY/EJEs6L4dv5xMIw
+w3bIOIgkuawm0dTNebOVSIqkzEd1H19NFUIgB4tzoZm8DIFSHpMQ6SkJaWMOLSw6
+v/zJzPhEaRWIn6vbfPBl68FNy2WVosYZ0Cw8Gg0T1W4n2zpY6vkujTm7AlbQknm6
+qGcVdqfJ2Xf3p2Mvf/pQVO/sHDFusydvnGthvA9Qu1BNIDAl3GtMptTSOh+dOzJV
+pCTGMQuk3Ugn51RICishdrj0uMFovHKc8zEbbfOqbWBw4M3iNDDZsWgzPUdy3YUT
+7O1v7onHMzeXIj76esPvnuz68Jm/86dNwy7j0n1n2FuUbuS7ySPJcXuCXhrmnLZU
+KyS3gOtZNS/lRNg+NUkrPOfT3Kk6Z8Y4IqVmMSs7navvCyvRH5SKV5qLiZjxD0Hx
+m4RWZArBx/8q+UDzeblMnZp8US1NzoaZ4T0TrB9eZqj8Z6qY5Dve0ZqXZ3YZcydk
+3d54LbLiIuYcU8E7lf0ZEPbGdCcP9R+AdHUfxYhiBBMRAgAiBQI+ByOpAhsDBQkK
+T3OLBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRBot6uJV1SNzYxsAJ4rb1r863a43/mP
+DDcPiR+8yg4lSACgiCcqI1R3pYnImfAzFNg8XdC2mWCYjgRDt/rHAQQA0JkZeitc
+yQMqk2xGd/5mGoc4+YNwQo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j
+1oPckAhOgRPaOvaEZhYUTF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOm
+ygGBkLFuXvHRW1i6SNz28iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChk
+aXN0IHNpZykgPGRkOWpuQGdudS5vcmc+iLwEEwECACYFAkO3+sgCGwMFCQWjmoAG
+CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBTtiDQHODGMHmjBACHQw7SS5DuEzoA
+qPxgrhtEZqkcGZ4ieJp6v1jq/BeASt8NRyLsFRBPFegUVOAocfMHPf1vN5K3JCBO
+bmmUZo4QlwlrIivTsNp4G1wL90yhVQmzDJsowW0/t9TPTk9EqMKG/GtbOF79ifoE
+CY8X7pjFCjZb3yvOrRMdLnAomNeYfIhGBBARAgAGBQJDuBFDAAoJEF3iSZZbA1ii
+keYAn3YojYxnY/f5jGq4lOHJ7kpmj0CJAJ4/s1vX/WdjNCtq/oJXRAthMNsk5Yi8
+BBMBAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAk0tjLcFCQpUTmEACgkQ
+U7Yg0BzgxjDweAP9FNQyUfS25FrgbPCqOiiaCizFSOomDSQYQLZt3cVnlMQNenmA
+1lv2/S5OSp47UlrhjnqmuzArF55Mh5DvPChPSHDN5hZ4XxTdqmoHf50XIZfTD7HT
+oH/7oO4+9gJb9lfLNvEddB0438Mknv6Jl1sCt6p/KLujeyA/hMAle4tntruIRQQS
+EQIABgUCSbck/AAKCRB6g68zSpHCI7xEAJd68iLV4rDbwr0chJq+lySiY6nDAJ4v
+4mEy03yfuszGh7qUpD+7WRVh6YhGBBARAgAGBQJEEKI8AAoJEOrUtZD2iZvAcC0A
+nR48vuK105OUB/gljGVRWOwKKDDxAJ4lFTTZucNu9zDFI9QLLFAF5XRsr4hGBBAR
+AgAGBQJEGaT+AAoJENy+GP+gNVO89E0An14m/XCFrqbUabJ/gtDJu8KsZpgaAJ0d
+b8RXlb1kB4ElbOwDCdStZ5J6kIhGBBARAgAGBQJEMRhDAAoJEPp0OhEyNeweuR0A
+nAkrWld9wA/ornprKNsvEDU98F6AAJ98eu1rKJicBf8D/VXfXwVM4ejINohGBBAR
+AgAGBQJEXAlfAAoJEIvYLm8wuUtcDxIAn3U5i6FhiXf+pZYJD8lJUpf70fVvAJ9A
+EjuX11LMdK2RM4CxCGwDFCMsmYhGBBARAgAGBQJEtdrdAAoJEN02qG8eES5CrGsA
+n2NhSBWOKu83V/5LlgGPgY6WNFzoAJ9neioWg6833jJJQRT9x8SodZGDSYhGBBAR
+AgAGBQJE2X9FAAoJEPND4G7iyk1N5GwAn2b994OPe/zIQ8cLQbrO+pPPQwxOAJ9G
+n8oj2AYA3WNcQXBrtXChD+vZqohGBBARAgAGBQJE5IT9AAoJEHoukft4hdr8VucA
+n0lJESihyGWpXXXEQt13Yt7yYtPkAJ9pbWxehQOfiKiz7ZjUAPsdNW2rnohGBBAR
+AgAGBQJFYsVaAAoJEGoH/3a3ETQqbOsAn04S64jLlb6c/OorO8TOBIhhJhwyAJsE
+b9J9pppvckGGqqjN9oX/kwlx4YhGBBARAgAGBQJGC/OtAAoJEEHjLoH+PeyjXs8A
+n1+Tpm7p7875jYBg+euVl8jXGoWPAKCFfZFv5XvROY+3AU5QRJz1Mri6O4hGBBAR
+AgAGBQJGLCLHAAoJEDh20JkvJmXHHrYAn0WdONAvJ33Vgah2tun0EYInndl4AJ97
+Smy5BOYw6fa4Iaiio1uMf/y7pohGBBARAgAGBQJGR4/QAAoJEHPedZ04FvgejGsA
+njxdist7NM0yvl34ODmFOZnb1JNIAJ0SLeAVvSjC/1Hg3YjfhhAO6YFTBYhGBBAR
+AgAGBQJGY7zgAAoJENvFfNTA3tE+Qz0AnRk2uQXo/haP+lqqj1UwX/Nq+QmnAJ4l
+MbMXNAmAeOb7DonUKG3iJdvX74hGBBARAgAGBQJGxxVzAAoJEMGwkYNMNfLxOgkA
+n028vHcViImyBNrQV6Lr3saZVpjWAKC+DKL+Odj9L7vYdRCQY451xr3XBohGBBAR
+AgAGBQJG2etnAAoJEER/ubp4xB4W/UAAoMjNt1n+YeyFhU7SaPKoImoaww9zAKCS
+yg8Q/cB3NaCTtBjq4wBblCfyIYhGBBARAgAGBQJHOPrjAAoJENN5RIu0G9UYdQIA
+oMLmfR0YLdnMMBsytZDOe8VLPq0OAJ0baIPok8oocBF21YQQ8rQW2q4Lx4hGBBAR
+AgAGBQJHa/uEAAoJEPMtmeh4XZf/DJcAnRfuW7vdokyFZB+nhwzrogmTs128AKCV
+ZEqkkTzAvNyBWs3UJDJqUK9J4IhGBBARAgAGBQJHyuhpAAoJEC+V5jcsCHwE6zAA
+oLpvjpJ+rSbFL9WBBj1BxpE8PTG8AJwKeejDAhB2mF09t7xl9l9XWmi0SIhGBBAR
+AgAGBQJIiJr+AAoJEK4ssXKaMdD8wesAoITzObAud95RT1iNZWLYs770NoPaAJ4q
+KZ7c7xYgYZWgW37tRcuAQCbbPohGBBARAgAGBQJJfD8aAAoJELRKND+o8jtmELoA
+n0DlIk3p0MmvaIpc1td4kF1sR2iBAJ4yNeitHdiZqza2D4ofU2iKdpkpD4hGBBAR
+AgAGBQJJ29KFAAoJEHpypWRbAALMC3MAoIVYRfr4iEbUUlrFlk0vfj/68XqEAJ45
+XKKQScBkUVlMJFXmFqQDwBw+MohGBBARAgAGBQJLFlXeAAoJEKvqaIabeVg7g5oA
+oK5NVBbYglaAvS5tGD+8Z1pVTyiIAJ9j4M8IhJO1BXpv/LJAjRVOnBphNYhGBBAR
+AgAGBQJLFpRrAAoJEJ5qTepyp8YIh7wAoJFnxenv1Uh1bkbgFgtIFA03qFagAJ4g
+hqPcEKRixnUVKEymhc997ie89IhGBBIRAgAGBQJEbLVvAAoJEHLf4d6IeHGY9b8A
+n3znJne6eSRQNb7SqMiSo1IAhTKAAKC3K/XvWIbliV9VkLxoKRMUPYBd4IhGBBIR
+AgAGBQJEnt1gAAoJEN2HT5zCsdXjEA8AoIAY+tW7eYMsv+ZbK849mS5BlSuaAKCp
+qtbbGoUi3YsqG6FoQqTjSA0hrYhGBBIRAgAGBQJKHn/QAAoJEEVlvxDJOREPbCUA
+oJUCHfSsOdcV9BB1Zx/lL8FRw/4qAJ47OdWpJh76UAW5ZDlZOfCxYiFzDohGBBMR
+AgAGBQJHfTl8AAoJEPbbjicERYS1jXQAmgOdd34SpnEyr3OPZ+FFqKvkYAePAJsF
+QlldKLe6BewWPGAUHftHxFNgGohGBBMRAgAGBQJLEcUmAAoJEKvqaIabeVg7O0oA
+nA9TnICzrJrYis3NLKpG6X1BSsWTAJ0boP7V4z1wsQq3/F7rI3evdG3swohKBBAR
+AgAKBQJIIvEmAwUBPAAKCRCEaROH9mEvTsbgAKCQQ8RE/XyO04KTqatHLQWY7q1a
+uQCfZ8bel9qoAUytMddC0gkL6RMphaKITAQQEQIADAUCRBdRSQWDBURD/gAKCRBp
+CnQ6XgPXFtw1AKCuaU6wFrCRBSaRNPhxECSbzB7laACggaDhWabhi/lY1nwiuerM
+K0oeTTSITAQQEQIADAUCRpIwLAWDAsllGwAKCRCsiUn+i1aPamfWAKCuICjDGwQP
+Eg01nUmcBJEId9KFDACgjlP9jCriwgkDyimOSSsUJO2GfIiITAQQEQIADAUCRpQV
+aAWDAsd/3wAKCRDNoCSovv1covz0AJkBXVQ4MO0miIt3THZrVo0Em/nWJwCdGbHq
+eo99qbMKAbFogLrnYE31EDaIcgQwEQIAMgUCROsRFCsdAFNpZ25lZCBrZXkgd2l0
+aG91dCBpbi1wZXJzb24gdmVyaWZpY2F0aW9uAAoJEHoukft4hdr87ksAn1gSW+at
+u5/MyQO9t4sPLsqFAshPAJ97JjH8nyxc5xy0b4hD+c2d2dNwy4i8BBMBAgAmAhsD
+BgsJCAcDAgQVAggDBBYCAwECHgECF4AFAklnOV8FCQeFMi0ACgkQU7Yg0BzgxjDr
+pAQApSWcftx5Qbf/yPzf/0FE43Qvsl84XA/H1SRyDF+JQSk3l0Om77QGQvNf8XYU
+G3u+p5FvDFQEkjOcYcRn4xJUygfnqACd6lyYNU5pvnngsCmCLogwvPSeLPUBKtap
+k6jDtAXpaCfllW5D8HOUfrE+bLAS1Dvfy6A6Hkhofe2z8zmJARwEEAECAAYFAkSF
+/hUACgkQJklzsP0Eoya7PQgAiaW0PO4syCYLMOv6z+ou6Zmt9XYw+okm4zr4Lc7x
+zcNY+qpwjwZ2lcoIXEGVOI6buFcQOU+qYmQ5JFbH8jtBaBY76aUCPQQmKJzGIyJV
+iy9K310Q9b39rjCm+YLWbNG1qbqX4aJSCJLCF5C6G9IzQRGhtEWMJ3nr3nsRXkyp
+NNg40tt9f87wjQo0yd4hQ5VRFPMEH7THCTW+iFH9b9//ZkK7Cdx6poCfWmZE8AYY
+hbVOv1czF8JsRfnt1mS1YSEx95PhmV40nBqK6lzfH5hUVSVs8uaGiXkvvRMAPJJQ
+eZ/LAmoa0VjV3dGLIXSnmpGmivm3al+UFsak7kmBr+vSD4kBHAQQAQIABgUCSFT7
+LQAKCRAi/Cu2xWn//mt6CACpEPXUi6ylZNt70Xe8nN0/aHFtAP6Y8Hcd9hWiFThr
+2xW2jI1Slrc0TMgt93RdVtyVMM3kj9C0zjMo7UaJhRTAz0myFDnApTuQS/XFTJUP
+M4rdiUx6zwq20Xlm+06093JBdcPp6N7mjstspJVwchdTqf1Ny7m4loC+rro152n7
+ACycLUDnC6cD/od2qBGYaiB25Sylz/8k80SZ/9Y9sBqMqi//BGId+HnhPrYc9ny8
+S4b2K/UguASOGxrrK148TpwqVpKDvzPaKobHnE7BGhU3LDtYt1U1U1qyfVWktuq6
+6pnzuSq4bSc0oqPhWEOd/NMNDMXiwLmHeonJARoEfgKKiQEcBBIBAgAGBQJIYSe6
+AAoJEIISGkVDGUEO7u4H/25Gp9ysKV3Ub2/JocPgydmD+AVD0YGHwGoLqz6tc1Mb
+6QNB7ovyihL+D3drhz0XOhWeosZUIY8qftEfeo16nzxqIgSpTJYI+kRosRm+9xc+
+V+M9JAcALWHl/aymyF/KoiNQvJwlwnLJixs+f0p5ZaCBEbSGEI1G2lq6omJYNYrr
+V9KhLx0LUdUCsemcV+vMR+lGoXeBdZRRCAIZuu0EAB+7vdxcEcDSMOYzdnUtHWl0
+mkgfG4uVdQqqTOLxn8Isz3MhDGYkFV1auAlxlV75eMhNi0YJ6DUnzFzyJ4YlugM+
+hX3HMWQh2OvUSxkweFBQ7J7hAOsgwyjPtZ1HwOdGJu2JAhwEEAEKAAYFAksgE8QA
+CgkQIa6nCWeyIM5UzBAAyQNUkUjjxrSu4EYacRGI+1vPb+Q6HJDaQct6xrujMAzJ
+4Jt7CvtkFKGmgx/DlqiEE5c8rJjsZ0QUPWCWlOvamr3p9UpBHgUuuN0OXx9y8mge
+kj3D/Ch6dv2VUezqKDDEMsdSoEfj886pjHhWpEoV2W5P+ihF1FmRcEbKbZb3gs3y
+s66PxjqafNXjTVc4U1hGB9jc1SnomvmsE3ps6T3yJQVpLha9SPxs6Bxa5RWIR4Os
+LKfAI39uh5ikv/tSokz2GQj0hE6JrYY+46oyJWP2SfTzxlGjUtGSyP8DtZghUPuh
+AidSl0p0SHATjWnXjTEMMO1DuytF7mnxQxlocm4/gGdC+yLeg2QqQLwKq7i/L/pu
+GRWlYyV3yNG5odxHEURr4FpFulUmjsEoo4FPZA8OeSfmXJBKna7c4OIm0WxljDme
+84VpLS6LdPhu+xnqU77LuOO4x+5Y2lToZfqZHabOdFNY1TDQmlN+CLyZg/AE3g+t
+zOFE65tRPgUzQO6lFXws3/vv3OyyK/BxBZs9L3xw46A4tMlkbNpdlqQ0xLzD+a0f
+M2zxzU81YSRw1lsQnT5sdQUWaqenvVgmh3DKmaBxFu2K84SiETa5OoLI7CdW3kcW
+QVJhahKwN6zrjU+cTGARB24T2/jT66EtLegWka3+wF6gmixHLc2L783KPj2u45iJ
+AhwEEgECAAYFAkSUEEkACgkQ2MIKCVokV8864A//Y8RQB8EOcV6bYBnz8c0rARfb
+5M+kdXdmYe5LLE7uI0M+UBCNemmFvhuxQROx1hudouNnQeKAAiAjd/I7QSH+1Hgk
+IBbQjXKlK+3pxtD4+gDTdkTRxfOg+gDlFRTX9IKAPRw6c1LRoHZlAvCq1vc8A26/
+5F/FGxza3UGWdtrdLfP/KeD35jZbCKh2zPreWp7DBcYNDEUmap4w56PGqwsP/ajG
+sDKJXa3yh1bznEA7rlJYOpbFWXAhwCdP560TubXi0lLYFTWCOXa+nh5HQuS9Vkrk
+NipKTpG8RUReiu2aJgy5tRQf7D2FcDRoScn5FSQ7iZbM8RhlN/Ex/gWwMjAyapdm
+Mj1DTfxHLpJnI0+TKPT0VTsbn8uz7Zjg3jQIE2DCJqUwLuxz7HfPc3O9uM0q4LyH
+2PV8NsBd8iGXenZUPTvKdnxhBEBeDSaYN/9CaqmCcJKb2TnhYRdScvdGV+izh1X8
+mLz54LWq/aOzZXIqUWV9rIvv7Wd6KZS+L43uxhgWVBwVOeje9dLoULkuIpTgJzDg
+1wkJDDidTJpYTAZcejtI2N8+pCDlKnPDhOLFdZ07JbxlZ5OB4br/hzaGjJ2ZgbSQ
+z7q0Dl7xXRBPnLVAggN2ytfHrEA3+PdGcx2e2j9Tkm+Ykb9yPGPWtXSyNQ7SId01
+nnWq3tt3+Z3bLiLYYl6JAhwEEgECAAYFAksRhi8ACgkQmZMeJdkeASx1sQ/+OUE6
+xCuZURsx9kRcJI1v04nlGq52/fwWlgi2JrXKe5dLH9HAI/CIkudJ39Dteg2cXmvo
+++DXvecit7sqoLAbeTRnDlp5yGibcEMagBDEqxEFLfgTd17K7LFC58TD0QKIATXH
+sAL4bb+DBY4IlUDIjcuXDFiU6ZLkoCnBelV+tICdoUHtg4jh1yJVYxm+AXdueHdH
+PV8aEj/5ImDk+hzg++YwHMhejDjXLGUUqplTBP1gXuewjyHv5ua6x96PMCm+zux9
+WW9Qqv6yo6rvgkCLFYaAU/vYvvmQtUBUDFEk3SEq60gBJ1iqYuXKvg4RXfx8PesU
+SMwOSMukQn9cuKwAy/hgbajyZGPignrBzub9Xl7WK6UUIt0XcLkbyDk+mPBb7Gb/
+u+NsVPSdunSv7wRfkizMZtV/SqU/eMmUK+jPrpj9rW2zJ7pze+PGGl+g149r2z7Z
+4ZKkJ2i6hb36ytF8fD4518oTYePyn1FDTzRPb0JQIZs8hkIfv4gRtm4wgGkIqaaY
+NG2ZPAm4A5tTfwRO3qiqA99PPYRb3wiUeGqALzUR/wEkVvovpsFEjr+AGQskA2u3
+3FhahyogNREyySaLKLj9WcVJ1p+zFSNdQMzylSWRSq6/Yjf283KWUJudA24BKJEn
+LG4Glyt+5XNdgvu68/Tq1fyO+L0m1EyQ5ypvT+yZAQ0ETS2LgQEIAKoa0qVf2Mj9
+6eGUF3LZzJA/pDsmjLG1obr9yQApYdiuoVNCTchR7xO4OsZPvjZcWdwb0+gwF8kN
+Q2W0g+AoWfwT21hCoA6WlIDbls5vfRwDYAOSuOCO8MAfxxn5+QhrJa05tPHCot8+
+K+MXEQz/8h1KEUVVCP5AeZdgEmCBbIQiKXwGN7spHDoHm5yzipLOnlUfgKoOv08O
+csPyUEYeTTHyOnCHhX/IQ4MkoBNjRWPTTv3cvy6oDflmLJzNS+8lIti9/tJM73jc
+azCTF0B+rFdtiJ+IraCMT/tICYH7aMXGyidQM4HUEBjmzcUqquRrFmvcEGN64Yag
+K6JJf9xdEiEAEQEAAbQWV2VybmVyIEtvY2ggKGRpc3Qgc2lnKYkBPgQTAQIAKAUC
+TS2LgQIbAwUJEN2fAgYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQJJs50k8l
+47Y+UwgAnE+0Vd/nKjM+kWNFtKRJ2OyT16u7TmyEpk4ArDdFR49NTzRJEs92DgAf
+6+SbUkxYUWnC8eWB/GqcT2unXejsv/hTA1TCofznMLC7tIfP1xfd3hRTDNw/qpA/
+gFAQf3/GWlBL15Mr1vZEzKCCrB38nybGO+hbMvwqV//CXqNcef/I/3bEb39gDzqU
+04vU3f8+GVnMu4npt0P1bOwSn/6SHdQN+OQis5xaSrC6kH53TVHhsc+7229fLxe6
+3xKiTbOS7bFWQQ6xXZNcdvC4c7YAYLmlYNfrCAITgXld4IH/Si9qjb9uTbbDVPHM
+/o8zGjqwuSZoXoPR+uEzZuXgL+5KyoicBBABAgAGBQJNLY0EAAoJEFO2INAc4MYw
+Rk8EAIuasyOnCbJW8jpfk3g2VZy1dBZj7g4PHaI70K1Qz8X3piI8WWaDCwlTPJcv
+AAtiT6yGHzdONAt+N7GiHNLU7TsMJlTLsuxv1HsdtgnVh/9BwTKRuIBbjrkJlvUE
+A4xHYdQ4MFNoAFqJ1+eGZTMm1rLPtjQopEcDH5VVLqR+ewWriFYEEBEIAAYFAk0t
+xTcACgkQ8q2FrB5Cs2crBADfd33fB14XGfyl3Dtm4cfEUfLCcYXWNaMy+ZmmggDf
+c8hyceGA2XcPThQ7N613oi+cHzO4XC8o1tooDrkBDQRNLYuBAQgAofC5yBtpGPRX
+se3QWczpGZurBnsgVXaVH5g3WCRlpZFEJomg8RkUqGE8QFfVsNXCv+JM9o88S2mL
+uhCgeTrnJ4uuG06Zdek1WRX/lZCMAkitaf4lDfP9l6PEdQuHMqwaDkULqlFhwTLN
+Fce2/gE72QEgo1WKtmMSRAbgGcitCCXp7ZgVrjsY0ypxAfucl3AbVwZA5k4gNBAz
+jWAHPChKtK0wDoOMeS6QV6Ap9xJtIsCsG1g0DBPCZbtGo4wQnCWjT41jHZifvnHr
+ptjB2Ww/QUs6B7P878jGg9HFevSXh766Pp0Ueq8GLTh3Homw+ZcTJ4DIuIJZKHtH
+Cry4iEFQFQARAQABiQElBBgBAgAPBQJNLYuBAhsgBQkQ3Z8CAAoJECSbOdJPJeO2
+uxIIAJE2B8aQPQ6o6LBijX/4rJaetAu6xW9Jg7DyE3rqB5TcE7yJDQqjL6bRApjW
+RaNofB7CmDxl5tjgTawds0gL1KnKLLPb2wAnaKe9/j/gx6lOCnE2LDj5ebKQKQ3U
+B9WG8xNBczNFs7lnBG0+mOwyvWPm9fWzpTf9HFIAi2kCQK7UYZNM4fSvXY5yFz+6
+b5AYDI7pZSP8iJnUxfu2hdbRIKjwNKXzPlDsqYlYXpNAsrUuS7hshUbUe7CjX/RY
+dza8Jp3kHEeOCjLxOwotOa9hBla2eNa9AZXZQ4AFhZxpy61ldBDY88IhjsuWm5L/
+jkJdZtPlj6bFjfLt1vPhoX7y7IKInAQQAQIABgUCTS2NBAAKCRBTtiDQHODGMEZP
+BACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2iO9CtUM/F96YiPFlmgwsJUzyXLwAL
+Yk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7HbYJ1Yf/QcEykbiAW465CZb1BAOM
+R2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+VVS6kfnsFqw==
+=CxwV
 -----END PGP PUBLIC KEY BLOCK-----
+
+
+
+
+ CC-BY-SA 3.0
+ These web pages are + Copyright 1998--2014 The GnuPG Project¹ + and licensed under a + Creative Commons Attribution-ShareAlike 3.0 Unported License. See + copying for details. +
+
+ + diff --git a/gpg2.spec b/gpg2.spec index f61cc28..67afee4 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.0.22 +Version: 2.0.23 Release: 0 BuildRequires: automake >= 1.10 BuildRequires: expect @@ -55,9 +55,9 @@ License: GPL-3.0+ Group: Productivity/Networking/Security Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig +Source3: https://www.gnupg.org/signature_key.html#/%{name}.keyring Patch1: gnupg-2.0.18-tmpdir.diff Patch2: gnupg-2.0.4-install_tools.diff -Patch3: gnupg-2.0.9-RSA_ES.patch Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch @@ -78,7 +78,6 @@ gpg-agent, and a keybox library. %setup -q -n gnupg-%version %patch1 -p1 %patch2 -%patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 @@ -108,6 +107,7 @@ export LDFLAGS=-pie --enable-ldap \ --enable-gpgsm=yes \ --enable-gpg \ + --enable-gpgtar \ --with-gnu-ld make %{?_smp_mflags} From d8460bfa6b8f2f1c85c84a1b891720c157c8cbad7c14b4be83851ff6477becaa Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Wed, 25 Jun 2014 19:19:59 +0000 Subject: [PATCH 069/156] Accepting request 238560 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/238560 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=77 --- gnupg-2.0.23.tar.bz2 | 3 --- gnupg-2.0.23.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.24.tar.bz2 | 3 +++ gnupg-2.0.24.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 18 ++++++++++++++++++ gpg2.keyring | 2 +- gpg2.spec | 2 +- 7 files changed, 23 insertions(+), 5 deletions(-) delete mode 100644 gnupg-2.0.23.tar.bz2 delete mode 100644 gnupg-2.0.23.tar.bz2.sig create mode 100644 gnupg-2.0.24.tar.bz2 create mode 100644 gnupg-2.0.24.tar.bz2.sig diff --git a/gnupg-2.0.23.tar.bz2 b/gnupg-2.0.23.tar.bz2 deleted file mode 100644 index ac01421..0000000 --- a/gnupg-2.0.23.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cf196b8056eafb4236f000a3e12543e0022a1fec4d6edff1b91b48936c109841 -size 4297195 diff --git a/gnupg-2.0.23.tar.bz2.sig b/gnupg-2.0.23.tar.bz2.sig deleted file mode 100644 index 45a9c3c831c7d27f3d8472d8f7f6cd6b79c5aba70906be440564c86967311fd0..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-rzjXwYi2@oWkInqxh|P2m1%VQR!}~{t{dJ8OCt? z!+y&qktLo-=t*tL@z7WXFgL;CPDauqC?9PJIc$!J1s|EL3lJFjo|`RcEWDLqS>)k& z9@ER11~b(s-Hhy+?A^VYr;8x4G(>No#+(jAoZQ!NUcce-G3t-=VoeYeQp;)nrHDf3 z+G2CajO>0_WA3^dvbUN?&1#8PFR7e9KLB_CL90Fvv5SHoJZ}TYl?E)Ju8yxwfuDBS zcAT<#s86!-IkhR8y$DqoxA-i6m7>aynok>q)yxw}8xjxSnjk*aGg7>@+NLc}Se8&- lFfZkvv2UQS;FybNRhf!8A4zmF4}-x7z)^;q0>a3E+dl63hGYN$ diff --git a/gnupg-2.0.24.tar.bz2 b/gnupg-2.0.24.tar.bz2 new file mode 100644 index 0000000..f48264a --- /dev/null +++ b/gnupg-2.0.24.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d974a1d86c9470571411346368416d96200ef9510028763c1303cd66e3820232 +size 4301922 diff --git a/gnupg-2.0.24.tar.bz2.sig b/gnupg-2.0.24.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..f7f7db646706de13db62ce2e7a48f6e3ce4d4d485a31f826ab9f015b33d899a6 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-s4fFb}22@oWkInqxhD^da03rh{GbBhSP-1>o^#3 zC|-QQ+woB#oSK3LDVMNrzINGS>pk$H_??uOcXsOn_?SZVSzxN~ai zcYhn1f!l^$%ahRlLMCB#Uz3qcpW6Q>NntkO&c_(Wqn45qCA}|f&QSDhffH-&1WW56 zrCPy*+z9K+j~k6=LjD++sSEi&^js}QHokrPa_188w7di(iDuz`^AGL;ZQ6HpX!B}_ lx*4mGiJ7lAmoi%4X8#_=x1?nEWR>itIYrFqa(!W+XlC10jQRio literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 0cc913c..ec29925 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Tue Jun 24 22:25:12 UTC 2014 - andreas.stieger@gmx.de + +- update to 2.0.24 + Contains a security fix to stop a possible DoS using garbled + compressed data packets which can be used to put gpg into an + infinite loop. [bnc#884130] [CVE-2014-4617] + * gpg: Avoid DoS due to garbled compressed data packets. +- further: + * gpg: Screen keyserver responses to avoid importing unwanted + keys from rogue servers. + * gpg: The validity of user ids is now shown by default. To + revert this add "list-options no-show-uid-validity" to gpg.conf + * gpg: Print more specific reason codes with the INV_RECP status. + * gpg: Allow loading of a cert only key to an OpenPGP card. + * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt + 1.6. + ------------------------------------------------------------------- Tue Jun 3 21:55:34 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.keyring b/gpg2.keyring index 1efb704..86dc5ba 100644 --- a/gpg2.keyring +++ b/gpg2.keyring @@ -7,7 +7,7 @@ - + diff --git a/gpg2.spec b/gpg2.spec index 67afee4..72023e3 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.0.23 +Version: 2.0.24 Release: 0 BuildRequires: automake >= 1.10 BuildRequires: expect From 98599881883c79ec0f26a4a2e76e3646598c79c80247463efafba41ff22debf8 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Tue, 8 Jul 2014 11:01:50 +0000 Subject: [PATCH 070/156] Accepting request 239236 from Base:System GnuPG 2.0.25, and a BuildRequires fix to move 13.1 fails up to the scheduler, or build with gcrypt 1.6.1 OBS-URL: https://build.opensuse.org/request/show/239236 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=78 --- gnupg-2.0.24.tar.bz2 | 3 --- gnupg-2.0.24.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.25.tar.bz2 | 3 +++ gnupg-2.0.25.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 20 ++++++++++++++++++++ gpg2.spec | 6 ++++-- 6 files changed, 27 insertions(+), 5 deletions(-) delete mode 100644 gnupg-2.0.24.tar.bz2 delete mode 100644 gnupg-2.0.24.tar.bz2.sig create mode 100644 gnupg-2.0.25.tar.bz2 create mode 100644 gnupg-2.0.25.tar.bz2.sig diff --git a/gnupg-2.0.24.tar.bz2 b/gnupg-2.0.24.tar.bz2 deleted file mode 100644 index f48264a..0000000 --- a/gnupg-2.0.24.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d974a1d86c9470571411346368416d96200ef9510028763c1303cd66e3820232 -size 4301922 diff --git a/gnupg-2.0.24.tar.bz2.sig b/gnupg-2.0.24.tar.bz2.sig deleted file mode 100644 index f7f7db646706de13db62ce2e7a48f6e3ce4d4d485a31f826ab9f015b33d899a6..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-s4fFb}22@oWkInqxhD^da03rh{GbBhSP-1>o^#3 zC|-QQ+woB#oSK3LDVMNrzINGS>pk$H_??uOcXsOn_?SZVSzxN~ai zcYhn1f!l^$%ahRlLMCB#Uz3qcpW6Q>NntkO&c_(Wqn45qCA}|f&QSDhffH-&1WW56 zrCPy*+z9K+j~k6=LjD++sSEi&^js}QHokrPa_188w7di(iDuz`^AGL;ZQ6HpX!B}_ lx*4mGiJ7lAmoi%4X8#_=x1?nEWR>itIYrFqa(!W+XlC10jQRio diff --git a/gnupg-2.0.25.tar.bz2 b/gnupg-2.0.25.tar.bz2 new file mode 100644 index 0000000..8867c49 --- /dev/null +++ b/gnupg-2.0.25.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b3abe97df096cf53d6a422ac922f3c48e688bc892b7ccf669b92f0b7fc6c5823 +size 4301689 diff --git a/gnupg-2.0.25.tar.bz2.sig b/gnupg-2.0.25.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..596495fcce315e451e73f02fd25459d4f7523f4a79aced18265b1c049dbfdba5 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-sCiKPGv2@oWkInqxhk(qwwK)cPRUgJuqC=e0PbL=*RgQ4H?JJxx#@4To{x3GAO*w`-^8B zVe7#NpOGOmSa6h;GmgRy!ea4(r57lVM!u{zc;mth`%JIcB9pAG`G0iVRES~MSFzsS zg= 1.10 BuildRequires: expect @@ -26,7 +26,9 @@ BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.0.0 BuildRequires: libbz2-devel BuildRequires: libcurl-devel >= 7.10 -BuildRequires: libgcrypt-devel >= 1.4.0 +# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG +# raising gcrypt requirement from 1.4.0 +BuildRequires: libgcrypt-devel >= 1.6.1 BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libusb-devel From 558d7dd7769794131c6285c281a089c00d4c332fde2e9c8e85197fe7aedf259e Mon Sep 17 00:00:00 2001 From: Ludwig Nussel Date: Fri, 15 Aug 2014 07:58:15 +0000 Subject: [PATCH 071/156] Accepting request 244478 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/244478 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=79 --- gnupg-2.0.25.tar.bz2 | 3 --- gnupg-2.0.25.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.26.tar.bz2 | 3 +++ gnupg-2.0.26.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 12 ++++++++++++ gpg2.spec | 5 +++-- 6 files changed, 18 insertions(+), 5 deletions(-) delete mode 100644 gnupg-2.0.25.tar.bz2 delete mode 100644 gnupg-2.0.25.tar.bz2.sig create mode 100644 gnupg-2.0.26.tar.bz2 create mode 100644 gnupg-2.0.26.tar.bz2.sig diff --git a/gnupg-2.0.25.tar.bz2 b/gnupg-2.0.25.tar.bz2 deleted file mode 100644 index 8867c49..0000000 --- a/gnupg-2.0.25.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b3abe97df096cf53d6a422ac922f3c48e688bc892b7ccf669b92f0b7fc6c5823 -size 4301689 diff --git a/gnupg-2.0.25.tar.bz2.sig b/gnupg-2.0.25.tar.bz2.sig deleted file mode 100644 index 596495fcce315e451e73f02fd25459d4f7523f4a79aced18265b1c049dbfdba5..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-sCiKPGv2@oWkInqxhk(qwwK)cPRUgJuqC=e0PbL=*RgQ4H?JJxx#@4To{x3GAO*w`-^8B zVe7#NpOGOmSa6h;GmgRy!ea4(r57lVM!u{zc;mth`%JIcB9pAG`G0iVRES~MSFzsS zg={dq$r4tnE3t7bK%U-u6iRKt*~|P{J=51l!(OF%?N!t? zU;SZk4pPT@g4aZocYA%J2b|qin$-pWGZ$d)x6aKg*(zm1;LuXsxT;LTfJh4JZkxW? z-ZweGPM?&`2x4aN|KXpbUOS3A{l>fz7q{F&!GqoEt}+u3xFGPD7r}JM7N|IE3aoE9 l1<4vdhrT+tdet%{<91&9ISB7XcprVz*yn;`ua8Xi;0XPWjBo$| literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 9542caa..6c0b64c 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Aug 12 20:19:45 UTC 2014 - andreas.stieger@gmx.de + +- update to 2.0.26: + * gpg: Fix a regression in 2.0.24 if a subkey id is given + to --recv-keys et al. + * gpg: Cap attribute packets at 16MB. + * gpgsm: Auto-create the ".gnupg" home directory in the same + way gpg does. + * scdaemon: Allow for certificates > 1024 when using PC/SC. +- remove URL from package keyring, upstream file metadata changes + ------------------------------------------------------------------- Tue Jul 1 21:05:55 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index 2566a65..ec3a2f7 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.0.25 +Version: 2.0.26 Release: 0 BuildRequires: automake >= 1.10 BuildRequires: expect @@ -57,7 +57,8 @@ License: GPL-3.0+ Group: Productivity/Networking/Security Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig -Source3: https://www.gnupg.org/signature_key.html#/%{name}.keyring +# https://www.gnupg.org/signature_key.html +Source3: %{name}.keyring Patch1: gnupg-2.0.18-tmpdir.diff Patch2: gnupg-2.0.4-install_tools.diff Patch4: gnupg-2.0.9-langinfo.patch From 140f494826ea18a6dfeda25372b2f00046ada873dc5acdafbb47df678fa396f7 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 9 Dec 2014 08:13:50 +0000 Subject: [PATCH 072/156] Accepting request 263909 from Base:System Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/263909 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=81 --- gnupg-2.0.18-files-are-digests.patch | 94 +-- gnupg-2.0.18-tmpdir.diff | 41 -- gnupg-2.0.20-automake113.diff | 13 - gnupg-2.0.26.tar.bz2 | 3 - gnupg-2.0.26.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.0.4-install_tools.diff | 23 +- gnupg-2.0.9-langinfo.patch | 10 +- ...8-openpgp_oid_to_str-buffer-overflow.patch | 77 +++ gnupg-2.1.0.tar.bz2 | 3 + gnupg-2.1.0.tar.bz2.sig | Bin 0 -> 861 bytes gnupg-add_legacy_FIPS_mode_option.patch | 24 +- gnupg-detect_FIPS_mode.patch | 43 +- gnupg-dont-fail-with-seahorse-agent.patch | 8 +- ...g-remove_development_version_warning.patch | 15 + gnupg-set_umask_before_open_outfile.patch | 35 +- gpg2.changes | 56 ++ gpg2.keyring | 616 +++--------------- gpg2.spec | 101 ++- 18 files changed, 411 insertions(+), 751 deletions(-) delete mode 100644 gnupg-2.0.18-tmpdir.diff delete mode 100644 gnupg-2.0.20-automake113.diff delete mode 100644 gnupg-2.0.26.tar.bz2 delete mode 100644 gnupg-2.0.26.tar.bz2.sig create mode 100644 gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch create mode 100644 gnupg-2.1.0.tar.bz2 create mode 100644 gnupg-2.1.0.tar.bz2.sig create mode 100644 gnupg-remove_development_version_warning.patch diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 1e9540c..15e5153 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 66 insertions(+), 5 deletions(-) -Index: gnupg-2.0.23/g10/gpg.c +Index: gnupg-2.1.0/g10/gpg.c =================================================================== ---- gnupg-2.0.23.orig/g10/gpg.c 2014-06-03 22:36:44.000000000 +0100 -+++ gnupg-2.0.23/g10/gpg.c 2014-06-03 22:36:55.000000000 +0100 -@@ -345,6 +345,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.0.orig/g10/gpg.c 2014-11-07 11:35:21.599605797 +0100 ++++ gnupg-2.1.0/g10/gpg.c 2014-11-07 16:50:14.742067262 +0100 +@@ -349,6 +349,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,35 +16,35 @@ Index: gnupg-2.0.23/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"), +@@ -733,6 +734,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), + ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), + ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"), /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2001,6 +2003,7 @@ main (int argc, char **argv) - opt.def_sig_expire="0"; - opt.def_cert_expire="0"; - set_homedir ( default_homedir () ); -+ opt.files_are_digests=0; - opt.passphrase_repeat=1; +@@ -2126,6 +2128,7 @@ main (int argc, char **argv) + opt.def_cert_expire = "0"; + set_homedir (default_homedir ()); + opt.passphrase_repeat = 1; ++ opt.files_are_digests=0; opt.emit_version = 1; /* Limit to the major number. */ -@@ -2491,6 +2494,7 @@ main (int argc, char **argv) + /* Check whether we have a config file on the command line. */ +@@ -2630,6 +2633,7 @@ main (int argc, char **argv) + opt.verify_options&=~VERIFY_SHOW_PHOTOS; + break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; - case oForceV3Sigs: opt.force_v3_sigs = 1; break; - case oNoForceV3Sigs: opt.force_v3_sigs = 0; break; + case oFilesAreDigests: opt.files_are_digests = 1; break; - case oForceV4Certs: opt.force_v4_certs = 1; break; - case oNoForceV4Certs: opt.force_v4_certs = 0; break; + case oForceMDC: opt.force_mdc = 1; break; -Index: gnupg-2.0.23/g10/options.h + case oNoForceMDC: opt.force_mdc = 0; break; +Index: gnupg-2.1.0/g10/options.h =================================================================== ---- gnupg-2.0.23.orig/g10/options.h 2014-06-03 22:36:44.000000000 +0100 -+++ gnupg-2.0.23/g10/options.h 2014-06-03 22:36:55.000000000 +0100 -@@ -198,6 +198,7 @@ struct +--- gnupg-2.1.0.orig/g10/options.h 2014-11-07 11:35:21.599605797 +0100 ++++ gnupg-2.1.0/g10/options.h 2014-11-07 16:49:59.770885017 +0100 +@@ -193,6 +193,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,24 +52,24 @@ Index: gnupg-2.0.23/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.0.23/g10/sign.c +Index: gnupg-2.1.0/g10/sign.c =================================================================== ---- gnupg-2.0.23.orig/g10/sign.c 2014-06-03 22:36:44.000000000 +0100 -+++ gnupg-2.0.23/g10/sign.c 2014-06-03 22:36:55.000000000 +0100 -@@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list - mk_notation_policy_etc (sig, NULL, sk); - } +--- gnupg-2.1.0.orig/g10/sign.c 2014-11-07 11:35:21.599605797 +0100 ++++ gnupg-2.1.0/g10/sign.c 2014-11-07 17:13:40.128218081 +0100 +@@ -703,8 +703,12 @@ write_signature_packets (SK_LIST sk_list + build_sig_subpkt_from_sig (sig); + mk_notation_policy_etc (sig, pk, NULL); -+ if (!opt.files_are_digests) { - hash_sigversion_to_magic (md, sig); - gcry_md_final (md); -+ } else if (sig->version >= 4) { -+ log_bug("files-are-digests doesn't work with v4 sigs\n"); -+ } ++ if (!opt.files_are_digests) { + hash_sigversion_to_magic (md, sig); + gcry_md_final (md); ++ } else if (sig->version >= 4) { ++ log_bug("files-are-digests doesn't work with v4 sigs\n"); ++ } - rc = do_sign( sk, sig, md, hash_for (sk) ); - gcry_md_close (md); -@@ -723,6 +727,8 @@ sign_file( strlist_t filenames, int deta + rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); + gcry_md_close (md); +@@ -762,6 +766,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -78,7 +78,7 @@ Index: gnupg-2.0.23/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -739,7 +745,16 @@ sign_file( strlist_t filenames, int deta +@@ -778,7 +784,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -96,7 +96,7 @@ Index: gnupg-2.0.23/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -767,7 +782,7 @@ sign_file( strlist_t filenames, int deta +@@ -799,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -105,16 +105,16 @@ Index: gnupg-2.0.23/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -900,7 +915,7 @@ sign_file( strlist_t filenames, int deta - gcry_md_enable (mfx.md, hash_for(sk)); - } +@@ -938,7 +953,7 @@ sign_file (ctrl_t ctrl, strlist_t filena + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) + gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); - if( !multifile ) + if( !multifile && !opt.files_are_digests ) iobuf_push_filter( inp, md_filter, &mfx ); - if( detached && !encryptflag && !RFC1991 ) -@@ -955,6 +970,8 @@ sign_file( strlist_t filenames, int deta + if( detached && !encryptflag) +@@ -993,6 +1008,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -123,7 +123,7 @@ Index: gnupg-2.0.23/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -995,6 +1012,45 @@ sign_file( strlist_t filenames, int deta +@@ -1033,6 +1050,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) putc( '\n', stderr ); } @@ -169,14 +169,14 @@ Index: gnupg-2.0.23/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1012,8 +1068,8 @@ sign_file( strlist_t filenames, int deta +@@ -1050,8 +1106,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, - opt.textmode && !outfile? 0x01 : 0x00, -- 0, duration, detached ? 'D':'S'); +- 0, duration, detached ? 'D':'S', NULL); + sigclass, -+ timestamp, duration, detached ? 'D':'S'); ++ timestamp, duration, detached ? 'D':'S', NULL); if( rc ) goto leave; diff --git a/gnupg-2.0.18-tmpdir.diff b/gnupg-2.0.18-tmpdir.diff deleted file mode 100644 index e2c8b06..0000000 --- a/gnupg-2.0.18-tmpdir.diff +++ /dev/null @@ -1,41 +0,0 @@ -diff -rup gnupg-2.0.18.orig/agent/gpg-agent.c gnupg-2.0.18/agent/gpg-agent.c ---- gnupg-2.0.18.orig/agent/gpg-agent.c 2011-08-04 10:57:02.000000000 +0100 -+++ gnupg-2.0.18/agent/gpg-agent.c 2011-08-06 21:01:32.000000000 +0100 -@@ -1002,6 +1002,10 @@ main (int argc, char **argv ) - gnupg_fd_t fd_ssh; - pid_t pid; - -+ char *tmp1, *tmp; -+ char *tmp2 = "gpg-XXXXXX/S.gpg-agent"; -+ size_t len; -+ - /* Remove the DISPLAY variable so that a pinentry does not - default to a specific display. There is still a default - display when gpg-agent was started using --display or a -@@ -1013,13 +1017,23 @@ main (int argc, char **argv ) - unsetenv ("DISPLAY"); - #endif - -+ if ((tmp1 = getenv("TMPDIR")) == NULL) -+ tmp1 = "/tmp"; -+ -+ len = strlen(tmp1) + strlen(tmp2) + 10; -+ tmp = malloc(len); -+ -+ snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); - - /* Create the sockets. */ - socket_name = create_socket_name -- ("S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); -- if (opt.ssh_support) -+ ("S.gpg-agent", tmp); -+ if (opt.ssh_support) { -+ snprintf(tmp, len, "%s%s%s.ssh", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2); - socket_name_ssh = create_socket_name -- ("S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); -+ ("S.gpg-agent.ssh", tmp); -+ } -+ free(tmp); - - fd = create_server_socket (socket_name, 0, &socket_nonce); - if (opt.ssh_support) diff --git a/gnupg-2.0.20-automake113.diff b/gnupg-2.0.20-automake113.diff deleted file mode 100644 index 280a729..0000000 --- a/gnupg-2.0.20-automake113.diff +++ /dev/null @@ -1,13 +0,0 @@ -Index: gnupg-2.0.20/tests/openpgp/Makefile.am -=================================================================== ---- gnupg-2.0.20.orig/tests/openpgp/Makefile.am -+++ gnupg-2.0.20/tests/openpgp/Makefile.am -@@ -25,7 +25,7 @@ required_pgms = ../../g10/gpg2 ../../age - - - TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \ -- ../../agent/gpg-agent --quiet --daemon sh -+ ../../agent/gpg-agent --quiet --daemon - - - TESTS = version.test mds.test \ diff --git a/gnupg-2.0.26.tar.bz2 b/gnupg-2.0.26.tar.bz2 deleted file mode 100644 index 62bcaf2..0000000 --- a/gnupg-2.0.26.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0 -size 4303384 diff --git a/gnupg-2.0.26.tar.bz2.sig b/gnupg-2.0.26.tar.bz2.sig deleted file mode 100644 index 21abd1d5cbfedd629f22cec1ac9a85fb4ff4a6bc2302f8c55072618189403b6d..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-s*UWot-2@oWkInqxh={dq$r4tnE3t7bK%U-u6iRKt*~|P{J=51l!(OF%?N!t? zU;SZk4pPT@g4aZocYA%J2b|qin$-pWGZ$d)x6aKg*(zm1;LuXsxT;LTfJh4JZkxW? z-ZweGPM?&`2x4aN|KXpbUOS3A{l>fz7q{F&!GqoEt}+u3xFGPD7r}JM7N|IE3aoE9 l1<4vdhrT+tdet%{<91&9ISB7XcprVz*yn;`ua8Xi;0XPWjBo$| diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index d533897..218de8e 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,8 +1,8 @@ Index: tools/Makefile.am =================================================================== ---- tools/Makefile.am.orig -+++ tools/Makefile.am -@@ -32,8 +32,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde +--- tools/Makefile.am.orig 2014-11-06 18:12:17.743916141 +0100 ++++ tools/Makefile.am 2014-11-06 18:13:17.073677366 +0100 +@@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde bin_SCRIPTS = gpgsm-gencert.sh if HAVE_USTAR @@ -13,20 +13,21 @@ Index: tools/Makefile.am endif if BUILD_SYMCRYPTRUN -@@ -51,14 +51,14 @@ endif - - bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} ${gpgtar} +@@ -55,7 +55,7 @@ endif + # Fixme: We should remove the gpgkey2ssh tool. + bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} if !HAVE_W32_SYSTEM -bin_PROGRAMS += watchgnupg gpgparsemail +bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit endif - - if !DISABLE_REGEX - libexec_PROGRAMS = gpg-check-pattern + if !HAVE_W32CE_SYSTEM + bin_PROGRAMS += gpgkey2ssh ${gpgtar} +@@ -66,7 +66,7 @@ libexec_PROGRAMS = gpg-check-pattern endif + if !HAVE_W32CE_SYSTEM -noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit +noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert + endif - common_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a - pwquery_libs = ../common/libsimple-pwquery.a + common_libs = $(libcommon) ../gl/libgnu.a diff --git a/gnupg-2.0.9-langinfo.patch b/gnupg-2.0.9-langinfo.patch index e6463cc..e7c22d8 100644 --- a/gnupg-2.0.9-langinfo.patch +++ b/gnupg-2.0.9-langinfo.patch @@ -3,12 +3,12 @@ # jnlib/utf8conv.c | 1 + # 1 file changed, 1 insertion(+) # -Index: gnupg-2.0.21/jnlib/utf8conv.c +Index: gnupg-2.1.0/common/utf8conv.c =================================================================== ---- gnupg-2.0.21.orig/jnlib/utf8conv.c 2013-08-19 09:55:30.000000000 +0100 -+++ gnupg-2.0.21/jnlib/utf8conv.c 2013-08-19 18:53:22.000000000 +0100 -@@ -148,6 +148,7 @@ set_native_charset (const char *newset) - #else /*!HAVE_W32_SYSTEM*/ +--- gnupg-2.1.0.orig/common/utf8conv.c 2014-10-11 19:45:14.000000000 +0200 ++++ gnupg-2.1.0/common/utf8conv.c 2014-11-07 11:35:05.491413258 +0100 +@@ -198,6 +198,7 @@ set_native_charset (const char *newset) + #else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/ #ifdef HAVE_LANGINFO_CODESET + setlocale(LC_ALL, ""); diff --git a/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch b/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch new file mode 100644 index 0000000..9a46d79 --- /dev/null +++ b/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch @@ -0,0 +1,77 @@ +From: Werner Koch +Date: Tue, 25 Nov 2014 11:58:56 +0100 +Subject: [PATCH] Fix buffer overflow in openpgp_oid_to_str. +References: boo#907198 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da +Upstream: committed + +* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. + +* common/t-openpgp-oid.c (BADOID): New. +(test_openpgp_oid_to_str): Add test cases. +-- + +The code has an obvious error by not considering invalid encoding for +arc-2. A first byte of 0x80 can be used to make a value of less then +80 and we then subtract 80 from that value as required by the OID +encoding rules. Due to the unsigned integer this results in a pretty +long value which won't fit anymore into the allocated buffer. + +The fix is obvious. Also added a few simple test cases. Note that we +keep on using sprintf instead of snprintf because managing the +remaining length of the buffer would probably be more error prone than +assuring that the buffer is large enough. Getting rid of sprintf +altogether by using direct conversion along with membuf_t like code +might be possible. + +Reported-by: Hanno Böck +Signed-off-by: Werner Koch + +Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7 +--- + common/openpgp-oid.c | 2 ++ + common/t-openpgp-oid.c | 9 +++++++++ + 2 files changed, 11 insertions(+) + +diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c +index 010c23f..d3d1f2a 100644 +--- a/common/openpgp-oid.c ++++ b/common/openpgp-oid.c +@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a) + val <<= 7; + val |= buf[n] & 0x7f; + } ++ if (val < 80) ++ goto badoid; + val -= 80; + sprintf (p, "2.%lu", val); + p += strlen (p); +diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c +index 79e5a70..5cd778d 100644 +--- a/common/t-openpgp-oid.c ++++ b/common/t-openpgp-oid.c +@@ -32,6 +32,9 @@ + } while(0) + + ++#define BADOID "1.3.6.1.4.1.11591.2.12242973" ++ ++ + static void + test_openpgp_oid_from_str (void) + { +@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void) + { "1.3.132.0.35", + { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }}, + ++ { BADOID, ++ { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }}, ++ ++ { BADOID, ++ { 1, 0x80 }}, ++ + { NULL }}; + gcry_mpi_t a; + int idx; +-- +1.7.10.4 + diff --git a/gnupg-2.1.0.tar.bz2 b/gnupg-2.1.0.tar.bz2 new file mode 100644 index 0000000..510940c --- /dev/null +++ b/gnupg-2.1.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:16a8c3f50a15bf37d2dfb1c5e4bb3ec533e1d0b6a4043ff3680a376a3ad4058b +size 3111585 diff --git a/gnupg-2.1.0.tar.bz2.sig b/gnupg-2.1.0.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..48b9d857fe4238792ee08ed5820a51bf116213e86b22f21dc55eedf3feddb5b3 GIT binary patch literal 861 zcmV-j1ETzi0UQJX0SEvF1p-uBMcV)h2@oWkInqxhnr-=OX@$|FC!e#X&6>73>y_MBSYk7e|1MCH1T zi9wR;_OTQQnq5(!bBp637qnc@$9q>=YoKmCMz7fDE7J!31y>EtP4zr2QVWZi9%~?Pqw!)R4aCz=(!l)<3IPqHOV1-* za)C)gGjw+;3bIFQNVl|;sGg}pUbI6oV;F~MLcBA(IRapmJ=qN+|B2v01`U!P~CXt@ce_L zYohWT+=^Q^FQo){C}+&LQdu~zT~VI{3=`i6>6tH@?LF-hhQUe9=_=&wo89o|eIf7e zM4pXgj$mm%iHQLm1ONdD00spDR9iW00162ZAaSsYGrd0sN{Cw7xu zG$sGgSLuGc9(SL>)s&JgvnRMY(h2!Mdsrd_H{^IpKg!#TFo6$ml`PQ>+bTxlcp6*x zxNoHCC7Ctcom%7##)s-3%!?(b&jToe5_=Cu2-kx%Bzs9Q`k&UX>2d;)!}arcc)&?B z>KaA+Tnq%Vyno|bIl`Dl-)jK6AAT%yBWMW`B?MyYN0n{#Bk)A9uozAAteX7+uq&1| n2F#pgpLH>iWLOBUjQRRz$u>5qaeUC`^}Z literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 6ac0990..2b53225 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.0.23/doc/gpg.texi +Index: gnupg-2.1.0/doc/gpg.texi =================================================================== ---- gnupg-2.0.23.orig/doc/gpg.texi 2014-06-03 22:22:56.000000000 +0100 -+++ gnupg-2.0.23/doc/gpg.texi 2014-06-03 22:25:03.000000000 +0100 -@@ -1851,6 +1851,24 @@ implies, this option is for experts only +--- gnupg-2.1.0.orig/doc/gpg.texi 2014-11-06 18:31:32.218688065 +0100 ++++ gnupg-2.1.0/doc/gpg.texi 2014-11-06 18:31:33.871709178 +0100 +@@ -1828,6 +1828,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.0.23/doc/gpg.texi @end table -Index: gnupg-2.0.23/g10/gpg.c +Index: gnupg-2.1.0/g10/gpg.c =================================================================== ---- gnupg-2.0.23.orig/g10/gpg.c 2014-06-03 22:24:52.000000000 +0100 -+++ gnupg-2.0.23/g10/gpg.c 2014-06-03 22:25:56.000000000 +0100 -@@ -369,6 +369,7 @@ enum cmd_and_opt_values - oAllowMultipleMessages, +--- gnupg-2.1.0.orig/g10/gpg.c 2014-11-06 18:31:32.220688090 +0100 ++++ gnupg-2.1.0/g10/gpg.c 2014-11-06 18:32:03.833091859 +0100 +@@ -380,6 +380,7 @@ enum cmd_and_opt_values oNoAllowMultipleMessages, oAllowWeakDigestAlgos, + oFakedSystemTime, + oSetLegacyFips, oNoop }; -@@ -746,6 +747,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -772,6 +773,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,8 +52,8 @@ Index: gnupg-2.0.23/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -2959,6 +2961,13 @@ main (int argc, char **argv) - opt.flags.allow_weak_digest_algos = 1; +@@ -3138,6 +3140,13 @@ main (int argc, char **argv) + } break; + case oSetLegacyFips: diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch index 3e96ea4..efacf41 100644 --- a/gnupg-detect_FIPS_mode.patch +++ b/gnupg-detect_FIPS_mode.patch @@ -1,37 +1,24 @@ -Index: gnupg-2.0.19/g10/encode.c +Index: gnupg-2.1.0/g10/encrypt.c =================================================================== ---- gnupg-2.0.19.orig/g10/encode.c 2013-03-14 14:23:58.009483967 +0100 -+++ gnupg-2.0.19/g10/encode.c 2013-03-14 15:49:50.524306304 +0100 -@@ -732,7 +732,10 @@ encrypt_filter( void *opaque, int contro - if( efx->cfx.dek->algo == -1 ) { - /* because 3DES is implicitly in the prefs, this can only - * happen if we do not have any public keys in the list */ -- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; +--- gnupg-2.1.0.orig/g10/encrypt.c 2014-11-06 18:27:35.176659675 +0100 ++++ gnupg-2.1.0/g10/encrypt.c 2014-11-06 18:29:10.987883901 +0100 +@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro + /* Because 3DES is implicitly in the prefs, this can + only happen if we do not have any public keys in + the list. */ +- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; + /* Libgcrypt manual says that gcry_version_check must be called + before calling gcry_fips_mode_active. */ + gcry_check_version (NULL); + efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO; } - /* In case 3DES has been selected, print a warning if -Index: gnupg-2.0.19/g10/gpg.c + /* In case 3DES has been selected, print a warning if +Index: gnupg-2.1.0/g10/mainproc.c =================================================================== ---- gnupg-2.0.19.orig/g10/gpg.c 2013-03-14 14:24:00.031545611 +0100 -+++ gnupg-2.0.19/g10/gpg.c 2013-03-14 14:24:37.495687612 +0100 -@@ -1975,7 +1975,7 @@ main (int argc, char **argv) - opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */ - opt.s2k_mode = 3; /* iterated+salted */ - opt.s2k_count = 0; /* Auto-calibrate when needed. */ -- opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; -+ opt.s2k_cipher_algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : CIPHER_ALGO_CAST5; - opt.completes_needed = 1; - opt.marginals_needed = 3; - opt.max_cert_depth = 5; -Index: gnupg-2.0.19/g10/mainproc.c -=================================================================== ---- gnupg-2.0.19.orig/g10/mainproc.c 2013-03-14 14:23:58.011484028 +0100 -+++ gnupg-2.0.19/g10/mainproc.c 2013-03-14 15:50:50.970127383 +0100 -@@ -685,9 +685,15 @@ proc_plaintext( CTX c, PACKET *pkt ) +--- gnupg-2.1.0.orig/g10/mainproc.c 2014-11-06 18:27:33.243634973 +0100 ++++ gnupg-2.1.0/g10/mainproc.c 2014-11-06 18:27:35.178659700 +0100 +@@ -690,9 +690,15 @@ proc_plaintext( CTX c, PACKET *pkt ) often. There is no good way to specify what algorithms to use in that case, so these three are the historical answer. */ @@ -47,5 +34,5 @@ Index: gnupg-2.0.19/g10/mainproc.c + if( !gcry_fips_mode_active() ) + gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } - if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) { - /* This is a kludge to work around a bug in pgp2. It does only + if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify + && opt.flags.allow_weak_digest_algos) { diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index c5d9788..6302c8b 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,11 +2,11 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.0.23/g10/passphrase.c +Index: gnupg-2.1.0/g10/passphrase.c =================================================================== ---- gnupg-2.0.23.orig/g10/passphrase.c 2014-06-03 07:59:18.000000000 +0100 -+++ gnupg-2.0.23/g10/passphrase.c 2014-06-03 22:37:30.000000000 +0100 -@@ -72,7 +72,7 @@ encode_s2k_iterations (int iterations) +--- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 ++++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 +@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) { /* Don't print an error if an older agent is used. */ if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) diff --git a/gnupg-remove_development_version_warning.patch b/gnupg-remove_development_version_warning.patch new file mode 100644 index 0000000..b265147 --- /dev/null +++ b/gnupg-remove_development_version_warning.patch @@ -0,0 +1,15 @@ +Index: gnupg-2.1.0/autogen.sh +=================================================================== +--- gnupg-2.1.0.orig/autogen.sh 2014-11-05 09:04:41.000000000 +0100 ++++ gnupg-2.1.0/autogen.sh 2014-11-11 17:46:57.154859332 +0100 +@@ -228,8 +228,8 @@ if [ "$myhost" = "find-version" ]; then + rvd=$((0x$(echo ${rev} | head -c 4))) + else + ingit=no +- beta=yes +- tmp="-unknown" ++ beta=no ++ tmp="" + rev="0000000" + rvd="0" + fi diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index f941a41..39eb8c2 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,14 +1,14 @@ -Index: gnupg-2.0.20/g10/plaintext.c +Index: gnupg-2.1.0/g10/plaintext.c =================================================================== ---- gnupg-2.0.20.orig/g10/plaintext.c 2013-05-13 14:26:49.290737159 +0200 -+++ gnupg-2.0.20/g10/plaintext.c 2013-05-13 14:43:21.740575875 +0200 +--- gnupg-2.1.0.orig/g10/plaintext.c 2014-11-07 11:35:18.100563974 +0100 ++++ gnupg-2.1.0/g10/plaintext.c 2014-11-07 16:51:59.919347340 +0100 @@ -25,6 +25,7 @@ #include #include #include +#include #ifdef HAVE_DOSISH_SYSTEM - #include /* for setmode() */ + # include /* for setmode() */ #endif @@ -39,6 +40,9 @@ #include "status.h" @@ -18,20 +18,21 @@ Index: gnupg-2.0.20/g10/plaintext.c +#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR) +#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS) - /**************** - * Handle a plaintext packet. If MFX is not NULL, update the MDs -@@ -140,10 +144,15 @@ handle_plaintext( PKT_plaintext *pt, md_ - log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); - goto leave; - } -- else if( !(fp = fopen(fname,"wb")) ) { -- rc = gpg_error_from_syserror (); -- log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); -- goto leave; + /* Handle a plaintext packet. If MFX is not NULL, update the MDs + * Note: We should have used the filter stuff here, but we have to add +@@ -169,11 +173,15 @@ handle_plaintext (PKT_plaintext * pt, md + log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); + goto leave; + } +- else if (!(fp = es_fopen (fname, "wb"))) +- { +- err = gpg_error_from_syserror (); +- log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); +- goto leave; + else { + mode_t saved_umask = umask(GPG_SAFE_UMASK); -+ if( !(fp = fopen(fname,"wb")) ) { -+ rc = gpg_error_from_syserror (); ++ if( !(fp = es_fopen(fname,"wb")) ) { ++ err = gpg_error_from_syserror (); + log_error(_("error creating `%s': %s\n"), fname, strerror(errno) ); + umask(saved_umask); + goto leave; @@ -39,4 +40,4 @@ Index: gnupg-2.0.20/g10/plaintext.c + umask(saved_umask); } #else /* __riscos__ */ - /* If no output filename was given, i.e. we constructed it, + /* If no output filename was given, i.e. we constructed it, convert diff --git a/gpg2.changes b/gpg2.changes index 6c0b64c..6c3d681 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,59 @@ +------------------------------------------------------------------- +Wed Nov 26 19:21:15 UTC 2014 - andreas.stieger@gmx.de + +- fix buffer overflow in OID to string conversion function + [boo#907198], adding + gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch + +------------------------------------------------------------------- +Tue Nov 11 16:10:04 UTC 2014 - vcizek@suse.com + +- obsolete dirmngr (shipped with gpg since 2.1.0) +- spec cleanup after previous update +- get rid of "THIS IS A DEVELOPMENT VERSION" warning + http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html + * added gnupg-remove_development_version_warning.patch + +------------------------------------------------------------------- +Thu Nov 6 17:32:39 UTC 2014 - vcizek@suse.com + +- upgrade to 2.1.0 (modern) + - The file "secring.gpg" is not anymore used to store the secret + keys. Merging of secret keys is now supported. + - All support for PGP-2 keys has been removed for security reasons. + - The standard key generation interface is now much leaner. This + will help a new user to quickly generate a suitable key. + - Support for Elliptic Curve Cryptography (ECC) is now available. + - Commands to create and sign keys from the command line without any + extra prompts are now available. + - The Pinentry may now show the new passphrase entry and the + passphrase confirmation entry in one dialog. + - There is no more need to manually start the gpg-agent. It is now + started by any part of GnuPG as needed. + - Problems with importing keys with the same long key id have been + addressed. + - The Dirmngr is now part of GnuPG proper and also takes care of + accessing keyserver. + - Keyserver pools are now handled in a smarter way. + - A new format for locally storing the public keys is now used. + This considerable speeds up operations on large keyrings. + - Revocation certificates are now created by default. + - Card support has been updated, new readers and token types are + supported. + - The format of the key listing has been changed to better identify + the properties of a key. + - The gpg-agent may now be used on Windows as a Pageant replacement + for Putty in the same way it is used for years on Unix as + ssh-agent replacement. + - Creation of X.509 certificates has been improved. It is now also + possible to export them directly in PKCS#8 and PEM format for use + on TLS servers. +- dropped patches: + * gnupg-2.0.20-automake113.diff + * gnupg-2.0.18-tmpdir.diff (socket is created in homedir now) +- refresh most of the remaining patches +- added new BuildRequires: gnutls-devel, pkg-config, npth-devel + ------------------------------------------------------------------- Tue Aug 12 20:19:45 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.keyring b/gpg2.keyring index 86dc5ba..4637a2d 100644 --- a/gpg2.keyring +++ b/gpg2.keyring @@ -1,521 +1,99 @@ - - - - -GnuPG - Signature Key - - - - - - - - - - - - -
- -
-

Signature Key

-
-

-To guarantee that GnuPG versions you download has not been hacked by -some malicious person, tarballs are signed. -

- -

-Signature key is reported below. It can also be retrieved from the key -servers or obtained from the GnuPG source tree (doc/samplekeys.asc). -

- -

-Instructions on how to verify the signature is available within README -file of GnuPG distributions. -

- -
-pub   2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
-        Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
-  uid                  Werner Koch (dist sig)
-  sub   2048R/AC87C71A 2011-01-12 [expires: 2019-12-31]
-
-Releases done in the years 1996 to 2010 are signed by this key:
-
-  pub   1024R/1CE0C630 2006-01-01 [expires: 2011-06-30]
-        Key fingerprint = 7B96 D396 E647 1601 754B  E4DB 53B6 20D0 1CE0 C630
-  uid                  Werner Koch (dist sig) <dd9jn@gnu.org>
-
-Releases done in the years 1998 to 2005 are signed by this key:
-
-  pub   1024D/57548DCD 1998-07-07 [expired: 2005-12-31]
-        Key fingerprint = 6BD9 050F D8FC 941B 4341  2DCC 68B7 AB89 5754 8DCD
-  uid                  Werner Koch (gnupg sig) <dd9jn@gnu.org>
-
-
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.17 (GNU/Linux)
+Version: GnuPG v2
 
-mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4
-3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW
-G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3
-RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68
-N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvy
-TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY
-urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq
-bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9
-quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv
-Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iGIEExECACICGwMECwcDAgMV
-AgMDFgIBAh4BAheABQI/6YJpBQkMMyPLAAoJEGi3q4lXVI3Nou8AnAuw9XXJ9zYP
-7JP7ZbXUf9+00wO/AJsHB45GEJv878Q6SDZRNckFHh6SgIhGBBARAgAGBQI1oic8
-AAoJEGx+4bhiHMATftYAn1fOaKDUOt+dS38rB+CJ2Q+iElWJAKDRPpp8q5GylbM8
-DPlMpClWN3TYqYhGBBARAgAGBQI27U5sAAoJEF3iSZZbA1iiarYAn35qU3ZOlVEC
-ELE/3V6q98Q30eAaAKCtO+lacH0Qq1E6v4BP/9y6MoLIhohdBBMRAgAdAwsEAwUV
-AwIGAQMWAgECF4AFAj/pgnMFCQwzI8sACgkQaLeriVdUjc2CugCfZn7gqBWjafNb
-vZOAInCQA/Rw5zYAnRkyKWw5abGYQboHiwcwuQHiKvgYiF0EExECAB0DCwQDBRUD
-AgYBAxYCAQIXgAUCP+mCcwUJDDMjywAKCRBot6uJV1SNzYK6AJ9Gs4h+WWneZKYa
-keAjG+DlXy+0xwCfQG8pV6E6f7XZi+f0EId+DfiNRluIYQQTEQIAIQIXgAUJDhSH
-/QUCQbxoXgYLCQgHAwIDFQIDAxYCAQIeAQAKCRBot6uJV1SNzQSTAJ9Nd9d2oNLY
-I6xlGbQ5SmG5jSHjHgCdFKVbI8acpQXEo7DxPDAJIux29keIRgQQEQIABgUCNuj6
-3QAKCRAHAyqWiQTI4hKYAKDNyIrKze113YZz/ZZsdFCShO0rBQCcDFiAZxivd6I7
-ll4fWIA0ckmSmaiIRgQQEQIABgUCOcwPPAAKCRAyw1uAR7qTV/b8AJ9WUVGMiFle
-V6EVCKuxKc9YnfoQ1QCgzGUqNeYfb3xgI68racTrOXJVvhuIPwMFED1dFpBsryRo
-IByznhECwRQAn1Ho60oFxkas1xl+sCpZ80cukB8fAJ48MPZI3wHW7Vf9egVKS3EO
-76eEJYhGBBARAgAGBQI1pysWAAoJEAQ1xdJF3KZpeMoAmwZEvOS95jEKj/HnbFBD
-Dp5C4dw0AJ4nsZgDnGDAG7FCEJI6+LoIIUit44hGBBARAgAGBQI1pytxAAoJEITk
-+JQB5ZloGOgAnjVcqopXEyMYEZfF98STKmutKPiKAJ9xHmxZW3KtVSTRf/ITSNSs
-/0gClIhGBBARAgAGBQI21moBAAoJEJKyepXkBBOquBcAoNljEbSHXMLH54/J4Hit
-AsiI18amAKDrDLnxCzmC+8m/OTNu4mZamePP3ohGBBARAgAGBQI314yyAAoJENa2
-+kuMjp8j2KwAoK9+TObp3jf+TwnPVIfXGkmHSbcMAKDo8zs+isKynXOMF2g50STZ
-waWTHYhGBBARAgAGBQI32QNDAAoJEM024CF+PI6rjjkAoKo8mBja4lOGW+miluBh
-3LiTaDNJAKDQrqc4kkfaQcVlXjDVYVael74oJohGBBARAgAGBQI4JoPuAAoJENXo
-h0OUdhKzCAMAnRfk1mf0+yiUdMuSENhKMXyysZ2sAKCvMSdEEmGomWCgsQfLWMzC
-LR7+5YhGBBARAgAGBQI4WM8aAAoJEHEtCxfQPYpPbZwAnRr7nX029eq1E0Pv9FwQ
-rgs3Zu+nAJ4s25RKi089/avsVVqnm87egAzB2YhGBBARAgAGBQI4XUq+AAoJEEPM
-0G/dqdt2qekAoN1HvYZQ6AxvNVLx3M06s/ytk21NAKDNn0RgGyCBiyQeLuV3Gkuq
-xke7kIhGBBARAgAGBQI4YMPoAAoJEHFG8OMwcClIpb0An1H9sxwJF5/2bKL0HZsL
-XO43aq1sAJ9z7U0cOGYNIrRNpHlJ67ZPJX0tx4hGBBARAgAGBQI4mP1QAAoJEGXc
-QrfU5YAmi8wAnihZi/5OG9CnzMx1UKdtBAvvt4t2AJ9lX+jCeoO3TF8QykdMXSFI
-dDHL3ohGBBARAgAGBQI4q/0WAAoJEDW6YX9GCEVakzQAmgNaF00/D/eOgHmtLEjE
-0IH1H2yUAJ9EKs47I9s8U7IYJOGoQRy7LD1JRYhGBBARAgAGBQI4vt9pAAoJEC5A
-rMtkcKsmHDkAoL3TIizomIuEKO6vwHMFcFndsaAaAKCJAkq+I2mjYimFE7ajlaL0
-jyecGohGBBARAgAGBQI483onAAoJEIQ/V9estY1PhJYAn0hEgISY812GhhZRzuE/
-sc5RWEd+AJ9SxHhtH0oJNrKcGYq8AoD9yJMGHohGBBARAgAGBQI5DSiPAAoJEFL+
-72cgfnGZx5UAn1UiUx9sLoaeLeMtdmztURfk1ZAJAKCJ3juG6XKBMjLl4+SmCM47
-VkM/9ohGBBARAgAGBQI5Rs0pAAoJEH/i7V71FDsqLkoAnivh01I3uQurWc5bnb7f
-T1GIOmfyAJwOE/KCrJV89Rko61XC+20dlzKzGohGBBARAgAGBQI5TM2WAAoJEAJx
-6COq/B+4jTYAnjOMlKc5tuqspHgAUgAVmBda5XNGAKCIqZ3Fu33suLyRABGZ+tN3
-tJ1QZ4hGBBARAgAGBQI5Zs0MAAoJEEcWKRmClXtmuPEAoJe7siEXNYVflP+Glf71
-M2xvkSa3AKCerd0dwvhmi4Ao4ujBnuZI4YUIhIhGBBARAgAGBQI5bedgAAoJEDLG
-kzuo7SAfxjMAn2I7CSRyEz8mkaD3emaM1WYxvbb5AKCFOlNjoxNmu3SSWfgrW1EE
-SYPQY4hGBBARAgAGBQI5kqZcAAoJEMfg9pSiTYtOVeUAoMTgBNUjD+AYQEzIU1zY
-kiW1NgZhAKDW3GzsDPqzs3nF+mkMnggYPFnEnohGBBARAgAGBQI5tN9hAAoJENGO
-Dw57qpD6cEkAoLm4o/nqc2SDZ2eKr5hYDTUfWBlCAJ9g8KJvMM6+/1tEPaolM/hV
-WKBx6ohGBBARAgAGBQI5ypYLAAoJEJ853fBeKcbCFbgAn3PjBy25SYCXCOWeNg+H
-ebn7Pi7GAKDKtfxnXigrcdNvARmZtWHNMzvHMIhGBBARAgAGBQI5zQ+XAAoJEPd9
-ddcOjOSBz8YAn2a5jCk052U+frr+sFRQ1MqKmrxKAJ9J71OdRNZLefkD7ihJ2Ymc
-o8Gsp4hGBBARAgAGBQI5zzSCAAoJEKZZdW0/TbZp0ssAn1qZ7PJCIHf6ErUG111c
-5bWjCbW3AKC/3Cf/ZNZK2mKZOmfCCRn9sBBlRYhGBBARAgAGBQI55+EEAAoJEEQ0
-VrKnu+CclHMAoNOx0T2hZqYtHoxhruXjMvAOpfHtAKCvYm+l6Yah/UuM6OrsKbXr
-7ulq9YhGBBARAgAGBQI58yQiAAoJEOY1PDi4UosBhq8AoN9OP59IYJ+NQYJmpdoy
-PFgJitPfAJ4tlu7qDh0lpQUBJKIrCjG0od4yIYhGBBARAgAGBQI6A6zWAAoJEAa2
-rnqGiisg4Y0An2Y/8oNJ+Oj40zqQGYn0rCZNTbbqAKDmvIQiqEcdQn/SoIhELxW2
-YZs+WYhGBBARAgAGBQI6Gfa2AAoJEL4aU+syO97mR7kAnjSX4QP7gR6x1BYTCC89
-u2gSXAQtAJ9nReACgNU/D+TLqimlMS9TqnTyZIhGBBARAgAGBQI6QjVhAAoJEN9J
-A6fJssLArhgAoMONOWaoVjK4DXsFNID5Zc/kvVevAKC3q/YHRHK92h4cWcZmaY7E
-cuMP7YhGBBARAgAGBQI6c0fgAAoJEIj3xI8iNZX1HdIAnAug/Inx3NbV/a5vNgES
-SQc3jWn1AJ4pu8BlA1FywwpMkIC6GXAWeHsoaohGBBARAgAGBQI6kBGJAAoJEPOk
-M758VsXv+K8An0lw/DejITM3yqmem+l/5GoP3Uv0AJ9kDPVOHQq1JfJDk3WWz/jQ
-vh3MdIhGBBARAgAGBQI6k/ROAAoJEGnBgyv5Otrs1aQAoNARp9b/2AqdQ0Ug0moS
-RhRexiUuAJkBwZY54+uszs8Q7P+HTeSqWVi3zohGBBARAgAGBQI6ln0BAAoJEKu/
-XM0hJhuIIhgAoP6jS+IboXddicsmt6kyXhWBYDJtAKDljV7NQnqWDBmdRzYW3CYh
-/hvPyIhGBBARAgAGBQI6nlT1AAoJEPqlSVpCsy/Jc7wAn12uIYBL9WfhmS2Sh0O+
-mIO2j580AJ9nJvBuz4q07lkgDUFVJQlruD1IfIhGBBARAgAGBQI6xKZNAAoJECAs
-PjFYbhLlDsgAn0tfgJSaxWUd5s0ZGmKob7b84onEAKC15V+DRTrE1tArKxy/itSN
-iMtQG4hGBBARAgAGBQI6zP4MAAoJEP2mrjmFey4hMioAn0UGCzQKKSmQqGw0B3x8
-abYWUC+aAJ9cpULGVtTlggjdM2AEDI+LaYyaeIhGBBARAgAGBQI6ziMsAAoJEOB5
-DjbKcLrc2aEAnR1WTr4J4dpFuNtvRTsEXbVcm2RlAKDoZbCBC9I+VuGCQhkK4Xe7
-8bqNL4hGBBARAgAGBQI61vgkAAoJEJeJjZL0kb0h64gAoNU2VN5G1PryITJbB49E
-xmAjcmRGAJ0crDTB0H8MiiTRPt4PaDf+sh9CnohGBBARAgAGBQI7FTOnAAoJEOTO
-X3gKLDxeqsgAnjMWBiiEToG6ATHKHZhkbFh52sTdAKCi4/cu+BYrzhNL+KHZXc8F
-bP49t4hGBBARAgAGBQI7GQwoAAoJEF4Gyczs+hnFZhYAoOMcc6W4Rg3pd+9eEtqx
-ZHlDDIoEAJ9VG0vhxw9szHap9L0bNN3awkZanIhGBBARAgAGBQI7JUB0AAoJEB3T
-gN9DaBQASVsAn28snlWv8ljqxPsS2e7xqJxzND3GAKCsObLMGdGyED2YKlu0sSa4
-E7cE+4hGBBARAgAGBQI7PonmAAoJECTQzUdmDtvZdT0AoJwx1hvhf+2pMN+e0u05
-bb0ebVfnAKDpZKStArdW8xS/idhP9R7UaHyZvYhGBBARAgAGBQI7ScU3AAoJEDec
-kqFodBLoiG0AoItVFw4742i3VVL75rHpS/iRTyXXAJ46OJxgMvJ9knQ0l4so5JiB
-otS/8IhGBBARAgAGBQI7Vf1SAAoJEFbTlPwk1QvEjPoAn21RJvXsS2r7ULpXtiKI
-cK3/+9jYAKC3qGXWrrPZmFKAksFXo3rCyzQZYYhGBBARAgAGBQI7awLUAAoJEBd4
-3VVgXTjQKI4AoKzDCRFCypusHv+HobIOrB7IIT8TAKDJ0Env5dzMRub+k88oAKje
-3AyYxYhGBBARAgAGBQI7b+zBAAoJEK6vjC0HwEYDSbYAnjD/E6PAovkpDzSAoTzW
-gmhIqOjfAJ41Nryc49NSfzwmHjHKA02eGmjvZYhGBBARAgAGBQI7eNsgAAoJEI/A
-t40JszEG65oAn3gQAikxZTrE3G4YZbyI2SfWVE9dAJ9DR1B56JLQOBjHcVub0frd
-boRnFohGBBARAgAGBQI7hEQBAAoJEFwx4sMqF2LdKY4An01JbxbW3DrWPwxoLaNc
-K8u8rgnGAKCEF+4ICy2QiFUTOjXVeevFwKaKHohGBBARAgAGBQI7kOZuAAoJEFwI
-fke31CB7qREAoJ8lDAoLcN7vtSgtx8BfwRMW2Q0qAJ9Ru/GtQglsVha+XrgC1Vzd
-B4zqT4hGBBARAgAGBQI7sbiiAAoJELBm2s/e4NveRe0An15yU2qDEyVxOCkaof5A
-J74yKDTQAJ9ZyEiwLE1gQKuabrs/bUL3yvDWP4hGBBARAgAGBQI7v1c6AAoJED/O
-KBDjNrEGu8wAn323cSQPxAIku2BOJ6Ai/T6EWuaqAJ4xOQHIAR2RQNZY9N2cHXIS
-Ehu+oIhGBBARAgAGBQI7zECMAAoJEL6VZu5GV3J0pmsAoJjHoGQYZnqA2nkkD82K
-lFm8ypDtAJ4jDyaF0RmkcfcmpjOA9LOg8rp8D4hGBBARAgAGBQI73t7LAAoJEIeo
-vXamM4UazXQAnjd2m9MQaZ8q7mVBxEpup10sFMZwAJwIJvIeB+kUppNTea6ijo0w
-pCuF8YhGBBARAgAGBQI7430SAAoJEB/tJKqSZfr7xIIAmQHbJSna96OkNqDCdSQl
-gm0TAoPUAKCByEtRAOO+3GtDu2byKOXqqQQf9IhGBBARAgAGBQI78y1IAAoJEPFm
-QMK+QtymtcIAn2rhARKRI+Ilaf+8NmfX64/NsFw+AJ9LFE0WZD7BSPmErPYKtH3q
-4nB304hGBBARAgAGBQI7/a2UAAoJEDdpZyTeGKgb45EAn3Ttnv2G66peIp6Qd0LK
-9HyHMG52AKDCEdDCDgpOp9xE9y3Qfy3XaeK2johGBBARAgAGBQI8OvrmAAoJEH0J
-HgBCHFE0amsAnjzZ1rzTcQr1X5FVcQjlkqja3y0LAKDRr652u3GCVSTU4TFj6//+
-yKrSSYhGBBARAgAGBQI8WSziAAoJEJgXkxOJvYru6ZcAn2aTbYiVEFX814lG6qaS
-K8LanQOjAKDiEB6Q6EF5ZwG9NqIKt9CxWCYzY4hGBBARAgAGBQI8XB4lAAoJEC27
-dr+t1Mkzbv0AoLd0yc8rHrSTfzvXAMtQyAKh4HuMAJwPgqYNdOXUM3hkTHipMN72
-v2MXcohGBBARAgAGBQI8fAA1AAoJEPJk0qCezPAhoGMAoNE5kpHw0fI7yu7py5vD
-+O1nYLdSAJ49Nt+hkrRCdJeiwTRhw3S434jADIhGBBARAgAGBQI8iA8eAAoJEKO8
-fk+VSKRRLTIAn0wHfcDCzH7lVwvdck1DE99ZKp3UAJ93Rnr7Ut8FiWOsgaSjEYOM
-/Wn2bohGBBARAgAGBQI8pwmAAAoJEGFhpSo9Vtc9TFMAninforCqZtGuJ1zaipXc
-9sIicMIjAJ9bsGgNfFpkIaOkhwoYcZ+m0kZkLohGBBARAgAGBQI8xSCzAAoJEOnW
-IbyLxfYrs9IAoOYpFNtlaOU4mzgA9q64FU+aRCejAJ9LpWSYdz9FQStASLILJYYH
-0cj8vohGBBARAgAGBQI8yc+PAAoJEKmGnWIe6RjWJ0QAoJ2nEZs/HYmJ9FF1jn+l
-phCnWZOaAKC2cRtAnlpSmgj2fWWtzBPAjMRulIhGBBARAgAGBQI80OgmAAoJEDFc
-jj1lbLW1N0sAmgIlqOJ3G3EE9CPIJ60xVH5+//Z9AJ9Ou9+9E+Fze6zMB7Vn7j/L
-AzsfwIhGBBARAgAGBQI84DImAAoJEEPaqJTf81JOjJkAnjo8IJSyn1RDc0C/SByu
-ZlqSRjjRAJwKxnmGh3EMe1ZVtO3ZGe50S7Tda4hGBBARAgAGBQI84PTyAAoJELoW
-FZDMNQMyLZ0AoOAdy099LVvSlHyVqjtRc3RctixdAKDyxlwDweoBvGYQpsT6iqb7
-xPpkcIhGBBARAgAGBQI86d10AAoJEGsY5C12UxliJoEAoKgP1pbGf7WFJR8q3Nyk
-HoMYoirnAJ4k4kusg6EL9nt/WBcKmzWDO2sEs4hGBBARAgAGBQI88QRCAAoJEPsP
-OnXTORgQ0a8AnRcSVlV84X56jTnSftapXggAxG/yAKCbIogHWD0SrzV0DXgjo+AE
-IuYXCohGBBARAgAGBQI88l+3AAoJEE6prRadbVuu/aUAnivV8DalPGw3QcuFmpBK
-wSwEMCY7AJ96Mb0eJVCmj/+nbtDIhXj9ihCCAohGBBARAgAGBQI89JjcAAoJENOh
-xR3NTfIFU0QAnj0YNNd5gZNHfNmIb1jai+5dgSX2AJ9bovKcoZIZxeOoFPpmlF66
-WIozL4hGBBARAgAGBQI89QC/AAoJEE6prRadbVuuw40An1sLHPZXu05p4/wqDnqN
-bECMZ9QgAJsFRiiz9IbLbtJ6JolVDGHpvLrrN4hGBBARAgAGBQI89QDzAAoJEBnb
-ZojaeNCo04YAoILQe2cG58KsPTSyIkKTg+mwkQouAJ0eCgjvNWrhPHiSRnegEsbF
-o4zsK4hGBBARAgAGBQI9H2xgAAoJEGHsr3XM5FOYekcAoMY+mIbdRh9YTGKrskfW
-QQCQ87bxAJ0ZZTr2iwukIOXW8ryk4zlD72ZWi4hGBBARAgAGBQI9bjqiAAoJEHLT
-tWP+y1FLj0kAnjGZGzl4VHxvUa+c4gD/GMrw6wgEAJ45Gy0INAp+Rh6NJbNECzjH
-OFjstIhGBBARAgAGBQI9cUfYAAoJEFwRFAeEa7Skd/AAniL6ZGAUqQGs8siu2ia0
-SnVoLBQyAJ9DrvhmP3aaZf+/GwR8Gx+Lt7uwTYhGBBARAgAGBQI9eF2CAAoJEG9K
-95D+u1J7GAkAoIVs4Kxb0R7luN6Pi+WhXNfii4QbAJ0UZLJ/ySM8ZbHnGTUNIooe
-ecnLjIhGBBARAgAGBQI9h9ZMAAoJEMR6qYKMZW0ODu4AoMMA74PG6QjDICxdsLWe
-hhuJf3VzAJ9aHtt/ld1W/DTWSjdvH6AP9g6ZeIhGBBARAgAGBQI9k3U6AAoJENBl
-k7NU+gyIiCcAnj46+kM9W4dDxs0dqNGCOXfzfXUjAJ9DWG0bLQ/tixVsWApUHTd+
-ffQM2IhGBBARAgAGBQI9p/iCAAoJECxm82ySywptILkAnikhz+yOxNJMNnj/aB9C
-h4i0fQmUAKCHRje8FE5DZSPWf+OwYcixOm+TxIhGBBARAgAGBQI9rwp0AAoJEDxV
-WkwvmGAIsxsAoJgH82l8l5GRGwXBl26AHj8ZA6zaAJ9bKL45L0jyrSRF1V5FPLxY
-twXDe4hGBBARAgAGBQI9tsipAAoJEIIYfzQ7kw7P9UAAoJ4URNsGaPSQkTSKLO9E
-rSPkRdHXAKCynlouXdSQ70FBn4j6mG5I40cnGIhGBBARAgAGBQI93wWnAAoJEE1r
-ZOIZBCWd+yoAn0IBXJN0bR73EG7dtOPB4Vf+MIqjAKDky8A5HD2DHDrED/bCDDBG
-JeS134hGBBARAgAGBQI98WVmAAoJEP4Xknlj8hRJ51kAnijQacczGC7jafSF5un6
-nRG65a7kAJ41Z8eK4JMaTNVLkkM3n1e7hh7RAohGBBARAgAGBQI+n5+UAAoJEO5p
-t4fBbO/YeOIAoJA3UYEf9kntgTFeNY8pOAnCY4ouAKDjI2BHDR3zlcNPNcaczJO1
-Uvxd64hGBBARAgAGBQI+n5/CAAoJEDBJWXZ7Y/q9XWYAniEPJv06FUNu2iZr2eON
-fn137TmAAKDQoEEKk4kZ8bYxI6HmRRbBU7hQTYhGBBARAgAGBQI+thg2AAoJEB4q
-exxFM9Jns00AoIJMwTx+2aRpo3WNCdulrRUzx/ZwAJ4waxt3zbR0M15kEF8mlB0h
-198mOYhGBDARAgAGBQI4no7wAAoJECShvswraT6/w8oAn0XLPn0F4s9wQ4pGXNPC
-m7MJ6E5zAJ9CbanRlaKAXoD1LP5bmADGkRBqfYhGBDARAgAGBQI+1KueAAoJEK4I
-uPUH3Hp+6ngAnRTP6a9ztIe15H5seESNWjlpGzBcAJ96No/FG7JY9qHg2WoJs/F4
-/KKlH4hKBBARAgAKBQI7heRSAwUBeAAKCRCNvZIahzuneBt2AKDtP0g+JAHXbWpf
-HSl8MD1TnCKKYACeL5DRtpWgKqbDYn5FvT4hWvNfIh+ITAQQEQIADAUCOiGBggUD
-A+3ogAAKCRAySnMapnzv/Wl4AKDrpmoVRbgU7mbL+ZmtsRt3VT2XMwCgtb4hCIQG
-pLYRG/j4tEkcniu3KqmITAQQEQIADAUCO96rcgUDAFMOgAAKCRDjPKcIjmJ+pPM4
-AKD2l/j2XkSV7If4J7Vr2qK2GNPw9ACgxY7FrKEHy8t8/dBJK+NBhV7n2SCITAQQ
-EQIADAUCPY6TfwWDAICXJwAKCRAAUOX6oWT9DUZMAJ0ZTxGE8x1MAEZBxwWqJqrs
-SFsyRwCeOiIx4wCHuLhprrpCHfcKUz5AEn6ITAQQEQIADAUCPbnlVQWDAFVFUQAK
-CRAZUZWL/wBnRwQSAKCAzuiSsLqv5wz/DzCpE75zZOUAdQCdHKtHbuDS1KUv2LGh
-mUxoAHlfzNOITAQQEQIADAUCPlvZdQWDAZW4NAAKCRDaU4KRKI89jrDlAJ4/d8HB
-RrGOeKp0WZe2SV3QtlB4QQCgnHAcC5ZZBgP7kUKPmMFWj6Et1waITAQQEQIADAUC
-PpHkAgWDAV+tpwAKCRDKVrvTQrehyqKmAJ9ZVoLBRYdx0k6qmvdNLPcfjCoflwCc
-DnAP7Iv3E1ZvDYjTMv8TzbprCQSITAQQEQIADAUCPtSrKgUDAeKFAAAKCRCuCLj1
-B9x6fncZAJ0YvhJJEXXd7InRv7zmbQJDNYXt9wCgwVs69iDWOZd7w+HCx1ATOxe7
-5BCITAQREQIADAUCPhC4NwWDAeDZcgAKCRByG62+aRFQJHOfAKCdS0+8OHL25Q3F
-fVubvmgWNWFjIwCg317DNzRpf4Q9+47MI5G2dqXpTeaITAQSEQIADAUCPXN9XgWD
-AJutSAAKCRBNj+1jRDFgA2QCAJ47vI/6RoVP8Ft1FBEg9BoufYjTHACgq2xCtE+t
-517ScNWOaLEuLTFrG1OITAQSEQIADAUCPcHdAAWDAE1NpgAKCRD7uVmij+pODRne
-AJsFZABV8zGyfY2tqiF7hFvNqJSDawCfXd0TaLK3f6w1ZLSUXubjqv+4FfyITAQS
-EQIADAUCPiXheAWDAcuwMQAKCRDk5U0RmgzamXdiAJ9FrLzU1iosekYj4lhyD4aG
-yujd3wCeNzhz44vmT5Bf8ZH9C5NSuJfOcc2ITAQSEQIADAUCPiXi6QWDAcuuwAAK
-CRCTzKj2+Q404rd7AJ9Ga2K/WEXdoQVGCRi8UvaTJPLQfwCdFvcVVpXBmkByTUuU
-F2mKSOTzdbmITAQSEQIADAUCP2mklAWDAIftFQAKCRD9EXAI2MiHX1NTAJ9FwxVt
-4ni2lZy4X1tslTEdP/JMWgCff7VETWUoJ21ehXIyecEJ+hIQTLWITAQTEQIADAUC
-PaGNQQWDAG2dZQAKCRCL2C5vMLlLXPckAJ4vTZrQma+f2OEkDj1l2RrkfHc6IACg
-hd0OG8Kz31yfPwtRDg//FC/3XXSITAQTEQIADAUCPb6/NAWDAFBrcgAKCRAJHm/E
-FCxT9N4hAJ9w972dsHdayzDxXM2PgSiuLibQ2QCeKp/SJztgiHxIb5fLWBfkJW5Y
-GqGITAQTEQIADAUCPdEXBAWDAD4TogAKCRBFaHG18acrUoTiAJ9O2kYrMui5yUwd
-AS942rjUN3UScgCfeE3ZFp8sMlAPm56JKeXYy8+1tfCITAQTEQIADAUCPdpsbwWD
-ADS+NwAKCRD7jyVk9dpr49bLAKDo1adhDf4/NoSC8vdnniAV9ZvpZwCgh9pv0BD7
-gObIIocl1WS2dEiHKIOJAHUDBTA4ny05OyKrYzxvKPEBAYDhAwCRGhZyddRiZTKU
-iJMU+JFNQ6VyRnPsOb4V/MY6o05ZGwktQHq8jNhRs/8Dyg4x7Rve2G6bZnooK8eW
-WfTv8KferE2KSoipPd2EcszzrSeBoWoTEePCwbumJx6aSZ8QsoOI3gQQFAMABgUC
-PnNvCAAKCRD/YM2ca4P1c1V3Av9ahxx12+OfQS3/1LcSvkbw7m8VF1z4/L1SxJNd
-xIUeKSdJabPMokhfrIbdTpGKS2HxL8P0OxY4EcyfI1P2nYEM5mCOTIUTkIRXOJFL
-r7uqH2fwt1H+XzDnqb8zK/vjDFkDAKveP0k1IUTXXsCZb98qKJWWQiTSwOuVPaTK
-go0YD0Of40nHTudnGYtckRFHvHw9ZWxxjazy7MOJwKwUum3NK5j+QIm071E1+yeU
-De3Pl4m6VrYyG4EB/Cn+rZYFcqLFR4kBFQMFEDbWahiOXwMHK6ndaQEBnS0H/2/m
-Q4p2HuvANo8cUvG8bt+WwPxc68wz8sfS4DGyZR5tdjAhFYPOJmoOYUemfNO3kszu
-fJo8mOCB9IKaUsq3HlmAiBcz0PtavA9GBxeDdIdu4ptdN6JJBE/yCgx4AOVAV36x
-fyXjSbAoX2SVBdHv/TYJP4szkD8qdcziapDVyMUuILCHHYb5GzHg8QNMOgEvdbow
-T+nEjOfQ0m6Gn2gNW8q5aYq3Ao9ZIdGPwJHno4HF5kb6w8rdTJIz9kR0QvSIRm+B
-hHCl/+3y+dLz8uL8zql6boWfAtqVDC/+8wUVC8GIcmpEnVXGx0dUMxtqnUs7sDZA
-aCE+R4OcA3iPIKypdW2JARUDBRA32QNkTcMRMTj+5sMBAcoRB/9s20z4l7mn39Nl
-4+0KkiMI6NDuO7IMTR27lDCQe6bw9KvIP0/o19LsegotepuNmjlI6dueBt90Teu/
-QXY4hxuOwzq4nE73S6vblraoPoq0KLCXp/ntKSLBU35o9cwNRvK62wA6lQhM+EqY
-mwywecFw4VXamkd7ALXiAGbYtcaE4hXNdiq2q5C5/gWllLbwW4vd27A/skkxP5CH
-nghi1vSBB6JPHYndUDFlzTNlbs0nSkqMWoriTpLmdgLotBwHRMnGOX4TqiKOAf67
-cRqXQVwQQsTYvlUWqtAlp9dwYiCNgbzTpgp/O/UfPajMbo9dF90Z0UCB4I+JoP1+
-854uvOBTiQFfAwUQNaIeQwNvEbj/PqoLEANjMgUdHoj1KL2DM9A1FwWzbOetOnml
-XkyTp/VqpGBnEvcTipRnfF49CHACjd9LLeQLAuYUaq/Nq61IwefwrlXW75PkJIeo
-sVgqqPkUa24H/HCgoNcfpQ4/T6Xkg/wfVFOOZ7cWGpqF5z7M8bc1Pnu9zZG7a3o+
-a4DCvLYEy5IUwGzvDNeTILcNsjngxX4go+Mcw5GK8ry4jyOadr2F01XIGJ8KTUZz
-GQcFIIW9TzEl4+wD9D//MJ6W+uesiIx9jgJBOYrOR70xLNsBlAhF12CsYCyJfW0T
-xndgx3yUOm66MctUR1Zmjqzng4m7Kceu0UU5t1qm7S4itP50RdIBIxRsS40Isvdo
-KesS0YkLDEHZM9C8IK9HYErOiXowZbED6eZ115CJvav4Zegpct2cdymwCMDuWReT
-cgXInswsUrq4OuMZsYmzYUpJ25SNL8hviQGcBBABAwAGBQI+pMTzAAoJECvQVSqb
-AePAAS8L+gNgrZp/r7mrZd6bUAsSpCL5FyfYhrQ9ZW7YjN+b8JKRsD7TRbxx6u19
-Ho3A0uSzXUfYeq2nj6rCG9UiI0r6fHRGrIonngq6TtjN+fhn3meGufDgbcweOsZW
-pyKcDB2oPiZdYBeMJMW/I8/yRoqOfQ/YiKDmFl1hUmSVAMuzzsXxmOaI0zbmph7+
-sSNhTm/bI+98YdRdppkWvT/m5sTtvBHOsG6n7HYT8d88bsZsPjWPqMTSKym4OW63
-pK+jV6tooQKGZ2CsPrTMG5jlNoH2YD7G+V/caMeoZiYimKvwTng9YtmbyCSOGxAq
-HhEjXGjxrRJW4TWcVjjgfHq6AuL7/019hNkrnHVoGmb4C9MZFuimszCC1k27yKzV
-NczOUDm/aAiZU5u19ZXShEgYfo+QgLdChUitzBfYS3GWmoG0YWjB8wFrJW0sBZHM
-efJ+j7aAcIxHd2/GqE/PaHDRysTdvtKzqEJQSs93o+/NbVFMEAEupcPjoIZJJlHe
-appx8Yehi4kCIgQQAQIADAUCPfGs5gUDAgIpAAAKCRDnOTJpHFO3NcpTD/96V7Vd
-NkUzrYz6N2ScclZ5euCb891NGgqBwE2R0/lj2MQIoWIjZ6DxgFu+kRfxOfPQkanG
-FR905abzQTbsK3KFJ3LIjrtl+MYpJ0tlHFcQXU2TBPPbN4aksfmldTvSmF8e3WMe
-OREDpYGcBetIJ0l/wB+sgD/j5KbLR0IRL9ZYV0g8p4/iCzEAY/EJEs6L4dv5xMIw
-w3bIOIgkuawm0dTNebOVSIqkzEd1H19NFUIgB4tzoZm8DIFSHpMQ6SkJaWMOLSw6
-v/zJzPhEaRWIn6vbfPBl68FNy2WVosYZ0Cw8Gg0T1W4n2zpY6vkujTm7AlbQknm6
-qGcVdqfJ2Xf3p2Mvf/pQVO/sHDFusydvnGthvA9Qu1BNIDAl3GtMptTSOh+dOzJV
-pCTGMQuk3Ugn51RICishdrj0uMFovHKc8zEbbfOqbWBw4M3iNDDZsWgzPUdy3YUT
-7O1v7onHMzeXIj76esPvnuz68Jm/86dNwy7j0n1n2FuUbuS7ySPJcXuCXhrmnLZU
-KyS3gOtZNS/lRNg+NUkrPOfT3Kk6Z8Y4IqVmMSs7navvCyvRH5SKV5qLiZjxD0Hx
-m4RWZArBx/8q+UDzeblMnZp8US1NzoaZ4T0TrB9eZqj8Z6qY5Dve0ZqXZ3YZcydk
-3d54LbLiIuYcU8E7lf0ZEPbGdCcP9R+AdHUfxYhiBBMRAgAiBQI+ByOpAhsDBQkK
-T3OLBAsHAwIDFQIDAxYCAQIeAQIXgAAKCRBot6uJV1SNzYxsAJ4rb1r863a43/mP
-DDcPiR+8yg4lSACgiCcqI1R3pYnImfAzFNg8XdC2mWCYjgRDt/rHAQQA0JkZeitc
-yQMqk2xGd/5mGoc4+YNwQo8OSmVwIvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j
-1oPckAhOgRPaOvaEZhYUTF0F/15piAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOm
-ygGBkLFuXvHRW1i6SNz28iRH/UZcYLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChk
-aXN0IHNpZykgPGRkOWpuQGdudS5vcmc+iLwEEwECACYFAkO3+sgCGwMFCQWjmoAG
-CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBTtiDQHODGMHmjBACHQw7SS5DuEzoA
-qPxgrhtEZqkcGZ4ieJp6v1jq/BeASt8NRyLsFRBPFegUVOAocfMHPf1vN5K3JCBO
-bmmUZo4QlwlrIivTsNp4G1wL90yhVQmzDJsowW0/t9TPTk9EqMKG/GtbOF79ifoE
-CY8X7pjFCjZb3yvOrRMdLnAomNeYfIhGBBARAgAGBQJDuBFDAAoJEF3iSZZbA1ii
-keYAn3YojYxnY/f5jGq4lOHJ7kpmj0CJAJ4/s1vX/WdjNCtq/oJXRAthMNsk5Yi8
-BBMBAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAk0tjLcFCQpUTmEACgkQ
-U7Yg0BzgxjDweAP9FNQyUfS25FrgbPCqOiiaCizFSOomDSQYQLZt3cVnlMQNenmA
-1lv2/S5OSp47UlrhjnqmuzArF55Mh5DvPChPSHDN5hZ4XxTdqmoHf50XIZfTD7HT
-oH/7oO4+9gJb9lfLNvEddB0438Mknv6Jl1sCt6p/KLujeyA/hMAle4tntruIRQQS
-EQIABgUCSbck/AAKCRB6g68zSpHCI7xEAJd68iLV4rDbwr0chJq+lySiY6nDAJ4v
-4mEy03yfuszGh7qUpD+7WRVh6YhGBBARAgAGBQJEEKI8AAoJEOrUtZD2iZvAcC0A
-nR48vuK105OUB/gljGVRWOwKKDDxAJ4lFTTZucNu9zDFI9QLLFAF5XRsr4hGBBAR
-AgAGBQJEGaT+AAoJENy+GP+gNVO89E0An14m/XCFrqbUabJ/gtDJu8KsZpgaAJ0d
-b8RXlb1kB4ElbOwDCdStZ5J6kIhGBBARAgAGBQJEMRhDAAoJEPp0OhEyNeweuR0A
-nAkrWld9wA/ornprKNsvEDU98F6AAJ98eu1rKJicBf8D/VXfXwVM4ejINohGBBAR
-AgAGBQJEXAlfAAoJEIvYLm8wuUtcDxIAn3U5i6FhiXf+pZYJD8lJUpf70fVvAJ9A
-EjuX11LMdK2RM4CxCGwDFCMsmYhGBBARAgAGBQJEtdrdAAoJEN02qG8eES5CrGsA
-n2NhSBWOKu83V/5LlgGPgY6WNFzoAJ9neioWg6833jJJQRT9x8SodZGDSYhGBBAR
-AgAGBQJE2X9FAAoJEPND4G7iyk1N5GwAn2b994OPe/zIQ8cLQbrO+pPPQwxOAJ9G
-n8oj2AYA3WNcQXBrtXChD+vZqohGBBARAgAGBQJE5IT9AAoJEHoukft4hdr8VucA
-n0lJESihyGWpXXXEQt13Yt7yYtPkAJ9pbWxehQOfiKiz7ZjUAPsdNW2rnohGBBAR
-AgAGBQJFYsVaAAoJEGoH/3a3ETQqbOsAn04S64jLlb6c/OorO8TOBIhhJhwyAJsE
-b9J9pppvckGGqqjN9oX/kwlx4YhGBBARAgAGBQJGC/OtAAoJEEHjLoH+PeyjXs8A
-n1+Tpm7p7875jYBg+euVl8jXGoWPAKCFfZFv5XvROY+3AU5QRJz1Mri6O4hGBBAR
-AgAGBQJGLCLHAAoJEDh20JkvJmXHHrYAn0WdONAvJ33Vgah2tun0EYInndl4AJ97
-Smy5BOYw6fa4Iaiio1uMf/y7pohGBBARAgAGBQJGR4/QAAoJEHPedZ04FvgejGsA
-njxdist7NM0yvl34ODmFOZnb1JNIAJ0SLeAVvSjC/1Hg3YjfhhAO6YFTBYhGBBAR
-AgAGBQJGY7zgAAoJENvFfNTA3tE+Qz0AnRk2uQXo/haP+lqqj1UwX/Nq+QmnAJ4l
-MbMXNAmAeOb7DonUKG3iJdvX74hGBBARAgAGBQJGxxVzAAoJEMGwkYNMNfLxOgkA
-n028vHcViImyBNrQV6Lr3saZVpjWAKC+DKL+Odj9L7vYdRCQY451xr3XBohGBBAR
-AgAGBQJG2etnAAoJEER/ubp4xB4W/UAAoMjNt1n+YeyFhU7SaPKoImoaww9zAKCS
-yg8Q/cB3NaCTtBjq4wBblCfyIYhGBBARAgAGBQJHOPrjAAoJENN5RIu0G9UYdQIA
-oMLmfR0YLdnMMBsytZDOe8VLPq0OAJ0baIPok8oocBF21YQQ8rQW2q4Lx4hGBBAR
-AgAGBQJHa/uEAAoJEPMtmeh4XZf/DJcAnRfuW7vdokyFZB+nhwzrogmTs128AKCV
-ZEqkkTzAvNyBWs3UJDJqUK9J4IhGBBARAgAGBQJHyuhpAAoJEC+V5jcsCHwE6zAA
-oLpvjpJ+rSbFL9WBBj1BxpE8PTG8AJwKeejDAhB2mF09t7xl9l9XWmi0SIhGBBAR
-AgAGBQJIiJr+AAoJEK4ssXKaMdD8wesAoITzObAud95RT1iNZWLYs770NoPaAJ4q
-KZ7c7xYgYZWgW37tRcuAQCbbPohGBBARAgAGBQJJfD8aAAoJELRKND+o8jtmELoA
-n0DlIk3p0MmvaIpc1td4kF1sR2iBAJ4yNeitHdiZqza2D4ofU2iKdpkpD4hGBBAR
-AgAGBQJJ29KFAAoJEHpypWRbAALMC3MAoIVYRfr4iEbUUlrFlk0vfj/68XqEAJ45
-XKKQScBkUVlMJFXmFqQDwBw+MohGBBARAgAGBQJLFlXeAAoJEKvqaIabeVg7g5oA
-oK5NVBbYglaAvS5tGD+8Z1pVTyiIAJ9j4M8IhJO1BXpv/LJAjRVOnBphNYhGBBAR
-AgAGBQJLFpRrAAoJEJ5qTepyp8YIh7wAoJFnxenv1Uh1bkbgFgtIFA03qFagAJ4g
-hqPcEKRixnUVKEymhc997ie89IhGBBIRAgAGBQJEbLVvAAoJEHLf4d6IeHGY9b8A
-n3znJne6eSRQNb7SqMiSo1IAhTKAAKC3K/XvWIbliV9VkLxoKRMUPYBd4IhGBBIR
-AgAGBQJEnt1gAAoJEN2HT5zCsdXjEA8AoIAY+tW7eYMsv+ZbK849mS5BlSuaAKCp
-qtbbGoUi3YsqG6FoQqTjSA0hrYhGBBIRAgAGBQJKHn/QAAoJEEVlvxDJOREPbCUA
-oJUCHfSsOdcV9BB1Zx/lL8FRw/4qAJ47OdWpJh76UAW5ZDlZOfCxYiFzDohGBBMR
-AgAGBQJHfTl8AAoJEPbbjicERYS1jXQAmgOdd34SpnEyr3OPZ+FFqKvkYAePAJsF
-QlldKLe6BewWPGAUHftHxFNgGohGBBMRAgAGBQJLEcUmAAoJEKvqaIabeVg7O0oA
-nA9TnICzrJrYis3NLKpG6X1BSsWTAJ0boP7V4z1wsQq3/F7rI3evdG3swohKBBAR
-AgAKBQJIIvEmAwUBPAAKCRCEaROH9mEvTsbgAKCQQ8RE/XyO04KTqatHLQWY7q1a
-uQCfZ8bel9qoAUytMddC0gkL6RMphaKITAQQEQIADAUCRBdRSQWDBURD/gAKCRBp
-CnQ6XgPXFtw1AKCuaU6wFrCRBSaRNPhxECSbzB7laACggaDhWabhi/lY1nwiuerM
-K0oeTTSITAQQEQIADAUCRpIwLAWDAsllGwAKCRCsiUn+i1aPamfWAKCuICjDGwQP
-Eg01nUmcBJEId9KFDACgjlP9jCriwgkDyimOSSsUJO2GfIiITAQQEQIADAUCRpQV
-aAWDAsd/3wAKCRDNoCSovv1covz0AJkBXVQ4MO0miIt3THZrVo0Em/nWJwCdGbHq
-eo99qbMKAbFogLrnYE31EDaIcgQwEQIAMgUCROsRFCsdAFNpZ25lZCBrZXkgd2l0
-aG91dCBpbi1wZXJzb24gdmVyaWZpY2F0aW9uAAoJEHoukft4hdr87ksAn1gSW+at
-u5/MyQO9t4sPLsqFAshPAJ97JjH8nyxc5xy0b4hD+c2d2dNwy4i8BBMBAgAmAhsD
-BgsJCAcDAgQVAggDBBYCAwECHgECF4AFAklnOV8FCQeFMi0ACgkQU7Yg0BzgxjDr
-pAQApSWcftx5Qbf/yPzf/0FE43Qvsl84XA/H1SRyDF+JQSk3l0Om77QGQvNf8XYU
-G3u+p5FvDFQEkjOcYcRn4xJUygfnqACd6lyYNU5pvnngsCmCLogwvPSeLPUBKtap
-k6jDtAXpaCfllW5D8HOUfrE+bLAS1Dvfy6A6Hkhofe2z8zmJARwEEAECAAYFAkSF
-/hUACgkQJklzsP0Eoya7PQgAiaW0PO4syCYLMOv6z+ou6Zmt9XYw+okm4zr4Lc7x
-zcNY+qpwjwZ2lcoIXEGVOI6buFcQOU+qYmQ5JFbH8jtBaBY76aUCPQQmKJzGIyJV
-iy9K310Q9b39rjCm+YLWbNG1qbqX4aJSCJLCF5C6G9IzQRGhtEWMJ3nr3nsRXkyp
-NNg40tt9f87wjQo0yd4hQ5VRFPMEH7THCTW+iFH9b9//ZkK7Cdx6poCfWmZE8AYY
-hbVOv1czF8JsRfnt1mS1YSEx95PhmV40nBqK6lzfH5hUVSVs8uaGiXkvvRMAPJJQ
-eZ/LAmoa0VjV3dGLIXSnmpGmivm3al+UFsak7kmBr+vSD4kBHAQQAQIABgUCSFT7
-LQAKCRAi/Cu2xWn//mt6CACpEPXUi6ylZNt70Xe8nN0/aHFtAP6Y8Hcd9hWiFThr
-2xW2jI1Slrc0TMgt93RdVtyVMM3kj9C0zjMo7UaJhRTAz0myFDnApTuQS/XFTJUP
-M4rdiUx6zwq20Xlm+06093JBdcPp6N7mjstspJVwchdTqf1Ny7m4loC+rro152n7
-ACycLUDnC6cD/od2qBGYaiB25Sylz/8k80SZ/9Y9sBqMqi//BGId+HnhPrYc9ny8
-S4b2K/UguASOGxrrK148TpwqVpKDvzPaKobHnE7BGhU3LDtYt1U1U1qyfVWktuq6
-6pnzuSq4bSc0oqPhWEOd/NMNDMXiwLmHeonJARoEfgKKiQEcBBIBAgAGBQJIYSe6
-AAoJEIISGkVDGUEO7u4H/25Gp9ysKV3Ub2/JocPgydmD+AVD0YGHwGoLqz6tc1Mb
-6QNB7ovyihL+D3drhz0XOhWeosZUIY8qftEfeo16nzxqIgSpTJYI+kRosRm+9xc+
-V+M9JAcALWHl/aymyF/KoiNQvJwlwnLJixs+f0p5ZaCBEbSGEI1G2lq6omJYNYrr
-V9KhLx0LUdUCsemcV+vMR+lGoXeBdZRRCAIZuu0EAB+7vdxcEcDSMOYzdnUtHWl0
-mkgfG4uVdQqqTOLxn8Isz3MhDGYkFV1auAlxlV75eMhNi0YJ6DUnzFzyJ4YlugM+
-hX3HMWQh2OvUSxkweFBQ7J7hAOsgwyjPtZ1HwOdGJu2JAhwEEAEKAAYFAksgE8QA
-CgkQIa6nCWeyIM5UzBAAyQNUkUjjxrSu4EYacRGI+1vPb+Q6HJDaQct6xrujMAzJ
-4Jt7CvtkFKGmgx/DlqiEE5c8rJjsZ0QUPWCWlOvamr3p9UpBHgUuuN0OXx9y8mge
-kj3D/Ch6dv2VUezqKDDEMsdSoEfj886pjHhWpEoV2W5P+ihF1FmRcEbKbZb3gs3y
-s66PxjqafNXjTVc4U1hGB9jc1SnomvmsE3ps6T3yJQVpLha9SPxs6Bxa5RWIR4Os
-LKfAI39uh5ikv/tSokz2GQj0hE6JrYY+46oyJWP2SfTzxlGjUtGSyP8DtZghUPuh
-AidSl0p0SHATjWnXjTEMMO1DuytF7mnxQxlocm4/gGdC+yLeg2QqQLwKq7i/L/pu
-GRWlYyV3yNG5odxHEURr4FpFulUmjsEoo4FPZA8OeSfmXJBKna7c4OIm0WxljDme
-84VpLS6LdPhu+xnqU77LuOO4x+5Y2lToZfqZHabOdFNY1TDQmlN+CLyZg/AE3g+t
-zOFE65tRPgUzQO6lFXws3/vv3OyyK/BxBZs9L3xw46A4tMlkbNpdlqQ0xLzD+a0f
-M2zxzU81YSRw1lsQnT5sdQUWaqenvVgmh3DKmaBxFu2K84SiETa5OoLI7CdW3kcW
-QVJhahKwN6zrjU+cTGARB24T2/jT66EtLegWka3+wF6gmixHLc2L783KPj2u45iJ
-AhwEEgECAAYFAkSUEEkACgkQ2MIKCVokV8864A//Y8RQB8EOcV6bYBnz8c0rARfb
-5M+kdXdmYe5LLE7uI0M+UBCNemmFvhuxQROx1hudouNnQeKAAiAjd/I7QSH+1Hgk
-IBbQjXKlK+3pxtD4+gDTdkTRxfOg+gDlFRTX9IKAPRw6c1LRoHZlAvCq1vc8A26/
-5F/FGxza3UGWdtrdLfP/KeD35jZbCKh2zPreWp7DBcYNDEUmap4w56PGqwsP/ajG
-sDKJXa3yh1bznEA7rlJYOpbFWXAhwCdP560TubXi0lLYFTWCOXa+nh5HQuS9Vkrk
-NipKTpG8RUReiu2aJgy5tRQf7D2FcDRoScn5FSQ7iZbM8RhlN/Ex/gWwMjAyapdm
-Mj1DTfxHLpJnI0+TKPT0VTsbn8uz7Zjg3jQIE2DCJqUwLuxz7HfPc3O9uM0q4LyH
-2PV8NsBd8iGXenZUPTvKdnxhBEBeDSaYN/9CaqmCcJKb2TnhYRdScvdGV+izh1X8
-mLz54LWq/aOzZXIqUWV9rIvv7Wd6KZS+L43uxhgWVBwVOeje9dLoULkuIpTgJzDg
-1wkJDDidTJpYTAZcejtI2N8+pCDlKnPDhOLFdZ07JbxlZ5OB4br/hzaGjJ2ZgbSQ
-z7q0Dl7xXRBPnLVAggN2ytfHrEA3+PdGcx2e2j9Tkm+Ykb9yPGPWtXSyNQ7SId01
-nnWq3tt3+Z3bLiLYYl6JAhwEEgECAAYFAksRhi8ACgkQmZMeJdkeASx1sQ/+OUE6
-xCuZURsx9kRcJI1v04nlGq52/fwWlgi2JrXKe5dLH9HAI/CIkudJ39Dteg2cXmvo
-++DXvecit7sqoLAbeTRnDlp5yGibcEMagBDEqxEFLfgTd17K7LFC58TD0QKIATXH
-sAL4bb+DBY4IlUDIjcuXDFiU6ZLkoCnBelV+tICdoUHtg4jh1yJVYxm+AXdueHdH
-PV8aEj/5ImDk+hzg++YwHMhejDjXLGUUqplTBP1gXuewjyHv5ua6x96PMCm+zux9
-WW9Qqv6yo6rvgkCLFYaAU/vYvvmQtUBUDFEk3SEq60gBJ1iqYuXKvg4RXfx8PesU
-SMwOSMukQn9cuKwAy/hgbajyZGPignrBzub9Xl7WK6UUIt0XcLkbyDk+mPBb7Gb/
-u+NsVPSdunSv7wRfkizMZtV/SqU/eMmUK+jPrpj9rW2zJ7pze+PGGl+g149r2z7Z
-4ZKkJ2i6hb36ytF8fD4518oTYePyn1FDTzRPb0JQIZs8hkIfv4gRtm4wgGkIqaaY
-NG2ZPAm4A5tTfwRO3qiqA99PPYRb3wiUeGqALzUR/wEkVvovpsFEjr+AGQskA2u3
-3FhahyogNREyySaLKLj9WcVJ1p+zFSNdQMzylSWRSq6/Yjf283KWUJudA24BKJEn
-LG4Glyt+5XNdgvu68/Tq1fyO+L0m1EyQ5ypvT+yZAQ0ETS2LgQEIAKoa0qVf2Mj9
-6eGUF3LZzJA/pDsmjLG1obr9yQApYdiuoVNCTchR7xO4OsZPvjZcWdwb0+gwF8kN
-Q2W0g+AoWfwT21hCoA6WlIDbls5vfRwDYAOSuOCO8MAfxxn5+QhrJa05tPHCot8+
-K+MXEQz/8h1KEUVVCP5AeZdgEmCBbIQiKXwGN7spHDoHm5yzipLOnlUfgKoOv08O
-csPyUEYeTTHyOnCHhX/IQ4MkoBNjRWPTTv3cvy6oDflmLJzNS+8lIti9/tJM73jc
-azCTF0B+rFdtiJ+IraCMT/tICYH7aMXGyidQM4HUEBjmzcUqquRrFmvcEGN64Yag
-K6JJf9xdEiEAEQEAAbQWV2VybmVyIEtvY2ggKGRpc3Qgc2lnKYkBPgQTAQIAKAUC
-TS2LgQIbAwUJEN2fAgYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQJJs50k8l
-47Y+UwgAnE+0Vd/nKjM+kWNFtKRJ2OyT16u7TmyEpk4ArDdFR49NTzRJEs92DgAf
-6+SbUkxYUWnC8eWB/GqcT2unXejsv/hTA1TCofznMLC7tIfP1xfd3hRTDNw/qpA/
-gFAQf3/GWlBL15Mr1vZEzKCCrB38nybGO+hbMvwqV//CXqNcef/I/3bEb39gDzqU
-04vU3f8+GVnMu4npt0P1bOwSn/6SHdQN+OQis5xaSrC6kH53TVHhsc+7229fLxe6
-3xKiTbOS7bFWQQ6xXZNcdvC4c7YAYLmlYNfrCAITgXld4IH/Si9qjb9uTbbDVPHM
-/o8zGjqwuSZoXoPR+uEzZuXgL+5KyoicBBABAgAGBQJNLY0EAAoJEFO2INAc4MYw
-Rk8EAIuasyOnCbJW8jpfk3g2VZy1dBZj7g4PHaI70K1Qz8X3piI8WWaDCwlTPJcv
-AAtiT6yGHzdONAt+N7GiHNLU7TsMJlTLsuxv1HsdtgnVh/9BwTKRuIBbjrkJlvUE
-A4xHYdQ4MFNoAFqJ1+eGZTMm1rLPtjQopEcDH5VVLqR+ewWriFYEEBEIAAYFAk0t
-xTcACgkQ8q2FrB5Cs2crBADfd33fB14XGfyl3Dtm4cfEUfLCcYXWNaMy+ZmmggDf
-c8hyceGA2XcPThQ7N613oi+cHzO4XC8o1tooDrkBDQRNLYuBAQgAofC5yBtpGPRX
-se3QWczpGZurBnsgVXaVH5g3WCRlpZFEJomg8RkUqGE8QFfVsNXCv+JM9o88S2mL
-uhCgeTrnJ4uuG06Zdek1WRX/lZCMAkitaf4lDfP9l6PEdQuHMqwaDkULqlFhwTLN
-Fce2/gE72QEgo1WKtmMSRAbgGcitCCXp7ZgVrjsY0ypxAfucl3AbVwZA5k4gNBAz
-jWAHPChKtK0wDoOMeS6QV6Ap9xJtIsCsG1g0DBPCZbtGo4wQnCWjT41jHZifvnHr
-ptjB2Ww/QUs6B7P878jGg9HFevSXh766Pp0Ueq8GLTh3Homw+ZcTJ4DIuIJZKHtH
-Cry4iEFQFQARAQABiQElBBgBAgAPBQJNLYuBAhsgBQkQ3Z8CAAoJECSbOdJPJeO2
-uxIIAJE2B8aQPQ6o6LBijX/4rJaetAu6xW9Jg7DyE3rqB5TcE7yJDQqjL6bRApjW
-RaNofB7CmDxl5tjgTawds0gL1KnKLLPb2wAnaKe9/j/gx6lOCnE2LDj5ebKQKQ3U
-B9WG8xNBczNFs7lnBG0+mOwyvWPm9fWzpTf9HFIAi2kCQK7UYZNM4fSvXY5yFz+6
-b5AYDI7pZSP8iJnUxfu2hdbRIKjwNKXzPlDsqYlYXpNAsrUuS7hshUbUe7CjX/RY
-dza8Jp3kHEeOCjLxOwotOa9hBla2eNa9AZXZQ4AFhZxpy61ldBDY88IhjsuWm5L/
-jkJdZtPlj6bFjfLt1vPhoX7y7IKInAQQAQIABgUCTS2NBAAKCRBTtiDQHODGMEZP
-BACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2iO9CtUM/F96YiPFlmgwsJUzyXLwAL
-Yk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7HbYJ1Yf/QcEykbiAW465CZb1BAOM
-R2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+VVS6kfnsFqw==
-=CxwV
------END PGP PUBLIC KEY BLOCK-----
-
-
-
-
- CC-BY-SA 3.0
- These web pages are - Copyright 1998--2014 The GnuPG Project¹ - and licensed under a - Creative Commons Attribution-ShareAlike 3.0 Unported License. See - copying for details. -
-
- - +mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I +Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg +jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 +KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u +qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB +1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk +aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s +hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8 +5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8 +Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc +WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC +E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsqInAQQAQIA +BgUCTS2NBAAKCRBTtiDQHODGMEZPBACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2i +O9CtUM/F96YiPFlmgwsJUzyXLwALYk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7 +HbYJ1Yf/QcEykbiAW465CZb1BAOMR2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+V +VS6kfnsFq5kBDQRUUF8HAQgAh1mo8r+kVWVTNsNlyurm2tdZKiQbdeVgpBgcDnqI +3fAV58C3nC8DVuK5qVGZPB/jbu42jc8BXGP1l6UP+515LQL5GpTtV0pRWUO02WOu +TLZBVQcq53vzbg1xVo31rWV96mqGAPs8lGUCm09fpuiVKQojO6/Ihkg7/bnzeSbc +X5Xk9eKLhyB7tnakuYJeRYm4bjs+YDApK8IFQyevYF8pjTcbLTSNJPW9WLCsozsy +11r4xdfRcTWjARVz5VzTnQ+Px8YtsnjQ3qwNJBpsqMLCdDN7YGhh/mlwPjgdq/UF +f5+bY6f3ew0vshBqInBQycBSmYyoX0Ye3sAS/OR4nu5ZaQARAQABtD5EYXZpZCBT +aGF3IChHbnVQRyBSZWxlYXNlIFNpZ25pbmcgS2V5KSA8ZHNoYXdAamFiYmVyd29j +a3kuY29tPokBPgQTAQIAKAUCVFBfBwIbAwUJCbp27gYLCQgHAwIGFQgCCQoLBBYC +AwECHgECF4AACgkQBDdvPuCFaVmIoQf+POxCWkCTicRVlq0kust/iwYO1egK9FWG +130e2Irnv2lAZZN/0S5ibjHCYFp9gfMgmtVTF5oWXjSDAy/kIykQBBcUVx4SCJbd +MtKSdsSIQMz6P4DxXumxQm79msOsbi5TsdtUwjqdrbu2sHloE7ck/hTXUCkX3zuq +txY7W23BCQxVVT5qUaFuAHkkQaaBgAb8gdgixmkIBfu9u8k3k9zUKm/PNfMjxClv +ORkP8gev+XyzNgcXM49h5YYlmDT+Ahv99nUM1wg8yJTjefBAY0fL982Scx30nDQO +3w7ihALUoj5+TXQjhs3sWPJ8u3pstr9XcfzEZC77/CZmRYNr8g5hBokBHAQQAQgA +BgUCVFOBbwAKCRAkmznSTyXjtmHeB/0X00v959Oyc0EsSLOlfC52qsEn5cU7vxFb ++KY9aKtG4+hApJxemkqpCgA5+xZwXp3SQOf0sYFwz5OsukIjRF0HgSEdjoMTH6b7 +lT0nCwKo8AMU0nJbopVIJikHOzk2gUqh1gxu5iml1RbSkmFhiGjYeqM+ONQynCeX +Gg3LLZCQ1eeoaX69bvbWQFDtTIn2HYvjZLjuGC6PGH/naZ7GchiiiK0bs4UOdJFX +HtITC/7DcgEiHMHOMT3XlwINTexZG0grl2LuWuyyhurJh5IO6geArPKUmR8SjJjV +azpwbutZhYjTzfUpPvKK8kCSan9Df5eeekDrKCU8x8aqLDVyoQcRmQENBFRQOyMB +CADmEHA30Xc6op/72ZcJdQMriVvnAyN22L3rEbTiACfvBajs6fpzme2uJlC5F1Hk +Ydx3DvdcLoIV6Ed6j95JViJaoE0EB8T1TNuQRL5xj7jAPOpVpyqErF3vReYdCDIr +umlEb8zCQvVTICsIYYAo3oxX/Z/M7ogZDDeOe1G57f/Y8YacZqKw0AqW+20dZn3W +7Lgpjl8EzX25AKBl3Hi/z+s/T7JCqxZPAlQq/KbHkYh81oIm+AX6/5o+vCynEEx/ +2OkdeoNeeHgujwL8axAwPoYKVV9COy+/NQcofZ6gvig1+S75RrkG4AdiL64C7OpX +1N2kX08KlAzI9+65lyUw8t0zABEBAAG0Mk5JSUJFIFl1dGFrYSAoR251UEcgUmVs +ZWFzZSBLZXkpIDxnbmlpYmVAZnNpai5vcmc+iQE8BBMBCAAmBQJUUDsjAhsDBQkD +wmcABQsHCAkDBBUICQoFFgIDAQACHgECF4AACgkQIHGwijO9PwZ1/wgA0LKal1wF +Za8FPUonc2GzwE9YhkZiJB8KA/a7T6//cW4N46/GswiqZJxN1RdKs1B+rp7EMMU3 +bhoXstLBcIYveljqh4lPBWCsTT2+/OpwAmgnzjgdTHcpnCMTEOdZktD5SKrTj2tV +aWXAlWK/UsEEanA3cvzofy44n7rm+Eoa7P1YGCHL++Ihsi66ElbehilTT/xxckHX +Uji1XDvoagEENEHk5j4Z2mhWtjnGclvuiBkS4XezezNMW/fPAypZX4bkURNbGd8j +tkb3Eqt+bv+ZQoSA+Ukv8APaAzj8lRSw+CYjDxpoM0jtmiPrk+u/Do46COVA/IX2 +2aYNT2Y2KoWJV4kBHAQQAQgABgUCVFOCHQAKCRAkmznSTyXjtoIhB/0ZE/ppI2Gc +qDxSwPKkRkkoMD8oXdKkPxjUF2jgP+bceHKiz1F78cx/eZltB4av8OujO1IwqH2C +0aVr46W3eSyIcpmmw6F9sjLcTfyZJfWJrvobb7WQSKvWw0eHFgNGR6Z+BA3ohjws +aCZtzzkH2gXI+EM7qaZozMw+eSkZ4qTE9B4/hkMZZpBO0oGy9PQzSlADGftyyuTt +oSUvepfs+EvYSddQ7skXWq0zePuOhng2Mppl690A+aTywyetbPvVeqjiAbI7NB5f +8Tw7dk0Febe9NHvbwzgiStMPmIKrTcthvgIClBkZvmkBFWAPxYPdHfLzAlpDGxJt +R31c0zNFBH68mQENBFRDqVIBCAC0k8eZKDmNqdmawOlJ/m62L2g8uXT/+/vAEGb1 +yaib09xI6tfGXzbqlDwrLIZcJsSIT/nt/ajJnIVbc3137va4XbwMzsDpAMH4mmiT +oqk+izEChGm2knzrLwhoflR8aGsKL35QoZT/erdjfgPeCRLvf25fHsN2Jb0WIMzC +56VkMeFoza+9HZ5hrkemmm+gPvIvhEUopxCyOS8mK5WjB4zzIdyDJfkqVpHvafNP +0N4LIsedKdyHcj/K3kY4Kejl99GW1z1snBgPamoN2/e52Pf6KTw2FjsSGZ72oalc +rkBR4wacUizGxKcRD2Y6Xa0g9mwToWdNBQCIII+uTzOzq1EDABEBAAG0IVdlcm5l +ciBLb2NoIChSZWxlYXNlIFNpZ25pbmcgS2V5KYkBPQQTAQgAJwUCVEOpUgIbAwUJ +C6oF9QULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCKhhscfv1g2aH7B/wIW6mV +mTmzW2xc1q1MUdssExQBhEeONrbWJ/HiGZP/MaabgQ/+wZuThTAwfGM5zFQBOvrB +OGURhINU6lYQlcOrVo+V8Z1mNQKFWaKxJaY5Ku1bB1OuX9FHLEiMibogHu5fjJIX +BE8XrnvueejyFQ5g/uX2xcGgCWlMe49sR3K+lEl3n93xTmSNhP52r0gTjMjbqKWK +UaIGJ5OcWSrvawdfqLXkxR8phq2AlHHEfxpcZsOp9mZirWYQ5jcgGgFP0LYXUw/R +nxFpOcrj45qufmyEL9QJKjBV5RaHJbqukefwUInPQtVUmINqQxztSh5QxQP2tsUP +IeEi5RAoCwLJam8ziQEcBBABCAAGBQJUU4JUAAoJECSbOdJPJeO2c+cH+wevKc8w +bkWSoGOJiYDglVMJa4x5utgHyXP4PyqelIQ7yibfQq3YyOU9RWRGxfvuofPXpx1E +u/XtCGgw03r4HZhauauYe27IDpA5P/Go7+WqufT6gMBoZf/1cD2ykQZpFyszEKHf +Y+BlzqPJcRaXy4+uQG3O+bh/R2eIGAJDao/AclJI+kfckeY5DzRTibPex+rGAkxZ +8qHtlCb0WeUbL3mgl9f3LlbPH77w1on6XqqIaQ+ODSS/3CUOIhNI3lrGO7mIqhSC +0n+rpqLHeVLpLkz0IFvsJOp9UOHDCA8oL0cQtJGP1pN7muKR9nCVtoNuN41JapoO +4ZaHe5Y0r5MIofSYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNwQo8OSmVw +IvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYUTF0F/15p +iAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz28iRH/UZc +YLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpuQGdudS5v +cmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2MtwUJClRO +YQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhAtm3dxWeU +xA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2qagd/nRch +l9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+EwCV7i2e2 +u5kBogQ1oh4eEQQA/pdK4Oafa1uDN7Cr5nss4bNpg8YUSg01VVJ08KTCEdpCAPaU ++NzaP3KD2ow74WU2gzP70s9uSGQ2Vie4BLvOkaaBHba/3ivBrg3ILFrxbOfmKQg8 +Fhtncd/TBOwzfkkbxBNcVJuBPRtjZ3dlDbS4IPNsIIv2SuCIfQmA8qNGvWsAoIrJ +90b2fzERCZkKtfkoyYA8fnNrBADhJ8RmIrKiCnDk3Tzk04nu6O8fp3ptrmnO7jlu +vDfsEVsYRjyMbDnbnjCGu1PeFoP2HZ+H9lp4CaQbyjWh2JlvI9UOc72V16SFkV0r +8k0euNQXHhhzXWIkfz4gwSbBkN2nO5+6cIVeKnsdyFYkQyVs+Q86/PMfjo7utyrc +WLq1CAQAou3da1JR6+KJO4gUZVh2F1NoaVCEPAvlDhNV10/hwe5mS0kTjUJ1jMl5 +6mwAFvhFFF9saW+eAnrwIOHjopbdHrPBmTJlOnNMHVLJzFlqjihwRRZQyL8iNu2m +farn9Mr28ut5BQmp0CnNEJ6hl0Cs7l2xagWFtlEK2II144vK3fG0J1dlcm5lciBL +b2NoIChnbnVwZyBzaWcpIDxkZDlqbkBnbnUub3JnPohhBBMRAgAhAheABQkOFIf9 +BQJBvGheBgsJCAcDAgMVAgMDFgIBAh4BAAoJEGi3q4lXVI3NBJMAn01313ag0tgj +rGUZtDlKYbmNIeMeAJ0UpVsjxpylBcSjsPE8MAki7Hb2Rw== +=W3eM +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/gpg2.spec b/gpg2.spec index ec3a2f7..04b4bf4 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,11 +17,29 @@ Name: gpg2 -Version: 2.0.26 +Version: 2.1.0 Release: 0 +Summary: GnuPG 2 +License: GPL-3.0+ +Group: Productivity/Networking/Security +Url: http://www.gnupg.org/aegypten2/ +Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 +Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig +# https://www.gnupg.org/signature_key.html +Source3: %{name}.keyring +Patch2: gnupg-2.0.4-install_tools.diff +Patch4: gnupg-2.0.9-langinfo.patch +Patch5: gnupg-2.0.18-files-are-digests.patch +Patch6: gnupg-dont-fail-with-seahorse-agent.patch +Patch8: gnupg-set_umask_before_open_outfile.patch +Patch9: gnupg-detect_FIPS_mode.patch +Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-remove_development_version_warning.patch +Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch BuildRequires: automake >= 1.10 BuildRequires: expect BuildRequires: fdupes +BuildRequires: gnutls-devel BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.0.0 BuildRequires: libbz2-devel @@ -33,43 +51,23 @@ BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libusb-devel BuildRequires: makeinfo +BuildRequires: npth-devel BuildRequires: openldap2-devel +BuildRequires: pkg-config BuildRequires: readline-devel BuildRequires: zlib-devel -%if 0%{?suse_version} >= 1120 -BuildRequires: libpth-devel >= 1.3.7 -%else -BuildRequires: pth >= 1.3.7 -%endif -Url: http://www.gnupg.org/aegypten2/ -PreReq: %install_info_prereq -Requires: dirmngr Requires: pinentry -Recommends: %name-lang = %{version} +# FIXME: use proper Requires(pre/post/preun/...) +PreReq: %{install_info_prereq} +Recommends: %{name}-lang = %{version} +Obsoletes: dirmngr < 2.1.0 +Provides: dirmngr = %{version} Provides: gnupg = %{version} Provides: gpg = 1.4.9 Provides: newpg # special feature needed for OBS signd Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 -Summary: GnuPG 2 -License: GPL-3.0+ -Group: Productivity/Networking/Security -Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 -Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig -# https://www.gnupg.org/signature_key.html -Source3: %{name}.keyring -Patch1: gnupg-2.0.18-tmpdir.diff -Patch2: gnupg-2.0.4-install_tools.diff -Patch4: gnupg-2.0.9-langinfo.patch -Patch5: gnupg-2.0.18-files-are-digests.patch -Patch6: gnupg-dont-fail-with-seahorse-agent.patch -Patch8: gnupg-set_umask_before_open_outfile.patch -Patch9: gnupg-detect_FIPS_mode.patch -# PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL -Patch10: gnupg-2.0.20-automake113.diff -Patch11: gnupg-add_legacy_FIPS_mode_option.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -77,24 +75,25 @@ GnuPG 2 is the successor of "GnuPG" or GPG. It provides: GPGSM, gpg-agent, and a keybox library. %lang_package + %prep -%setup -q -n gnupg-%version -%patch1 -p1 +%setup -q -n gnupg-%{version} %patch2 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 %patch11 -p1 +%patch12 -p1 +%patch13 -p1 %build autoreconf -fi # build PIEs (position independent executables) for address space randomisation: -%ifarch s390x %sparc +%ifarch s390x %{sparc} # s390x needs to use the large PIE model (at least for gpg.c): -PIE="-fPIE" +PIE="-fPIE" %else PIE="-fpie" %endif @@ -103,10 +102,10 @@ export LDFLAGS=-pie %configure \ --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \ - --with-agent-pgm=%{_prefix}/bin/gpg-agent \ - --with-pinentry-pgm=%{_prefix}/bin/pinentry \ - --with-dirmngr-pgm=%{_prefix}/bin/dirmngr \ - --with-scdaemon-pgm=%{_prefix}/bin/scdaemon \ + --with-agent-pgm=%{_bindir}/gpg-agent \ + --with-pinentry-pgm=%{_bindir}/pinentry \ + --with-dirmngr-pgm=%{_bindir}/dirmngr \ + --with-scdaemon-pgm=%{_bindir}/scdaemon \ --enable-ldap \ --enable-gpgsm=yes \ --enable-gpg \ @@ -116,34 +115,33 @@ export LDFLAGS=-pie make %{?_smp_mflags} %install -%makeinstall -mkdir -p $RPM_BUILD_ROOT/etc/gnupg/ +make DESTDIR=%{buildroot} install %{?_smp_mflags} +mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ # bnc#391347 -install -m 644 doc/examples/gpgconf.conf $RPM_BUILD_ROOT/etc/gnupg +install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg # delete to prevent fdupes from creating cross-partition hardlink -rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/gpg2/examples/gpgconf.conf -rm $RPM_BUILD_ROOT/usr/share/info/dir +rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf +rm %{buildroot}%{_infodir}/dir # compat symlinks -ln -sf gpg2 $RPM_BUILD_ROOT/usr/bin/gpg -ln -sf gpgv2 $RPM_BUILD_ROOT/usr/bin/gpgv -ln -sf gpg2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpg.1 -ln -sf gpgv2.1 $RPM_BUILD_ROOT/usr/share/man/man1/gpgv.1 +ln -sf gpg2 %{buildroot}%{_bindir}/gpg +ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv +ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 +ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: -rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot +rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot # additional files to documentation directory -install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ $RPM_BUILD_ROOT/%{_docdir}/%{name} +install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/%{_docdir}/%{name} # install scdaemon to %{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} +mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} %find_lang gnupg2 %if 0%{?suse_version} > 1020 -%fdupes %buildroot +%fdupes %{buildroot} %endif %check %if ! 0%{?qemu_user_space_build} make check -$RPM_BUILD_ROOT/usr/bin/gpgsplit -v -p pubsplit- --uncompress Date: Tue, 16 Dec 2014 13:50:42 +0000 Subject: [PATCH 073/156] Accepting request 264728 from Base:System Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/264728 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=82 --- gpg2.changes | 5 +++++ gpg2.spec | 10 +++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 6c3d681..373a40b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Dec 3 22:37:59 UTC 2014 - andreas.stieger@gmx.de + +- update build requirement versions that changed with 2.1.0 + ------------------------------------------------------------------- Wed Nov 26 19:21:15 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index 04b4bf4..1d5bd3b 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -39,19 +39,19 @@ Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch BuildRequires: automake >= 1.10 BuildRequires: expect BuildRequires: fdupes -BuildRequires: gnutls-devel +BuildRequires: gnutls-devel >= 3.0 BuildRequires: libadns-devel -BuildRequires: libassuan-devel >= 2.0.0 +BuildRequires: libassuan-devel >= 2.1.0 BuildRequires: libbz2-devel BuildRequires: libcurl-devel >= 7.10 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.6.1 -BuildRequires: libgpg-error-devel >= 1.11 -BuildRequires: libksba-devel >= 1.0.7 +BuildRequires: libgpg-error-devel >= 1.15 +BuildRequires: libksba-devel >= 1.2.0 BuildRequires: libusb-devel BuildRequires: makeinfo -BuildRequires: npth-devel +BuildRequires: npth-devel >= 0.91 BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: readline-devel From 072a03eda8999c64b898cc16898c0e3b41ffdb7f869d78ea35116a08346c887b Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 28 Dec 2014 23:31:59 +0000 Subject: [PATCH 074/156] Accepting request 266408 from Base:System Support for large RSA keys (changelog fixed) OBS-URL: https://build.opensuse.org/request/show/266408 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=83 --- gnupg-large_keys.patch | 46 ++++++++++++++++++++++++++++++++++++++++++ gpg2.changes | 10 +++++++++ gpg2.spec | 4 ++++ 3 files changed, 60 insertions(+) create mode 100644 gnupg-large_keys.patch diff --git a/gnupg-large_keys.patch b/gnupg-large_keys.patch new file mode 100644 index 0000000..097b4c2 --- /dev/null +++ b/gnupg-large_keys.patch @@ -0,0 +1,46 @@ +From: Lorenz Hüdepohl +Date: 2014-11-27 17:01:07 +0000 +Subject: Continue to support existing large RSA keys +References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 +Upstream: no + +For RSA keys up to probably 8192 bits it seems to be enough to call +configure with the additional options + + --enable-large-secmem + --enable-large-rsa + +However, there are existing keys out there that are even larger. + +Werner Koch thinks that it is silly to use keys that are this large. He +is probably even right with this, which is why this patch still does not +allow to create new keys larger than the set maximum (4096/8192 +depending on whether enable-large-rsa is set in gpg.conf). + +I still want to continue to use my existing 10k bits key, though. + +--- +diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c +--- gnupg-2.1.0.org/agent/command.c 2014-11-04 17:10:44.000000000 +0200 ++++ gnupg-2.1.0/agent/command.c 2014-11-26 18:04:11.548271074 +0200 +@@ -47,7 +47,7 @@ + /* Maximum allowed size of the key parameters. */ + #define MAXLEN_KEYPARAM 1024 + /* Maximum allowed size of key data as used in inquiries (bytes). */ +-#define MAXLEN_KEYDATA 4096 ++#define MAXLEN_KEYDATA 8192 + /* The size of the import/export KEK key (in bytes). */ + #define KEYWRAP_KEYSIZE (128/8) + +diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac +--- gnupg-2.1.0.org/configure.ac 2014-11-04 17:09:28.000000000 +0200 ++++ gnupg-2.1.0/configure.ac 2014-11-17 19:40:28.632527090 +0200 +@@ -230,7 +230,7 @@ + large_secmem=$enableval, large_secmem=no) + AC_MSG_RESULT($large_secmem) + if test "$large_secmem" = yes ; then +- SECMEM_BUFFER_SIZE=65536 ++ SECMEM_BUFFER_SIZE=262144 + else + SECMEM_BUFFER_SIZE=32768 + fi diff --git a/gpg2.changes b/gpg2.changes index 373a40b..a988a0f 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Dec 25 18:09:11 UTC 2014 - dev@stellardeath.org + +- Support for large RSA keys + This involves compiling with --enable-large-rsa and + --enable-large-secmem, as well as patching the number + of secmem bytes and IPC bytes to slightly larger values. + See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 + * added gnupg-large_keys.patch + ------------------------------------------------------------------- Wed Dec 3 22:37:59 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index 1d5bd3b..fe8863f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -36,6 +36,7 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch +Patch14: gnupg-large_keys.patch BuildRequires: automake >= 1.10 BuildRequires: expect BuildRequires: fdupes @@ -87,6 +88,7 @@ gpg-agent, and a keybox library. %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build autoreconf -fi @@ -110,6 +112,8 @@ export LDFLAGS=-pie --enable-gpgsm=yes \ --enable-gpg \ --enable-gpgtar \ + --enable-large-rsa \ + --enable-large-secmem \ --with-gnu-ld make %{?_smp_mflags} From d7a20ca9d36b58ecb63e54f635b9de98a54a59e1d8ebc74a9167cc3854f5cdf7 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Wed, 21 Jan 2015 20:50:33 +0000 Subject: [PATCH 075/156] Accepting request 266596 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/266596 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=84 --- gnupg-2.0.18-files-are-digests.patch | 44 +++++----- gnupg-2.0.4-install_tools.diff | 6 +- ...8-openpgp_oid_to_str-buffer-overflow.patch | 77 ------------------ gnupg-2.1.0.tar.bz2 | 3 - gnupg-2.1.0.tar.bz2.sig | Bin 861 -> 0 bytes gnupg-2.1.1.tar.bz2 | 3 + gnupg-2.1.1.tar.bz2.sig | Bin 0 -> 574 bytes gnupg-add_legacy_FIPS_mode_option.patch | 26 +++--- gnupg-detect_FIPS_mode.patch | 32 ++++---- gpg2.changes | 36 ++++++++ gpg2.spec | 6 +- 11 files changed, 93 insertions(+), 140 deletions(-) delete mode 100644 gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch delete mode 100644 gnupg-2.1.0.tar.bz2 delete mode 100644 gnupg-2.1.0.tar.bz2.sig create mode 100644 gnupg-2.1.1.tar.bz2 create mode 100644 gnupg-2.1.1.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 15e5153..939a1e3 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,10 +4,10 @@ g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 66 insertions(+), 5 deletions(-) -Index: gnupg-2.1.0/g10/gpg.c +Index: gnupg-2.1.1/g10/gpg.c =================================================================== ---- gnupg-2.1.0.orig/g10/gpg.c 2014-11-07 11:35:21.599605797 +0100 -+++ gnupg-2.1.0/g10/gpg.c 2014-11-07 16:50:14.742067262 +0100 +--- gnupg-2.1.1.orig/g10/gpg.c ++++ gnupg-2.1.1/g10/gpg.c @@ -349,6 +349,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, @@ -16,7 +16,7 @@ Index: gnupg-2.1.0/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -733,6 +734,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -730,6 +731,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.0/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2126,6 +2128,7 @@ main (int argc, char **argv) +@@ -2125,6 +2127,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; set_homedir (default_homedir ()); opt.passphrase_repeat = 1; @@ -40,11 +40,11 @@ Index: gnupg-2.1.0/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.0/g10/options.h +Index: gnupg-2.1.1/g10/options.h =================================================================== ---- gnupg-2.1.0.orig/g10/options.h 2014-11-07 11:35:21.599605797 +0100 -+++ gnupg-2.1.0/g10/options.h 2014-11-07 16:49:59.770885017 +0100 -@@ -193,6 +193,7 @@ struct +--- gnupg-2.1.1.orig/g10/options.h ++++ gnupg-2.1.1/g10/options.h +@@ -192,6 +192,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,13 +52,13 @@ Index: gnupg-2.1.0/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.0/g10/sign.c +Index: gnupg-2.1.1/g10/sign.c =================================================================== ---- gnupg-2.1.0.orig/g10/sign.c 2014-11-07 11:35:21.599605797 +0100 -+++ gnupg-2.1.0/g10/sign.c 2014-11-07 17:13:40.128218081 +0100 -@@ -703,8 +703,12 @@ write_signature_packets (SK_LIST sk_list - build_sig_subpkt_from_sig (sig); - mk_notation_policy_etc (sig, pk, NULL); +--- gnupg-2.1.1.orig/g10/sign.c ++++ gnupg-2.1.1/g10/sign.c +@@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list + mk_notation_policy_etc (sig, NULL, pk); + } + if (!opt.files_are_digests) { hash_sigversion_to_magic (md, sig); @@ -69,7 +69,7 @@ Index: gnupg-2.1.0/g10/sign.c rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -762,6 +766,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -765,6 +769,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -78,7 +78,7 @@ Index: gnupg-2.1.0/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -778,7 +784,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -781,7 +787,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -96,7 +96,7 @@ Index: gnupg-2.1.0/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -799,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -802,7 +817,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -105,7 +105,7 @@ Index: gnupg-2.1.0/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -938,7 +953,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -940,7 +955,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -114,7 +114,7 @@ Index: gnupg-2.1.0/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -993,6 +1008,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -995,6 +1010,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -123,7 +123,7 @@ Index: gnupg-2.1.0/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1033,6 +1050,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) putc( '\n', stderr ); } @@ -169,7 +169,7 @@ Index: gnupg-2.1.0/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1050,8 +1106,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1052,8 +1108,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff index 218de8e..05f0031 100644 --- a/gnupg-2.0.4-install_tools.diff +++ b/gnupg-2.0.4-install_tools.diff @@ -1,7 +1,7 @@ Index: tools/Makefile.am =================================================================== ---- tools/Makefile.am.orig 2014-11-06 18:12:17.743916141 +0100 -+++ tools/Makefile.am 2014-11-06 18:13:17.073677366 +0100 +--- tools/Makefile.am.orig ++++ tools/Makefile.am @@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde bin_SCRIPTS = gpgsm-gencert.sh @@ -30,4 +30,4 @@ Index: tools/Makefile.am +noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert endif - common_libs = $(libcommon) ../gl/libgnu.a + common_libs = $(libcommon) diff --git a/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch b/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch deleted file mode 100644 index 9a46d79..0000000 --- a/gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch +++ /dev/null @@ -1,77 +0,0 @@ -From: Werner Koch -Date: Tue, 25 Nov 2014 11:58:56 +0100 -Subject: [PATCH] Fix buffer overflow in openpgp_oid_to_str. -References: boo#907198 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8445ef24fc31e1fe0291e17f90f9f06b536e34da -Upstream: committed - -* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow. - -* common/t-openpgp-oid.c (BADOID): New. -(test_openpgp_oid_to_str): Add test cases. --- - -The code has an obvious error by not considering invalid encoding for -arc-2. A first byte of 0x80 can be used to make a value of less then -80 and we then subtract 80 from that value as required by the OID -encoding rules. Due to the unsigned integer this results in a pretty -long value which won't fit anymore into the allocated buffer. - -The fix is obvious. Also added a few simple test cases. Note that we -keep on using sprintf instead of snprintf because managing the -remaining length of the buffer would probably be more error prone than -assuring that the buffer is large enough. Getting rid of sprintf -altogether by using direct conversion along with membuf_t like code -might be possible. - -Reported-by: Hanno Böck -Signed-off-by: Werner Koch - -Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7 ---- - common/openpgp-oid.c | 2 ++ - common/t-openpgp-oid.c | 9 +++++++++ - 2 files changed, 11 insertions(+) - -diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c -index 010c23f..d3d1f2a 100644 ---- a/common/openpgp-oid.c -+++ b/common/openpgp-oid.c -@@ -236,6 +236,8 @@ openpgp_oid_to_str (gcry_mpi_t a) - val <<= 7; - val |= buf[n] & 0x7f; - } -+ if (val < 80) -+ goto badoid; - val -= 80; - sprintf (p, "2.%lu", val); - p += strlen (p); -diff --git a/common/t-openpgp-oid.c b/common/t-openpgp-oid.c -index 79e5a70..5cd778d 100644 ---- a/common/t-openpgp-oid.c -+++ b/common/t-openpgp-oid.c -@@ -32,6 +32,9 @@ - } while(0) - - -+#define BADOID "1.3.6.1.4.1.11591.2.12242973" -+ -+ - static void - test_openpgp_oid_from_str (void) - { -@@ -108,6 +111,12 @@ test_openpgp_oid_to_str (void) - { "1.3.132.0.35", - { 5, 0x2B, 0x81, 0x04, 0x00, 0x23 }}, - -+ { BADOID, -+ { 9, 0x80, 0x02, 0x70, 0x50, 0x25, 0x46, 0xfd, 0x0c, 0xc0 }}, -+ -+ { BADOID, -+ { 1, 0x80 }}, -+ - { NULL }}; - gcry_mpi_t a; - int idx; --- -1.7.10.4 - diff --git a/gnupg-2.1.0.tar.bz2 b/gnupg-2.1.0.tar.bz2 deleted file mode 100644 index 510940c..0000000 --- a/gnupg-2.1.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:16a8c3f50a15bf37d2dfb1c5e4bb3ec533e1d0b6a4043ff3680a376a3ad4058b -size 3111585 diff --git a/gnupg-2.1.0.tar.bz2.sig b/gnupg-2.1.0.tar.bz2.sig deleted file mode 100644 index 48b9d857fe4238792ee08ed5820a51bf116213e86b22f21dc55eedf3feddb5b3..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 861 zcmV-j1ETzi0UQJX0SEvF1p-uBMcV)h2@oWkInqxhnr-=OX@$|FC!e#X&6>73>y_MBSYk7e|1MCH1T zi9wR;_OTQQnq5(!bBp637qnc@$9q>=YoKmCMz7fDE7J!31y>EtP4zr2QVWZi9%~?Pqw!)R4aCz=(!l)<3IPqHOV1-* za)C)gGjw+;3bIFQNVl|;sGg}pUbI6oV;F~MLcBA(IRapmJ=qN+|B2v01`U!P~CXt@ce_L zYohWT+=^Q^FQo){C}+&LQdu~zT~VI{3=`i6>6tH@?LF-hhQUe9=_=&wo89o|eIf7e zM4pXgj$mm%iHQLm1ONdD00spDR9iW00162ZAaSsYGrd0sN{Cw7xu zG$sGgSLuGc9(SL>)s&JgvnRMY(h2!Mdsrd_H{^IpKg!#TFo6$ml`PQ>+bTxlcp6*x zxNoHCC7Ctcom%7##)s-3%!?(b&jToe5_=Cu2-kx%Bzs9Q`k&UX>2d;)!}arcc)&?B z>KaA+Tnq%Vyno|bIl`Dl-)jK6AAT%yBWMW`B?MyYN0n{#Bk)A9uozAAteX7+uq&1| n2F#pgpLH>iWLOBUjQRRz$u>5qaeUC`^}Z diff --git a/gnupg-2.1.1.tar.bz2 b/gnupg-2.1.1.tar.bz2 new file mode 100644 index 0000000..e165c4d --- /dev/null +++ b/gnupg-2.1.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:70ecd01d2875db62624c911c2fd815742f50aef5492698eb3bfc09a08690ce49 +size 4801472 diff --git a/gnupg-2.1.1.tar.bz2.sig b/gnupg-2.1.1.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..83cbbfc504f57ade3dd20fd845040f6606dda91beb6940b426c576541604d911 GIT binary patch literal 574 zcmV-E0>S->0UQJX0SEvF1p-u%PniG;2@oWkInqxh zJ03Y;ttz!nQUDqDB8rI%A@&6hTK`HuP6L@5E$vb$KiR6L{j_5d=9G`g$#(EOHIomDVvTzH zt-7XfF$b)-qXH8X8FmOIK!#8&og}LG2&p5~ZqxrFsqS|&rgPjnvySep17fHdcwufu zXT}5N%#@J5@1rC!fm7Us&I1N-dPq>?uT><^=M;_l-G2tEImjyR%xgv6aoxQ4_?5Ut M8pGsj$0{e+!Z(}=-2eap literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 2b53225..80c29ff 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.0/doc/gpg.texi +Index: gnupg-2.1.1/doc/gpg.texi =================================================================== ---- gnupg-2.1.0.orig/doc/gpg.texi 2014-11-06 18:31:32.218688065 +0100 -+++ gnupg-2.1.0/doc/gpg.texi 2014-11-06 18:31:33.871709178 +0100 -@@ -1828,6 +1828,24 @@ implies, this option is for experts only +--- gnupg-2.1.1.orig/doc/gpg.texi ++++ gnupg-2.1.1/doc/gpg.texi +@@ -1842,6 +1842,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.0/doc/gpg.texi @end table -Index: gnupg-2.1.0/g10/gpg.c +Index: gnupg-2.1.1/g10/gpg.c =================================================================== ---- gnupg-2.1.0.orig/g10/gpg.c 2014-11-06 18:31:32.220688090 +0100 -+++ gnupg-2.1.0/g10/gpg.c 2014-11-06 18:32:03.833091859 +0100 -@@ -380,6 +380,7 @@ enum cmd_and_opt_values - oNoAllowMultipleMessages, +--- gnupg-2.1.1.orig/g10/gpg.c ++++ gnupg-2.1.1/g10/gpg.c +@@ -381,6 +381,7 @@ enum cmd_and_opt_values oAllowWeakDigestAlgos, oFakedSystemTime, + oNoAutostart, + oSetLegacyFips, oNoop }; -@@ -772,6 +773,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -769,6 +770,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,9 +52,9 @@ Index: gnupg-2.1.0/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3138,6 +3140,13 @@ main (int argc, char **argv) - } - break; +@@ -3134,6 +3136,13 @@ main (int argc, char **argv) + + case oNoAutostart: opt.autostart = 0; break; + case oSetLegacyFips: + if(gcry_fips_mode_active()) diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch index efacf41..81aa96b 100644 --- a/gnupg-detect_FIPS_mode.patch +++ b/gnupg-detect_FIPS_mode.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.1.0/g10/encrypt.c +Index: gnupg-2.1.1/g10/encrypt.c =================================================================== ---- gnupg-2.1.0.orig/g10/encrypt.c 2014-11-06 18:27:35.176659675 +0100 -+++ gnupg-2.1.0/g10/encrypt.c 2014-11-06 18:29:10.987883901 +0100 +--- gnupg-2.1.1.orig/g10/encrypt.c ++++ gnupg-2.1.1/g10/encrypt.c @@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro /* Because 3DES is implicitly in the prefs, this can only happen if we do not have any public keys in @@ -14,25 +14,21 @@ Index: gnupg-2.1.0/g10/encrypt.c } /* In case 3DES has been selected, print a warning if -Index: gnupg-2.1.0/g10/mainproc.c +Index: gnupg-2.1.1/g10/mainproc.c =================================================================== ---- gnupg-2.1.0.orig/g10/mainproc.c 2014-11-06 18:27:33.243634973 +0100 -+++ gnupg-2.1.0/g10/mainproc.c 2014-11-06 18:27:35.178659700 +0100 -@@ -690,9 +690,15 @@ proc_plaintext( CTX c, PACKET *pkt ) - often. There is no good way to specify what algorithms to - use in that case, so these three are the historical - answer. */ -- gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); +--- gnupg-2.1.1.orig/g10/mainproc.c ++++ gnupg-2.1.1/g10/mainproc.c +@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt ) + according to 2440, so hopefully it won't come up that often. + There is no good way to specify what algorithms to use in + that case, so these there are the historical answer. */ +- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); + + /* Libgcrypt manual says that gcry_version_check must be called + before calling gcry_fips_mode_active. */ + gcry_check_version (NULL); + if( !gcry_fips_mode_active() ) + gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); -- gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); -+ if( !gcry_fips_mode_active() ) -+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); - } - if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify - && opt.flags.allow_weak_digest_algos) { + gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); + } + if (DBG_HASHING) diff --git a/gpg2.changes b/gpg2.changes index a988a0f..a772267 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Fri Dec 26 21:15:55 UTC 2014 - andreas.stieger@gmx.de + +- update to 2.1.1: + * gpg: Detect faulty use of --verify on detached signatures. + * gpg: New import option "keep-ownertrust". + * gpg: New sub-command "factory-reset" for --card-edit. + * gpg: A stub key for smartcards is now created by --card-status. + * gpg: Fixed regression in --refresh-keys. + * gpg: Fixed regresion in %g and %p codes for --sig-notation. + * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA. + * gpg: Improved perceived speed of secret key listisngs. + * gpg: Print number of skipped PGP-2 keys on import. + * gpg: Removed the option aliases --throw-keyid and --notation-data; + use --throw-keyids and --set-notation instead. + * gpg: New import option "keep-ownertrust". + * gpg: Skip too large keys during import. + * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or + dirmngr. + * gpg-agent: New option --extra-socket to provide a restricted + command set for use with remote clients. + * gpgconf --kill does not anymore start a service only to kill it. + * gpg-pconnect-agent: Add convenience option --uiserver. + * More translations (but most of them are not complete). + * To support remotely mounted home directories, the IPC sockets may + now be redirected. This feature requires Libassuan 2.2.0. + * Improved portability and the usual bunch of bug fixes. +- removed patch not part of upstream release: + gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch +- refresh for context changes: + gnupg-2.0.18-files-are-digests.patch + gnupg-2.0.4-install_tools.diff +- refresh for upstream code changes: + gnupg-add_legacy_FIPS_mode_option.patch + gnupg-detect_FIPS_mode.patch (MD5 removed) + ------------------------------------------------------------------- Thu Dec 25 18:09:11 UTC 2014 - dev@stellardeath.org diff --git a/gpg2.spec b/gpg2.spec index fe8863f..d90b53c 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.0 +Version: 2.1.1 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -35,7 +35,6 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch -Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch Patch14: gnupg-large_keys.patch BuildRequires: automake >= 1.10 BuildRequires: expect @@ -48,7 +47,7 @@ BuildRequires: libcurl-devel >= 7.10 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.6.1 -BuildRequires: libgpg-error-devel >= 1.15 +BuildRequires: libgpg-error-devel >= 1.16 BuildRequires: libksba-devel >= 1.2.0 BuildRequires: libusb-devel BuildRequires: makeinfo @@ -87,7 +86,6 @@ gpg-agent, and a keybox library. %patch9 -p1 %patch11 -p1 %patch12 -p1 -%patch13 -p1 %patch14 -p1 %build From 914c259adf0f54a404583e558edb3fe7c5efd4aa5f8dcbcc3e3c0b93a5bb571f Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 14 Feb 2015 12:54:21 +0000 Subject: [PATCH 076/156] Accepting request 285756 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/285756 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=85 --- gnupg-2.0.18-files-are-digests.patch | 33 +++++++++++++++++---------- gnupg-2.1.1.tar.bz2 | 3 --- gnupg-2.1.1.tar.bz2.sig | Bin 574 -> 0 bytes gnupg-2.1.2.tar.bz2 | 3 +++ gnupg-2.1.2.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 26 +++++++++++++++++++++ gpg2.spec | 6 ++--- 7 files changed, 53 insertions(+), 18 deletions(-) delete mode 100644 gnupg-2.1.1.tar.bz2 delete mode 100644 gnupg-2.1.1.tar.bz2.sig create mode 100644 gnupg-2.1.2.tar.bz2 create mode 100644 gnupg-2.1.2.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 939a1e3..5b69f43 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,10 +4,10 @@ g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 66 insertions(+), 5 deletions(-) -Index: gnupg-2.1.1/g10/gpg.c +Index: gnupg-2.1.2/g10/gpg.c =================================================================== ---- gnupg-2.1.1.orig/g10/gpg.c -+++ gnupg-2.1.1/g10/gpg.c +--- gnupg-2.1.2.orig/g10/gpg.c ++++ gnupg-2.1.2/g10/gpg.c @@ -349,6 +349,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, @@ -24,7 +24,7 @@ Index: gnupg-2.1.1/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2125,6 +2127,7 @@ main (int argc, char **argv) +@@ -2127,6 +2129,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; set_homedir (default_homedir ()); opt.passphrase_repeat = 1; @@ -32,7 +32,7 @@ Index: gnupg-2.1.1/g10/gpg.c opt.emit_version = 1; /* Limit to the major number. */ /* Check whether we have a config file on the command line. */ -@@ -2630,6 +2633,7 @@ main (int argc, char **argv) +@@ -2632,6 +2635,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,10 +40,10 @@ Index: gnupg-2.1.1/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.1/g10/options.h +Index: gnupg-2.1.2/g10/options.h =================================================================== ---- gnupg-2.1.1.orig/g10/options.h -+++ gnupg-2.1.1/g10/options.h +--- gnupg-2.1.2.orig/g10/options.h ++++ gnupg-2.1.2/g10/options.h @@ -192,6 +192,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; @@ -52,10 +52,19 @@ Index: gnupg-2.1.1/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.1/g10/sign.c +Index: gnupg-2.1.2/g10/sign.c =================================================================== ---- gnupg-2.1.1.orig/g10/sign.c -+++ gnupg-2.1.1/g10/sign.c +--- gnupg-2.1.2.orig/g10/sign.c ++++ gnupg-2.1.2/g10/sign.c +@@ -41,7 +41,7 @@ + #include "pkglue.h" + #include "sysutils.h" + #include "call-agent.h" +- ++#include "host2net.h" + + #ifdef HAVE_DOSISH_SYSTEM + #define LF "\r\n" @@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, pk); } @@ -164,7 +173,7 @@ Index: gnupg-2.1.1/g10/sign.c + sigclass = ts[0]; + if (sigclass != 0x00 && sigclass != 0x01) + log_bug("bad cipher class\n"); -+ timestamp = buffer_to_u32(ts + 1); ++ timestamp = buf32_to_u32(ts + 1); + } else { /* read, so that the filter can calculate the digest */ diff --git a/gnupg-2.1.1.tar.bz2 b/gnupg-2.1.1.tar.bz2 deleted file mode 100644 index e165c4d..0000000 --- a/gnupg-2.1.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:70ecd01d2875db62624c911c2fd815742f50aef5492698eb3bfc09a08690ce49 -size 4801472 diff --git a/gnupg-2.1.1.tar.bz2.sig b/gnupg-2.1.1.tar.bz2.sig deleted file mode 100644 index 83cbbfc504f57ade3dd20fd845040f6606dda91beb6940b426c576541604d911..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 574 zcmV-E0>S->0UQJX0SEvF1p-u%PniG;2@oWkInqxh zJ03Y;ttz!nQUDqDB8rI%A@&6hTK`HuP6L@5E$vb$KiR6L{j_5d=9G`g$#(EOHIomDVvTzH zt-7XfF$b)-qXH8X8FmOIK!#8&og}LG2&p5~ZqxrFsqS|&rgPjnvySep17fHdcwufu zXT}5N%#@J5@1rC!fm7Us&I1N-dPq>?uT><^=M;_l-G2tEImjyR%xgv6aoxQ4_?5Ut M8pGsj$0{e+!Z(}=-2eap diff --git a/gnupg-2.1.2.tar.bz2 b/gnupg-2.1.2.tar.bz2 new file mode 100644 index 0000000..605451b --- /dev/null +++ b/gnupg-2.1.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:404f5a43d591dfe41f0ffb204b49a1533b67d77bc1fd68febd7e447575616792 +size 4832996 diff --git a/gnupg-2.1.2.tar.bz2.sig b/gnupg-2.1.2.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..849d6acd43977539d4e3bd4759a62cf64fee0c7dbcd984562d401f9ce6c4bc6b GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-vtqZ9xN2@oWkInqxh8DM7$CZAeg5jgN}#E8>3jpP4NZE4!{V93K_=)d3c@s#st9z9^nPcPIvny1v>t*f7BRr zK^E4{#LUH8hdLNy-3nlIHXFxFvx58Ho}S)?Suh4U3r6D+ZLQujo{u=W6iw4?#hq6B zXIt?rQhovM#(r31v8isUOKF8Afn_4YlVjgb&VCmBp`V39SN3MUm5z41g;TJYKrB0i lJ{|NAC-j~*O@>I#;~Z8gr|2pmf)i}tS=o6x2~Ur`{ZYR+fz1E_ literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index a772267..eaa4307 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Wed Feb 11 21:48:13 UTC 2015 - astieger@suse.com + +- update to 2.1.2: + * gpg: The parameter 'Passphrase' for batch key generation works + again. + * gpg: Using a passphrase option in batch mode now has the + expected effect on --quick-gen-key. + * gpg: Improved reporting of unsupported PGP-2 keys. + * gpg: Added support for algo names when generating keys using + --command-fd. + * gpg: Fixed DoS based on bogus and overlong key packets. + * agent: When setting --default-cache-ttl the value + for --max-cache-ttl is adjusted to be not lower than the former. + * agent: Fixed problems with the new --extra-socket. + * agent: Made --allow-loopback-pinentry changeable with gpgconf. + * agent: Fixed importing of unprotected openpgp keys. + * agent: Now tries to use a fallback pinentry if the standard + pinentry is not installed. + * scd: Added support for ECDH. + * Fixed several bugs related to bogus keyrings and improved some + other code. +- in gnupg-2.0.18-files-are-digests.patch, change buffer_to_u32 to + buf32_to_u32 from host2net.h to match upstream changes +- now requires automake 1.14 + ------------------------------------------------------------------- Fri Dec 26 21:15:55 UTC 2014 - andreas.stieger@gmx.de diff --git a/gpg2.spec b/gpg2.spec index d90b53c..2f8c900 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.1 +Version: 2.1.2 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -36,7 +36,7 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch Patch14: gnupg-large_keys.patch -BuildRequires: automake >= 1.10 +BuildRequires: automake >= 1.14 BuildRequires: expect BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 From 1e59d0bb1e3588f945ae3b6c3e4591b7e649defdc8ab37cea28e970e7e3a97f8 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 1 Mar 2015 13:52:09 +0000 Subject: [PATCH 077/156] Accepting request 287682 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/287682 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=86 --- ...legacy-keys-while-searching-keyrings.patch | 76 +++++++++++++++++++ gpg2.changes | 6 ++ gpg2.spec | 4 +- 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch diff --git a/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch b/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch new file mode 100644 index 0000000..64b768e --- /dev/null +++ b/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch @@ -0,0 +1,76 @@ +From a8116aacd91b7e775762a62c268fab6cc3c77438 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 23 Feb 2015 16:37:57 +0100 +Subject: [PATCH] gpg: Skip legacy keys while searching keyrings. + +* g10/getkey.c (search_modes_are_fingerprint): New. +(lookup): Skip over legacy keys. +-- + +GnuPG-bug-id: 1847 +Signed-off-by: Werner Koch +--- + g10/getkey.c | 39 +++++++++++++++++++++++++++++++++++++-- + 1 file changed, 37 insertions(+), 2 deletions(-) + +diff --git a/g10/getkey.c b/g10/getkey.c +index 76ee493..116753c 100644 +--- a/g10/getkey.c ++++ b/g10/getkey.c +@@ -2525,6 +2525,29 @@ found: + } + + ++/* Return true if all the search modes are fingerprints. */ ++static int ++search_modes_are_fingerprint (getkey_ctx_t ctx) ++{ ++ size_t n, found; ++ ++ for (n=found=0; n < ctx->nitems; n++) ++ { ++ switch (ctx->items[n].mode) ++ { ++ case KEYDB_SEARCH_MODE_FPR16: ++ case KEYDB_SEARCH_MODE_FPR20: ++ case KEYDB_SEARCH_MODE_FPR: ++ found++; ++ break; ++ default: ++ break; ++ } ++ } ++ return found && found == ctx->nitems; ++} ++ ++ + /* The main function to lookup a key. On success the found keyblock + is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true + a corresponding secret key is required. */ +@@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret) + int rc; + int no_suitable_key = 0; + +- rc = 0; +- while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL))) ++ for (;;) + { ++ rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL); ++ /* Skip over all legacy keys but only if they are not requested ++ by fingerprints. ++ Fixme: The lower level keydb code should actually do that but ++ then it would be harder to report the number of skipped ++ legacy keys during import. */ ++ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY ++ && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST) ++ && !search_modes_are_fingerprint (ctx)) ++ continue; ++ if (rc) ++ break; ++ + /* If we are searching for the first key we have to make sure + that the next iteration does not do an implicit reset. + This can be triggered by an empty key ring. */ +-- +2.1.4 + diff --git a/gpg2.changes b/gpg2.changes index eaa4307..0958884 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 24 08:10:22 UTC 2015 - astieger@suse.com + +- Fix invalid packet read error when reading keyrings [boo#914625] + add 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch + ------------------------------------------------------------------- Wed Feb 11 21:48:13 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2f8c900..2736cb5 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,6 +36,7 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch Patch14: gnupg-large_keys.patch +Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch BuildRequires: automake >= 1.14 BuildRequires: expect BuildRequires: fdupes @@ -87,6 +88,7 @@ gpg-agent, and a keybox library. %patch11 -p1 %patch12 -p1 %patch14 -p1 +%patch15 -p1 %build autoreconf -fi From cbc35ec5fdd2829a8763b2d52d7039da4c4bf78d99cde85756f003dff894854b Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 23 Mar 2015 11:16:22 +0000 Subject: [PATCH 078/156] Accepting request 291614 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/291614 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=87 --- gnupg-2.0.4-install_tools.diff | 33 ------------- gnupg-large_keys.patch | 46 ------------------- ...g-remove_development_version_warning.patch | 15 ------ gpg2.changes | 9 ++++ gpg2.spec | 12 ++--- 5 files changed, 13 insertions(+), 102 deletions(-) delete mode 100644 gnupg-2.0.4-install_tools.diff delete mode 100644 gnupg-large_keys.patch delete mode 100644 gnupg-remove_development_version_warning.patch diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff deleted file mode 100644 index 05f0031..0000000 --- a/gnupg-2.0.4-install_tools.diff +++ /dev/null @@ -1,33 +0,0 @@ -Index: tools/Makefile.am -=================================================================== ---- tools/Makefile.am.orig -+++ tools/Makefile.am -@@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde - - bin_SCRIPTS = gpgsm-gencert.sh - if HAVE_USTAR --# bin_SCRIPTS += gpg-zip --noinst_SCRIPTS = gpg-zip -+bin_SCRIPTS += gpg-zip -+#noinst_SCRIPTS = gpg-zip - endif - - if BUILD_SYMCRYPTRUN -@@ -55,7 +55,7 @@ endif - # Fixme: We should remove the gpgkey2ssh tool. - bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} - if !HAVE_W32_SYSTEM --bin_PROGRAMS += watchgnupg gpgparsemail -+bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit - endif - if !HAVE_W32CE_SYSTEM - bin_PROGRAMS += gpgkey2ssh ${gpgtar} -@@ -66,7 +66,7 @@ libexec_PROGRAMS = gpg-check-pattern - endif - - if !HAVE_W32CE_SYSTEM --noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit -+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert - endif - - common_libs = $(libcommon) diff --git a/gnupg-large_keys.patch b/gnupg-large_keys.patch deleted file mode 100644 index 097b4c2..0000000 --- a/gnupg-large_keys.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Lorenz Hüdepohl -Date: 2014-11-27 17:01:07 +0000 -Subject: Continue to support existing large RSA keys -References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 -Upstream: no - -For RSA keys up to probably 8192 bits it seems to be enough to call -configure with the additional options - - --enable-large-secmem - --enable-large-rsa - -However, there are existing keys out there that are even larger. - -Werner Koch thinks that it is silly to use keys that are this large. He -is probably even right with this, which is why this patch still does not -allow to create new keys larger than the set maximum (4096/8192 -depending on whether enable-large-rsa is set in gpg.conf). - -I still want to continue to use my existing 10k bits key, though. - ---- -diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c ---- gnupg-2.1.0.org/agent/command.c 2014-11-04 17:10:44.000000000 +0200 -+++ gnupg-2.1.0/agent/command.c 2014-11-26 18:04:11.548271074 +0200 -@@ -47,7 +47,7 @@ - /* Maximum allowed size of the key parameters. */ - #define MAXLEN_KEYPARAM 1024 - /* Maximum allowed size of key data as used in inquiries (bytes). */ --#define MAXLEN_KEYDATA 4096 -+#define MAXLEN_KEYDATA 8192 - /* The size of the import/export KEK key (in bytes). */ - #define KEYWRAP_KEYSIZE (128/8) - -diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac ---- gnupg-2.1.0.org/configure.ac 2014-11-04 17:09:28.000000000 +0200 -+++ gnupg-2.1.0/configure.ac 2014-11-17 19:40:28.632527090 +0200 -@@ -230,7 +230,7 @@ - large_secmem=$enableval, large_secmem=no) - AC_MSG_RESULT($large_secmem) - if test "$large_secmem" = yes ; then -- SECMEM_BUFFER_SIZE=65536 -+ SECMEM_BUFFER_SIZE=262144 - else - SECMEM_BUFFER_SIZE=32768 - fi diff --git a/gnupg-remove_development_version_warning.patch b/gnupg-remove_development_version_warning.patch deleted file mode 100644 index b265147..0000000 --- a/gnupg-remove_development_version_warning.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: gnupg-2.1.0/autogen.sh -=================================================================== ---- gnupg-2.1.0.orig/autogen.sh 2014-11-05 09:04:41.000000000 +0100 -+++ gnupg-2.1.0/autogen.sh 2014-11-11 17:46:57.154859332 +0100 -@@ -228,8 +228,8 @@ if [ "$myhost" = "find-version" ]; then - rvd=$((0x$(echo ${rev} | head -c 4))) - else - ingit=no -- beta=yes -- tmp="-unknown" -+ beta=no -+ tmp="" - rev="0000000" - rvd="0" - fi diff --git a/gpg2.changes b/gpg2.changes index 0958884..7a430c2 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Mar 19 15:56:12 UTC 2015 - astieger@suse.com + +- Ensure secure memory can be used with default 64k memlock limit + Fixes [boo#915931], removes gnupg-large_keys.patch +- Removed gnupg-remove_development_version_warning.patch, obsolete +- Removed gnupg-2.0.4-install_tools.diff, replaced by spec install +- Removed autoconf requirement and autoreconf calls thus obsoleted + ------------------------------------------------------------------- Tue Feb 24 08:10:22 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2736cb5..7a620eb 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -27,17 +27,13 @@ Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring -Patch2: gnupg-2.0.4-install_tools.diff Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-remove_development_version_warning.patch -Patch14: gnupg-large_keys.patch Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch -BuildRequires: automake >= 1.14 BuildRequires: expect BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 @@ -79,19 +75,15 @@ gpg-agent, and a keybox library. %prep %setup -q -n gnupg-%{version} -%patch2 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 -%patch14 -p1 %patch15 -p1 %build -autoreconf -fi # build PIEs (position independent executables) for address space randomisation: %ifarch s390x %{sparc} # s390x needs to use the large PIE model (at least for gpg.c): @@ -138,6 +130,10 @@ install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/% # install scdaemon to %{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} +# install legacy tools +install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} +install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} + %find_lang gnupg2 %if 0%{?suse_version} > 1020 %fdupes %{buildroot} From 9376dc9a8814bb2f9f2669048a413738d35b082b78afe5c3b8a28ed7ddadf808 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 27 Mar 2015 08:38:00 +0000 Subject: [PATCH 079/156] Accepting request 292455 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/292455 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=88 --- gpg2.changes | 6 + gpg2.spec | 2 + ...t-name-verification-when-using-pools.patch | 104 ++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 hkps-fix-host-name-verification-when-using-pools.patch diff --git a/gpg2.changes b/gpg2.changes index 7a430c2..8b9a6bb 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Mar 23 11:48:24 UTC 2015 - idonmez@suse.com + +- Add hkps-fix-host-name-verification-when-using-pools.patch to + fix hkps support w/ pools. Upstream commit dc10d46. + ------------------------------------------------------------------- Thu Mar 19 15:56:12 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 7a620eb..52e35c0 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -34,6 +34,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch +Patch16: hkps-fix-host-name-verification-when-using-pools.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 @@ -82,6 +83,7 @@ gpg-agent, and a keybox library. %patch9 -p1 %patch11 -p1 %patch15 -p1 +%patch16 -p1 %build # build PIEs (position independent executables) for address space randomisation: diff --git a/hkps-fix-host-name-verification-when-using-pools.patch b/hkps-fix-host-name-verification-when-using-pools.patch new file mode 100644 index 0000000..8c59a16 --- /dev/null +++ b/hkps-fix-host-name-verification-when-using-pools.patch @@ -0,0 +1,104 @@ +From dc10d466bff53821f23d2cb4814c259d40c5d9c5 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Thu, 19 Mar 2015 15:37:05 +0100 +Subject: [PATCH] hkps: Fix host name verification when using pools. + +* common/http.c (send_request): Set the requested for SNI. +* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not +the selecting a host. +-- + +GnuPG-bug-id: 1792 + +Thanks to davidw for figuring out the problem. + +Signed-off-by: Werner Koch +--- + common/http.c | 6 ++++-- + dirmngr/ks-engine-hkp.c | 25 ++++++++++++++++++------- + 2 files changed, 22 insertions(+), 9 deletions(-) + +diff --git a/common/http.c b/common/http.c +index 50c0692..12e3fcb 100644 +--- a/common/http.c ++++ b/common/http.c +@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + } + + # if HTTP_USE_NTBTLS +- err = ntbtls_set_hostname (hd->session->tls_session, server); ++ err = ntbtls_set_hostname (hd->session->tls_session, ++ hd->session->servername); + if (err) + { + log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); +@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + # elif HTTP_USE_GNUTLS + rc = gnutls_server_name_set (hd->session->tls_session, + GNUTLS_NAME_DNS, +- server, strlen (server)); ++ hd->session->servername, ++ strlen (hd->session->servername)); + if (rc < 0) + log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); + # endif /*HTTP_USE_GNUTLS*/ +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index ea607cb..0568094 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + hi = hosttable[idx]; + if (hi->pool) + { ++ /* Deal with the pool name before selecting a host. */ ++ if (r_poolname && hi->cname) ++ { ++ *r_poolname = xtrystrdup (hi->cname); ++ if (!*r_poolname) ++ return gpg_error_from_syserror (); ++ } ++ + /* If the currently selected host is now marked dead, force a + re-selection . */ + if (force_reselect) +@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->poolidx == -1) + { + log_error ("no alive host found in pool '%s'\n", name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + } +@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->dead) + { + log_error ("host '%s' marked as dead\n", hi->name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + +@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; + } + +- if (r_poolname && hi->pool && hi->cname) +- { +- *r_poolname = xtrystrdup (hi->cname); +- if (!*r_poolname) +- return gpg_error_from_syserror (); +- } +- + *r_host = xtrystrdup (hi->name); + if (!*r_host) + { +-- +2.1.4 + From 822eaec7c6408390eccf564c6359586969990472ddcb840bd2ba479fcf27ea0d Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 13 Apr 2015 18:29:46 +0000 Subject: [PATCH 080/156] Accepting request 295424 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/295424 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=89 --- ...legacy-keys-while-searching-keyrings.patch | 76 ------------- gnupg-2.0.18-files-are-digests.patch | 34 +++--- gnupg-2.1.2.tar.bz2 | 3 - gnupg-2.1.2.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.3.tar.bz2 | 3 + gnupg-2.1.3.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-add_legacy_FIPS_mode_option.patch | 22 ++-- gpg2.changes | 30 +++++ gpg2.spec | 6 +- ...t-name-verification-when-using-pools.patch | 104 ------------------ 10 files changed, 62 insertions(+), 216 deletions(-) delete mode 100644 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch delete mode 100644 gnupg-2.1.2.tar.bz2 delete mode 100644 gnupg-2.1.2.tar.bz2.sig create mode 100644 gnupg-2.1.3.tar.bz2 create mode 100644 gnupg-2.1.3.tar.bz2.sig delete mode 100644 hkps-fix-host-name-verification-when-using-pools.patch diff --git a/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch b/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch deleted file mode 100644 index 64b768e..0000000 --- a/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch +++ /dev/null @@ -1,76 +0,0 @@ -From a8116aacd91b7e775762a62c268fab6cc3c77438 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Mon, 23 Feb 2015 16:37:57 +0100 -Subject: [PATCH] gpg: Skip legacy keys while searching keyrings. - -* g10/getkey.c (search_modes_are_fingerprint): New. -(lookup): Skip over legacy keys. --- - -GnuPG-bug-id: 1847 -Signed-off-by: Werner Koch ---- - g10/getkey.c | 39 +++++++++++++++++++++++++++++++++++++-- - 1 file changed, 37 insertions(+), 2 deletions(-) - -diff --git a/g10/getkey.c b/g10/getkey.c -index 76ee493..116753c 100644 ---- a/g10/getkey.c -+++ b/g10/getkey.c -@@ -2525,6 +2525,29 @@ found: - } - - -+/* Return true if all the search modes are fingerprints. */ -+static int -+search_modes_are_fingerprint (getkey_ctx_t ctx) -+{ -+ size_t n, found; -+ -+ for (n=found=0; n < ctx->nitems; n++) -+ { -+ switch (ctx->items[n].mode) -+ { -+ case KEYDB_SEARCH_MODE_FPR16: -+ case KEYDB_SEARCH_MODE_FPR20: -+ case KEYDB_SEARCH_MODE_FPR: -+ found++; -+ break; -+ default: -+ break; -+ } -+ } -+ return found && found == ctx->nitems; -+} -+ -+ - /* The main function to lookup a key. On success the found keyblock - is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true - a corresponding secret key is required. */ -@@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret) - int rc; - int no_suitable_key = 0; - -- rc = 0; -- while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL))) -+ for (;;) - { -+ rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL); -+ /* Skip over all legacy keys but only if they are not requested -+ by fingerprints. -+ Fixme: The lower level keydb code should actually do that but -+ then it would be harder to report the number of skipped -+ legacy keys during import. */ -+ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY -+ && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST) -+ && !search_modes_are_fingerprint (ctx)) -+ continue; -+ if (rc) -+ break; -+ - /* If we are searching for the first key we have to make sure - that the next iteration does not do an implicit reset. - This can be triggered by an empty key ring. */ --- -2.1.4 - diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 5b69f43..63fd170 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -1,14 +1,14 @@ --- g10/gpg.c | 4 +++ g10/options.h | 1 - g10/sign.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- - 3 files changed, 66 insertions(+), 5 deletions(-) + g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ + 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.2/g10/gpg.c +Index: gnupg-2.1.3/g10/gpg.c =================================================================== ---- gnupg-2.1.2.orig/g10/gpg.c -+++ gnupg-2.1.2/g10/gpg.c -@@ -349,6 +349,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.3.orig/g10/gpg.c 2015-04-06 14:03:32.000000000 +0200 ++++ gnupg-2.1.3/g10/gpg.c 2015-04-11 20:45:24.000000000 +0200 +@@ -352,6 +352,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.2/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -730,6 +731,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -738,6 +739,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-preferences", "@"), ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.2/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2127,6 +2129,7 @@ main (int argc, char **argv) +@@ -2148,6 +2150,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; set_homedir (default_homedir ()); opt.passphrase_repeat = 1; @@ -32,7 +32,7 @@ Index: gnupg-2.1.2/g10/gpg.c opt.emit_version = 1; /* Limit to the major number. */ /* Check whether we have a config file on the command line. */ -@@ -2632,6 +2635,7 @@ main (int argc, char **argv) +@@ -2661,6 +2664,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.2/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.2/g10/options.h +Index: gnupg-2.1.3/g10/options.h =================================================================== ---- gnupg-2.1.2.orig/g10/options.h -+++ gnupg-2.1.2/g10/options.h -@@ -192,6 +192,7 @@ struct +--- gnupg-2.1.3.orig/g10/options.h 2015-04-06 13:41:53.000000000 +0200 ++++ gnupg-2.1.3/g10/options.h 2015-04-11 20:45:24.000000000 +0200 +@@ -194,6 +194,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ Index: gnupg-2.1.2/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.2/g10/sign.c +Index: gnupg-2.1.3/g10/sign.c =================================================================== ---- gnupg-2.1.2.orig/g10/sign.c -+++ gnupg-2.1.2/g10/sign.c +--- gnupg-2.1.3.orig/g10/sign.c 2015-04-05 19:43:32.000000000 +0200 ++++ gnupg-2.1.3/g10/sign.c 2015-04-11 20:45:24.000000000 +0200 @@ -41,7 +41,7 @@ #include "pkglue.h" #include "sysutils.h" @@ -134,7 +134,7 @@ Index: gnupg-2.1.2/g10/sign.c if( multifile ) { @@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) - putc( '\n', stderr ); + log_printf ("\n"); } + else if (opt.files_are_digests) { + byte *mdb, ts[5]; diff --git a/gnupg-2.1.2.tar.bz2 b/gnupg-2.1.2.tar.bz2 deleted file mode 100644 index 605451b..0000000 --- a/gnupg-2.1.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:404f5a43d591dfe41f0ffb204b49a1533b67d77bc1fd68febd7e447575616792 -size 4832996 diff --git a/gnupg-2.1.2.tar.bz2.sig b/gnupg-2.1.2.tar.bz2.sig deleted file mode 100644 index 849d6acd43977539d4e3bd4759a62cf64fee0c7dbcd984562d401f9ce6c4bc6b..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-vtqZ9xN2@oWkInqxh8DM7$CZAeg5jgN}#E8>3jpP4NZE4!{V93K_=)d3c@s#st9z9^nPcPIvny1v>t*f7BRr zK^E4{#LUH8hdLNy-3nlIHXFxFvx58Ho}S)?Suh4U3r6D+ZLQujo{u=W6iw4?#hq6B zXIt?rQhovM#(r31v8isUOKF8Afn_4YlVjgb&VCmBp`V39SN3MUm5z41g;TJYKrB0i lJ{|NAC-j~*O@>I#;~Z8gr|2pmf)i}tS=o6x2~Ur`{ZYR+fz1E_ diff --git a/gnupg-2.1.3.tar.bz2 b/gnupg-2.1.3.tar.bz2 new file mode 100644 index 0000000..ca422b2 --- /dev/null +++ b/gnupg-2.1.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:213e7fb0d74bb4e53a2d3153f309ddc077528f2cfffa2af85f2a20cc7875c8ed +size 4875813 diff --git a/gnupg-2.1.3.tar.bz2.sig b/gnupg-2.1.3.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..fd0cecb069157d07f41b4995c26fa58fb36ce65a7fd459c335dbb7525642ac78 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-wm1XchF2@oWkInqxh09yr_OuXoZ1XiN@*kI^5!aQRB5Cb`~2W*#*x^KUo)m zn@2cpci~@o%%2K0LsP8xoSjZdN?c>&-erqRKQ~Ictav+HO9;^6>@kU_XT0MP9QTQi!AFC zOP{PL6ho+P&Vo0;>0NW)A1X5&2wH>bhLtRZA!W7l72h=3&jEio_a|gqqHo|;A*~!$ lc68t?ot!5Y?88GNZWDX;wXg5+h&oeIt$@^)LDv`{>o_jXf`tG8 literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 80c29ff..4968364 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.1/doc/gpg.texi +Index: gnupg-2.1.3/doc/gpg.texi =================================================================== ---- gnupg-2.1.1.orig/doc/gpg.texi -+++ gnupg-2.1.1/doc/gpg.texi -@@ -1842,6 +1842,24 @@ implies, this option is for experts only +--- gnupg-2.1.3.orig/doc/gpg.texi 2015-04-11 20:48:01.000000000 +0200 ++++ gnupg-2.1.3/doc/gpg.texi 2015-04-11 20:48:22.000000000 +0200 +@@ -1857,6 +1857,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.1/doc/gpg.texi @end table -Index: gnupg-2.1.1/g10/gpg.c +Index: gnupg-2.1.3/g10/gpg.c =================================================================== ---- gnupg-2.1.1.orig/g10/gpg.c -+++ gnupg-2.1.1/g10/gpg.c -@@ -381,6 +381,7 @@ enum cmd_and_opt_values - oAllowWeakDigestAlgos, +--- gnupg-2.1.3.orig/g10/gpg.c 2015-04-11 20:48:01.000000000 +0200 ++++ gnupg-2.1.3/g10/gpg.c 2015-04-11 20:48:48.000000000 +0200 +@@ -385,6 +385,7 @@ enum cmd_and_opt_values oFakedSystemTime, oNoAutostart, + oPrintPKARecords, + oSetLegacyFips, oNoop }; -@@ -769,6 +770,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -777,6 +778,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.1/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3134,6 +3136,13 @@ main (int argc, char **argv) +@@ -3170,6 +3172,13 @@ main (int argc, char **argv) case oNoAutostart: opt.autostart = 0; break; diff --git a/gpg2.changes b/gpg2.changes index 8b9a6bb..8d5186f 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Sat Apr 11 18:59:42 UTC 2015 - astieger@suse.com + +- update to 2.1.3: + * gpg: LDAP keyservers are now supported by 2.1. + * gpg: New option --with-icao-spelling. + * gpg: New option --print-pka-records. Changed the PKA method to + use CERT records and hashed names. + * gpg: New command --list-gcrypt-config. New parameter "curve" + for --list-config. + * gpg: Print a NEWSIG status line like gpgsm always did. + * gpg: Print MPI values with --list-packets and --verbose. + * gpg: Write correct MPI lengths with ECC keys. + * gpg: Skip legacy PGP-2 keys while searching. + (drop 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch + now upstream) + * gpg: Improved searching for mail addresses when using a keybox. + * gpgsm: Changed default algos to AES-128 and SHA-256. + * gpgtar: Fixed extracting files with sizes of a multiple of 512. + * dirmngr: Fixed SNI handling for hkps pools. + (drop hkps-fix-host-name-verification-when-using-pools.patch + now upstream) + * dirmngr: extra-certs and trusted-certs are now always loaded + from the sysconfig dir instead of the homedir. + * Fixed possible problems due to compiler optimization, two minor + regressions, and other bugs. +- refreshed for context changes: + * gnupg-2.0.18-files-are-digests.patch + * gnupg-add_legacy_FIPS_mode_option.patch + ------------------------------------------------------------------- Mon Mar 23 11:48:24 UTC 2015 - idonmez@suse.com diff --git a/gpg2.spec b/gpg2.spec index 52e35c0..e152ad8 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.2 +Version: 2.1.3 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -33,8 +33,6 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch -Patch16: hkps-fix-host-name-verification-when-using-pools.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 @@ -82,8 +80,6 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch15 -p1 -%patch16 -p1 %build # build PIEs (position independent executables) for address space randomisation: diff --git a/hkps-fix-host-name-verification-when-using-pools.patch b/hkps-fix-host-name-verification-when-using-pools.patch deleted file mode 100644 index 8c59a16..0000000 --- a/hkps-fix-host-name-verification-when-using-pools.patch +++ /dev/null @@ -1,104 +0,0 @@ -From dc10d466bff53821f23d2cb4814c259d40c5d9c5 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Thu, 19 Mar 2015 15:37:05 +0100 -Subject: [PATCH] hkps: Fix host name verification when using pools. - -* common/http.c (send_request): Set the requested for SNI. -* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not -the selecting a host. --- - -GnuPG-bug-id: 1792 - -Thanks to davidw for figuring out the problem. - -Signed-off-by: Werner Koch ---- - common/http.c | 6 ++++-- - dirmngr/ks-engine-hkp.c | 25 ++++++++++++++++++------- - 2 files changed, 22 insertions(+), 9 deletions(-) - -diff --git a/common/http.c b/common/http.c -index 50c0692..12e3fcb 100644 ---- a/common/http.c -+++ b/common/http.c -@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, - } - - # if HTTP_USE_NTBTLS -- err = ntbtls_set_hostname (hd->session->tls_session, server); -+ err = ntbtls_set_hostname (hd->session->tls_session, -+ hd->session->servername); - if (err) - { - log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); -@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, - # elif HTTP_USE_GNUTLS - rc = gnutls_server_name_set (hd->session->tls_session, - GNUTLS_NAME_DNS, -- server, strlen (server)); -+ hd->session->servername, -+ strlen (hd->session->servername)); - if (rc < 0) - log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); - # endif /*HTTP_USE_GNUTLS*/ -diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c -index ea607cb..0568094 100644 ---- a/dirmngr/ks-engine-hkp.c -+++ b/dirmngr/ks-engine-hkp.c -@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - hi = hosttable[idx]; - if (hi->pool) - { -+ /* Deal with the pool name before selecting a host. */ -+ if (r_poolname && hi->cname) -+ { -+ *r_poolname = xtrystrdup (hi->cname); -+ if (!*r_poolname) -+ return gpg_error_from_syserror (); -+ } -+ - /* If the currently selected host is now marked dead, force a - re-selection . */ - if (force_reselect) -@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - if (hi->poolidx == -1) - { - log_error ("no alive host found in pool '%s'\n", name); -+ if (r_poolname) -+ { -+ xfree (*r_poolname); -+ *r_poolname = NULL; -+ } - return gpg_error (GPG_ERR_NO_KEYSERVER); - } - } -@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - if (hi->dead) - { - log_error ("host '%s' marked as dead\n", hi->name); -+ if (r_poolname) -+ { -+ xfree (*r_poolname); -+ *r_poolname = NULL; -+ } - return gpg_error (GPG_ERR_NO_KEYSERVER); - } - -@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; - } - -- if (r_poolname && hi->pool && hi->cname) -- { -- *r_poolname = xtrystrdup (hi->cname); -- if (!*r_poolname) -- return gpg_error_from_syserror (); -- } -- - *r_host = xtrystrdup (hi->name); - if (!*r_host) - { --- -2.1.4 - From 7eb4e7afaf0a433f5af41c147690ed6c74bb9425f725b0d709fb8c9089801ad4 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Fri, 15 May 2015 07:02:43 +0000 Subject: [PATCH 081/156] Accepting request 306640 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/306640 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=90 --- gnupg-2.1.3.tar.bz2 | 3 --- gnupg-2.1.3.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.4.tar.bz2 | 3 +++ gnupg-2.1.4.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 17 +++++++++++++++++ gpg2.spec | 2 +- 6 files changed, 21 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.1.3.tar.bz2 delete mode 100644 gnupg-2.1.3.tar.bz2.sig create mode 100644 gnupg-2.1.4.tar.bz2 create mode 100644 gnupg-2.1.4.tar.bz2.sig diff --git a/gnupg-2.1.3.tar.bz2 b/gnupg-2.1.3.tar.bz2 deleted file mode 100644 index ca422b2..0000000 --- a/gnupg-2.1.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:213e7fb0d74bb4e53a2d3153f309ddc077528f2cfffa2af85f2a20cc7875c8ed -size 4875813 diff --git a/gnupg-2.1.3.tar.bz2.sig b/gnupg-2.1.3.tar.bz2.sig deleted file mode 100644 index fd0cecb069157d07f41b4995c26fa58fb36ce65a7fd459c335dbb7525642ac78..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-wm1XchF2@oWkInqxh09yr_OuXoZ1XiN@*kI^5!aQRB5Cb`~2W*#*x^KUo)m zn@2cpci~@o%%2K0LsP8xoSjZdN?c>&-erqRKQ~Ictav+HO9;^6>@kU_XT0MP9QTQi!AFC zOP{PL6ho+P&Vo0;>0NW)A1X5&2wH>bhLtRZA!W7l72h=3&jEio_a|gqqHo|;A*~!$ lc68t?ot!5Y?88GNZWDX;wXg5+h&oeIt$@^)LDv`{>o_jXf`tG8 diff --git a/gnupg-2.1.4.tar.bz2 b/gnupg-2.1.4.tar.bz2 new file mode 100644 index 0000000..769270f --- /dev/null +++ b/gnupg-2.1.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:64127eedd868510f2bccccb22c507a4878ffa07495db16a0f976c67f56426cb0 +size 4885653 diff --git a/gnupg-2.1.4.tar.bz2.sig b/gnupg-2.1.4.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..8bdf9cc3bda50ae9f25b298058d60d993a9c6fa5dd844d77d7dad7066f60cb94 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-x40cZdU2@oWkInqxh%ntktwmOBb243RgfBNIDl(?zT#9m;y#4+n~C06&JyW>bw*E;^(=!b#+d ld24%C5eQE|Y@`5r&J2GTXXjkqHyTt{l9Um?sDUb}fmHe=exv{Z literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 8d5186f..5f5ef4b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue May 12 18:04:36 UTC 2015 - astieger@suse.com + +- update to 2.1.4: + * gpg: Add command --quick-adduid to non-interacitivly add a new + user id to an existing key. + * gpg: Do no enable honor-keyserver-url by default. Make it work + if enabled. + * gpg: Display the serial number in the --card-staus output again. + * agent: Support for external password managers. + Add option --no-allow-external-cache. + * scdaemon: Improved handling of extended APDUs. + * Make HTTP proxies work again. + * All network access including DNS as been moved to Dirmngr. + * Allow building without LDAP support. + * Fixed lots of smaller bugs. + ------------------------------------------------------------------- Sat Apr 11 18:59:42 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index e152ad8..715a166 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.3 +Version: 2.1.4 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ From 3a17da160bb1e7e1ea536ce07b23dd586c38ac6f8fbec54a89a1c0a006ea26a3 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 19 May 2015 21:28:47 +0000 Subject: [PATCH 082/156] Accepting request 307582 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/307582 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=91 --- gpg2.changes | 5 +++++ gpg2.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 5f5ef4b..e83a104 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sun May 17 08:24:15 UTC 2015 - meissner@suse.com + +- info deinstall needs to be in %preun + ------------------------------------------------------------------- Tue May 12 18:04:36 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 715a166..714fa98 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -145,7 +145,7 @@ make check %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz -%postun +%preun %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz %files lang -f gnupg2.lang From 0a3267cb33a50648aa1ae18f3bf3ef81514dcabac485fcd797e6acd58e283f75 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 12 Jun 2015 18:24:45 +0000 Subject: [PATCH 083/156] Accepting request 311649 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/311649 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=92 --- gnupg-2.1.4.tar.bz2 | 3 --- gnupg-2.1.4.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.5.tar.bz2 | 3 +++ gnupg-2.1.5.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 10 ++++++++++ gpg2.spec | 2 +- 6 files changed, 14 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.1.4.tar.bz2 delete mode 100644 gnupg-2.1.4.tar.bz2.sig create mode 100644 gnupg-2.1.5.tar.bz2 create mode 100644 gnupg-2.1.5.tar.bz2.sig diff --git a/gnupg-2.1.4.tar.bz2 b/gnupg-2.1.4.tar.bz2 deleted file mode 100644 index 769270f..0000000 --- a/gnupg-2.1.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:64127eedd868510f2bccccb22c507a4878ffa07495db16a0f976c67f56426cb0 -size 4885653 diff --git a/gnupg-2.1.4.tar.bz2.sig b/gnupg-2.1.4.tar.bz2.sig deleted file mode 100644 index 8bdf9cc3bda50ae9f25b298058d60d993a9c6fa5dd844d77d7dad7066f60cb94..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-x40cZdU2@oWkInqxh%ntktwmOBb243RgfBNIDl(?zT#9m;y#4+n~C06&JyW>bw*E;^(=!b#+d ld24%C5eQE|Y@`5r&J2GTXXjkqHyTt{l9Um?sDUb}fmHe=exv{Z diff --git a/gnupg-2.1.5.tar.bz2 b/gnupg-2.1.5.tar.bz2 new file mode 100644 index 0000000..b2f5a8b --- /dev/null +++ b/gnupg-2.1.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b5105a7160c39ba6e3aa53789b09f1bfac6e3422d15cc9f3a2f71f82320aa84c +size 4906435 diff --git a/gnupg-2.1.5.tar.bz2.sig b/gnupg-2.1.5.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..d53a7b36d95633114dabcf18594300d5dd861d2aff0ff14ce352b70a3458471a GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-xhgN*Tm|THsWnm1Gyg@8m34ork<|TE=rAq#*UFJi`mbo@7heK`v6;ZLVq_S(z z1AQc7rNl4<_A)9UAPYF#c};j2D@i`l82%zOlzvH|(iKoZF?7*iSMHUBp+$jAsF-Yh lpbl#oH+e!(65ymHhz*xAL7RU8ncf%S{Zbrzr2}t6_e>a&f>r Date: Wed, 24 Jun 2015 18:28:22 +0000 Subject: [PATCH 084/156] Accepting request 312215 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/312215 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=93 --- gpg2.changes | 6 ++++++ gpg2.spec | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/gpg2.changes b/gpg2.changes index fc14772..bd9f68b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jun 15 13:20:33 UTC 2015 - astieger@suse.com + +- fix build with openSUSE 13.2 and earlier, call make to + compensate for incorrect documentation dependencies. + ------------------------------------------------------------------- Thu Jun 11 14:32:09 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index cda08f1..ad19e39 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -106,6 +106,13 @@ export LDFLAGS=-pie --enable-large-secmem \ --with-gnu-ld +# https://lists.gnupg.org/pipermail/gnupg-devel/2015-June/030018.html +%if 0%{?suse_version} <= 1320 +pushd doc +make defs.inc +popd +%endif +# make %{?_smp_mflags} %install From df32d905d55aa50f9a65bf34f636c1a6d07acf1f5e0d5c938c115672af93e4bb Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Thu, 16 Jul 2015 15:18:47 +0000 Subject: [PATCH 085/156] Accepting request 315691 from Base:System Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/315691 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=94 --- gnupg-2.1.5.tar.bz2 | 3 --- gnupg-2.1.5.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.6.tar.bz2 | 3 +++ gnupg-2.1.6.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 31 +++++++++++++++++++++++++++++++ gpg2.spec | 11 +++-------- 6 files changed, 37 insertions(+), 11 deletions(-) delete mode 100644 gnupg-2.1.5.tar.bz2 delete mode 100644 gnupg-2.1.5.tar.bz2.sig create mode 100644 gnupg-2.1.6.tar.bz2 create mode 100644 gnupg-2.1.6.tar.bz2.sig diff --git a/gnupg-2.1.5.tar.bz2 b/gnupg-2.1.5.tar.bz2 deleted file mode 100644 index b2f5a8b..0000000 --- a/gnupg-2.1.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b5105a7160c39ba6e3aa53789b09f1bfac6e3422d15cc9f3a2f71f82320aa84c -size 4906435 diff --git a/gnupg-2.1.5.tar.bz2.sig b/gnupg-2.1.5.tar.bz2.sig deleted file mode 100644 index d53a7b36d95633114dabcf18594300d5dd861d2aff0ff14ce352b70a3458471a..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-xhgN*Tm|THsWnm1Gyg@8m34ork<|TE=rAq#*UFJi`mbo@7heK`v6;ZLVq_S(z z1AQc7rNl4<_A)9UAPYF#c};j2D@i`l82%zOlzvH|(iKoZF?7*iSMHUBp+$jAsF-Yh lpbl#oH+e!(65ymHhz*xAL7RU8ncf%S{Zbrzr2}t6_e>a&f>rSwYXM7aSEMd1J)3M zTYD2(DNFw?>te`rJ{%^P1%ttkk1|~vd$h>69g9$b`eF^oot-)3(;hx>&O9l$CVS`{0)+8s1e0S8WCzl~1X1;-lx+3I zzB+lGCRvndB{#F$lqC<@Lmd$d%^F9m?B8MrN^abg(n@>jh-ewjc3JieQ776dLDKTJ*Z=7`ue3SqH literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index bd9f68b..d30f062 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Thu Jul 2 14:26:21 UTC 2015 - astieger@suse.com + +- do not run checks on ppc64 for now + +------------------------------------------------------------------- +Wed Jul 1 14:15:28 UTC 2015 - astieger@suse.com + +- GnuPG 2.1.6: + * agent: New option --verify for the PASSWD command. + * gpgsm: Add command option "offline" as an alternative to + --disable-dirmngr. + * gpg: Do not prompt multiple times for a password in pinentry + loopback mode. + * Allow the use of debug category names with --debug. + * Using gpg-agent and gpg/gpgsm with different locales will now show + the correct translations in Pinentry. + * gpg: Improve speed of --list-sigs and --check-sigs. + * gpg: Make --list-options show-sig-subpackets work again. + * gpg: Fix an export problem for old keyrings with PGP-2 keys. + * scd: Support PIN-pads on more readers. + * dirmngr: Properly cleanup zombie LDAP helper processes and avoid + hangs on dirmngr shutdown. + * Various other bug fixes. +- remove documentation make workaround, fixed upstream + +------------------------------------------------------------------- +Sun Jun 28 13:14:03 UTC 2015 - schwab@linux-m68k.org + +- Enable workaround for missing dependencies everywhere + ------------------------------------------------------------------- Mon Jun 15 13:20:33 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index ad19e39..964cd79 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.5 +Version: 2.1.6 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -106,13 +106,6 @@ export LDFLAGS=-pie --enable-large-secmem \ --with-gnu-ld -# https://lists.gnupg.org/pipermail/gnupg-devel/2015-June/030018.html -%if 0%{?suse_version} <= 1320 -pushd doc -make defs.inc -popd -%endif -# make %{?_smp_mflags} %install @@ -146,8 +139,10 @@ install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} %check %if ! 0%{?qemu_user_space_build} +%ifnarch ppc64 make check %endif +%endif %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz From 448ceec4c9852419d86f435b0b176fa7eddde59ec7d8005bd55c77698899dd34 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 17 Aug 2015 13:33:41 +0000 Subject: [PATCH 086/156] Accepting request 322235 from Base:System GnuPG 2.1.7 OBS-URL: https://build.opensuse.org/request/show/322235 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=95 --- gnupg-2.1.6.tar.bz2 | 3 --- gnupg-2.1.6.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.7.tar.bz2 | 3 +++ gnupg-2.1.7.tar.bz2.sig | Bin 0 -> 574 bytes gpg2.changes | 15 +++++++++++++++ gpg2.spec | 2 +- 6 files changed, 19 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.1.6.tar.bz2 delete mode 100644 gnupg-2.1.6.tar.bz2.sig create mode 100644 gnupg-2.1.7.tar.bz2 create mode 100644 gnupg-2.1.7.tar.bz2.sig diff --git a/gnupg-2.1.6.tar.bz2 b/gnupg-2.1.6.tar.bz2 deleted file mode 100644 index e809097..0000000 --- a/gnupg-2.1.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5e599ad542199f3bd733eed2b88a539d1b4c3beda2dbab0ff69f1896f52e92fd -size 4917722 diff --git a/gnupg-2.1.6.tar.bz2.sig b/gnupg-2.1.6.tar.bz2.sig deleted file mode 100644 index 29355cbbffa198e5bcc20d0bee7d56792e56201d421abe9243232f4250cd3cf7..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-x*SwYXM7aSEMd1J)3M zTYD2(DNFw?>te`rJ{%^P1%ttkk1|~vd$h>69g9$b`eF^oot-)3(;hx>&O9l$CVS`{0)+8s1e0S8WCzl~1X1;-lx+3I zzB+lGCRvndB{#F$lqC<@Lmd$d%^F9m?B8MrN^abg(n@>jh-ewjc3JieQ776dLDKTJ*Z=7`ue3SqH diff --git a/gnupg-2.1.7.tar.bz2 b/gnupg-2.1.7.tar.bz2 new file mode 100644 index 0000000..2ba9e93 --- /dev/null +++ b/gnupg-2.1.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c18a3776d47fec98892d51d28b6574ef16bf0a25eabb0956231058aaf2e7846e +size 4918583 diff --git a/gnupg-2.1.7.tar.bz2.sig b/gnupg-2.1.7.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..7ee507449a4c6156965dbebb9423727fe4ed0a3707cd6276b1c0ef16b51522ac GIT binary patch literal 574 zcmV-E0>S->0UQJX0SEvF1p-yc=iVj+ z%dQ=rsT|U&!FHWFiV>G2D8$LESETIL+htuS8tLW&Cx340_lp>{#FL-ahi^{@bc|%u z7a}Y$c`v2S*Ej@NBpTyH&2xKuW~EJFe~)_VOe46c18q=k?u^C^|wZ9wS5EgRHgj{@AsL5 zrS-rsF7zxr3Vq$<#P{AhoZo{ax>pJNvmH6l_XwPj%vj_UR=M?zR-njea>Nh_BtbNbjw;dX-D%`C#M_@ZeEu$XzP z;erE`@(b+0G4R&dxizlCN5q1wR<4%xO4UDzleIVlJNVfZj(1#rPs-Lvvkq9?t`S}Q z6-jsiR(s9ydDdw9TqrBQ)zF!SPdB`6W@TG74cb&t5w2?MrSpViUS>`?lZ!4cd8UVG zYC2Za%1%vY^zRo9+CbA{9^7k(Ixv1*Gz8sD{$Hvyr>?wJa%PwDhz`i<5ZfHV5dX%` ze6%}KgHwiUDX@eyTjk9R&^GEfKD)o)=K^Soq^lm7lI|}s{0F)TmS$7 literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index d30f062..a3e9867 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Wed Aug 12 10:58:48 UTC 2015 - astieger@suse.com + +- GnuPG 2.1.7: + * gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used. + * gpg: In the --edit-key menu: Removed the need for "toggle", changed + how secret keys are indicated, new commands "fpr *" and "grip". + * gpg: More fixes related to legacy keys in a keyring. + * gpgv: Does now also work with a "trustedkeys.kbx" file. + * scd: Support some feature from the OpenPGP card 3.0 specs. + * scd: Improved ECC support + * agent: New option --force for the DELETE_KEY command. + * Dropped deprecated gpgsm-gencert.sh + * Various other bug fixes. + ------------------------------------------------------------------- Thu Jul 2 14:26:21 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 964cd79..ad29f4d 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.6 +Version: 2.1.7 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ From af6426da45343e1cfc2b50fcec5cc524f5f950154866ecbd6d63c1eb99c43dfd Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 16 Sep 2015 08:37:06 +0000 Subject: [PATCH 087/156] Accepting request 330468 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/330468 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=96 --- gnupg-2.1.7.tar.bz2 | 3 --- gnupg-2.1.7.tar.bz2.sig | Bin 574 -> 0 bytes gnupg-2.1.8.tar.bz2 | 3 +++ gnupg-2.1.8.tar.bz2.sig | Bin 0 -> 287 bytes gpg2.changes | 17 +++++++++++++++++ gpg2.spec | 13 ++++++++----- 6 files changed, 28 insertions(+), 8 deletions(-) delete mode 100644 gnupg-2.1.7.tar.bz2 delete mode 100644 gnupg-2.1.7.tar.bz2.sig create mode 100644 gnupg-2.1.8.tar.bz2 create mode 100644 gnupg-2.1.8.tar.bz2.sig diff --git a/gnupg-2.1.7.tar.bz2 b/gnupg-2.1.7.tar.bz2 deleted file mode 100644 index 2ba9e93..0000000 --- a/gnupg-2.1.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c18a3776d47fec98892d51d28b6574ef16bf0a25eabb0956231058aaf2e7846e -size 4918583 diff --git a/gnupg-2.1.7.tar.bz2.sig b/gnupg-2.1.7.tar.bz2.sig deleted file mode 100644 index 7ee507449a4c6156965dbebb9423727fe4ed0a3707cd6276b1c0ef16b51522ac..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 574 zcmV-E0>S->0UQJX0SEvF1p-yc=iVj+ z%dQ=rsT|U&!FHWFiV>G2D8$LESETIL+htuS8tLW&Cx340_lp>{#FL-ahi^{@bc|%u z7a}Y$c`v2S*Ej@NBpTyH&2xKuW~EJFe~)_VOe46c18q=k?u^C^|wZ9wS5EgRHgj{@AsL5 zrS-rsF7zxr3Vq$<#P{AhoZo{ax>pJNvmH6l_XwPj%vj_UR=M?zR-njea>Nh_BtbNbjw;dX-D%`C#M_@ZeEu$XzP z;erE`@(b+0G4R&dxizlCN5q1wR<4%xO4UDzleIVlJNVfZj(1#rPs-Lvvkq9?t`S}Q z6-jsiR(s9ydDdw9TqrBQ)zF!SPdB`6W@TG74cb&t5w2?MrSpViUS>`?lZ!4cd8UVG zYC2Za%1%vY^zRo9+CbA{9^7k(Ixv1*Gz8sD{$Hvyr>?wJa%PwDhz`i<5ZfHV5dX%` ze6%}KgHwiUDX@eyTjk9R&^GEfKD)o)=K^Soq^lm7lI|}s{0F)TmS$7 diff --git a/gnupg-2.1.8.tar.bz2 b/gnupg-2.1.8.tar.bz2 new file mode 100644 index 0000000..6ea3a0f --- /dev/null +++ b/gnupg-2.1.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3b8d01e4690715d42e8f289493c85413766f3fa935e4fe7e5ff5b0f6e2781a3 +size 4900705 diff --git a/gnupg-2.1.8.tar.bz2.sig b/gnupg-2.1.8.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..64c5b17cde3c54037862fd2f8e9a684a66a4a323d516e014bbc36abf506d956d GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-y^(I}w3aV1fKim4y5_%a#C)N~4y&MxREw40Riff2_JahxK?>Fe5N(d) zC9Iah@Sp)1$q`DuI!Y3rO6?w}>~`V=C+~)aaLQakCWE)?b3-8u4sB6D20tM3OO@>) l%6G^xRuM6Z777(_TG+C=$;3AjP4Cp$$bG}g0p2xLicgirg(d(1 literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index a3e9867..0b4520e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Fri Sep 11 06:02:23 UTC 2015 - astieger@suse.com + +- GnuPG 2.1.8: + * gpg: Sending very large keys to the keyservers works again. + * gpg: Validity strings in key listings are now again translatable. + * gpg: Emit FAILURE status lines to help GPGME. + * gpg: Does not anymore link to Libksba to reduce dependencies. + * gpgsm: Export of secret keys via Assuan is now possible. + * agent: Raise the maximum passphrase length from 100 to 255 bytes. + * agent: Fix regression using EdDSA keys with ssh. + * Does not anymore use a build timestamp by default. + * The fallback encoding for broken locale settings changed + from Latin-1 to UTF-8. + * Many code cleanups and improved internal documentation. + * Various minor bug fixes. + ------------------------------------------------------------------- Wed Aug 12 10:58:48 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index ad29f4d..8494b5e 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.7 +Version: 2.1.8 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -27,6 +27,7 @@ Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring +Source99: %{name}.changes Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch @@ -91,6 +92,7 @@ PIE="-fpie" %endif export CFLAGS="%{optflags} ${PIE}" export LDFLAGS=-pie +date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) %configure \ --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \ @@ -104,7 +106,8 @@ export LDFLAGS=-pie --enable-gpgtar \ --enable-large-rsa \ --enable-large-secmem \ - --with-gnu-ld + --with-gnu-ld \ + --enable-build-timestamp=$date make %{?_smp_mflags} @@ -140,7 +143,7 @@ install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} %check %if ! 0%{?qemu_user_space_build} %ifnarch ppc64 -make check +make %{?_smp_mflags} check %endif %endif @@ -155,8 +158,8 @@ make check %files %defattr(-,root,root) -%doc %{_infodir}/gnupg* -%doc %{_mandir}/*/*.gz +%{_infodir}/gnupg* +%{_mandir}/*/*.gz %doc %{_docdir}/%{name} %{_bindir}/* %{_libdir}/[^d]* From b4ed1404556d997b923f48010dd7767319d60aaa66b5882c63d935480d8f2aba Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 20 Oct 2015 14:20:54 +0000 Subject: [PATCH 088/156] Accepting request 337606 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/337606 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=97 --- gnupg-2.1.8.tar.bz2 | 3 --- gnupg-2.1.8.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.9.tar.bz2 | 3 +++ gnupg-2.1.9.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-add_legacy_FIPS_mode_option.patch | 22 +++++++++++----------- gpg2.changes | 20 ++++++++++++++++++++ gpg2.spec | 2 +- 7 files changed, 35 insertions(+), 15 deletions(-) delete mode 100644 gnupg-2.1.8.tar.bz2 delete mode 100644 gnupg-2.1.8.tar.bz2.sig create mode 100644 gnupg-2.1.9.tar.bz2 create mode 100644 gnupg-2.1.9.tar.bz2.sig diff --git a/gnupg-2.1.8.tar.bz2 b/gnupg-2.1.8.tar.bz2 deleted file mode 100644 index 6ea3a0f..0000000 --- a/gnupg-2.1.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3b8d01e4690715d42e8f289493c85413766f3fa935e4fe7e5ff5b0f6e2781a3 -size 4900705 diff --git a/gnupg-2.1.8.tar.bz2.sig b/gnupg-2.1.8.tar.bz2.sig deleted file mode 100644 index 64c5b17cde3c54037862fd2f8e9a684a66a4a323d516e014bbc36abf506d956d..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-y^(I}w3aV1fKim4y5_%a#C)N~4y&MxREw40Riff2_JahxK?>Fe5N(d) zC9Iah@Sp)1$q`DuI!Y3rO6?w}>~`V=C+~)aaLQakCWE)?b3-8u4sB6D20tM3OO@>) l%6G^xRuM6Z777(_TG+C=$;3AjP4Cp$$bG}g0p2xLicgirg(d(1 diff --git a/gnupg-2.1.9.tar.bz2 b/gnupg-2.1.9.tar.bz2 new file mode 100644 index 0000000..b91f218 --- /dev/null +++ b/gnupg-2.1.9.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1cb7633a57190beb66f9249cb7446603229b273d4d89331b75c652fa4a29f7b6 +size 4925167 diff --git a/gnupg-2.1.9.tar.bz2.sig b/gnupg-2.1.9.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..5f516cc90afbe6d4ef0684e44fa05560f8419e08fb62ba0cb0412795b22e5eb7 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-zV;6nfk2@oWkInqxhBN38n+fJ5e(&cwlgqVIwbS>Arq!He(@J2uz9bKN*Q4Ie-G+LMaf~@IWV|{rZa7 zSz<%W&+Mp_n|_@&KPO zr&p%?NgG7z&Pr*}V{R>3sCaKnfX+sic;Rz7MY74)Ik@xKN{EPcn5ZiGNjrF>&k%X{ l^7=NJovj=x5_=Yb4Cb2=D1k;bA3Ci#spquedvWB@US+G7gu4I$ literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 4968364..1ce8325 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.3/doc/gpg.texi +Index: gnupg-2.1.9/doc/gpg.texi =================================================================== ---- gnupg-2.1.3.orig/doc/gpg.texi 2015-04-11 20:48:01.000000000 +0200 -+++ gnupg-2.1.3/doc/gpg.texi 2015-04-11 20:48:22.000000000 +0200 -@@ -1857,6 +1857,24 @@ implies, this option is for experts only +--- gnupg-2.1.9.orig/doc/gpg.texi ++++ gnupg-2.1.9/doc/gpg.texi +@@ -1778,6 +1778,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.3/doc/gpg.texi @end table -Index: gnupg-2.1.3/g10/gpg.c +Index: gnupg-2.1.9/g10/gpg.c =================================================================== ---- gnupg-2.1.3.orig/g10/gpg.c 2015-04-11 20:48:01.000000000 +0200 -+++ gnupg-2.1.3/g10/gpg.c 2015-04-11 20:48:48.000000000 +0200 -@@ -385,6 +385,7 @@ enum cmd_and_opt_values - oFakedSystemTime, +--- gnupg-2.1.9.orig/g10/gpg.c ++++ gnupg-2.1.9/g10/gpg.c +@@ -386,6 +386,7 @@ enum cmd_and_opt_values oNoAutostart, oPrintPKARecords, + oPrintDANERecords, + oSetLegacyFips, oNoop }; -@@ -777,6 +778,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -780,6 +781,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.3/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3170,6 +3172,13 @@ main (int argc, char **argv) +@@ -3188,6 +3190,13 @@ main (int argc, char **argv) case oNoAutostart: opt.autostart = 0; break; diff --git a/gpg2.changes b/gpg2.changes index 0b4520e..1164031 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Sat Oct 10 11:39:55 UTC 2015 - astieger@suse.com + +- GnuPG 2.1.9: + * gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate).\ + New option --print-dane-records. + * gpg: Fix for a problem with PGP-2 keys in a keyring. + * gpg: Fail with an error instead of a warning if a modern cipher + algorithm is used without a MDC. + * agent: New option --pinentry-invisible-char. + * agent: Always do a RSA signature verification after creation. + * agent: Fix a regression in ssh-add-ing Ed25519 keys. + * agent: Fix ssh fingerprint computation for nistp384 and EdDSA. + * agent: Fix crash during passprase entry on some platforms. + * scd: Change timeout to fix problems with some 2.1 cards. + * dirmngr: Displayed name is now Key Acquirer. + * dirmngr: Add option --keyserver. Deprecate that option for gpg. + Install a dirmngr.conf file from a skeleton for new installations. +- update gnupg-add_legacy_FIPS_mode_option.patch for context change + ------------------------------------------------------------------- Fri Sep 11 06:02:23 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 8494b5e..ea1cf65 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.8 +Version: 2.1.9 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ From 5ef3326c25cd45e778c4000334a6fcfb65adab05ffa76c55f1e11b7551eb1058 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 1 Dec 2015 08:16:50 +0000 Subject: [PATCH 089/156] Accepting request 346197 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/346197 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=98 --- gpg2.changes | 6 ++++++ gpg2.spec | 2 -- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 1164031..1448cfc 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 24 10:27:58 UTC 2015 - vcizek@suse.com + +- enable tests for PPC64 again, + the problem from bsc#935887 went away + ------------------------------------------------------------------- Sat Oct 10 11:39:55 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index ea1cf65..2d21dec 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -142,10 +142,8 @@ install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} %check %if ! 0%{?qemu_user_space_build} -%ifnarch ppc64 make %{?_smp_mflags} check %endif -%endif %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz From 0de22e52c5a0d9c35f2a01ab56ce85417e9c19be4dbfec0664df1c7cc2996ba6 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 9 Dec 2015 19:33:47 +0000 Subject: [PATCH 090/156] Accepting request 347481 from Base:System GnuPG 2.1.10 OBS-URL: https://build.opensuse.org/request/show/347481 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=99 --- gnupg-2.0.18-files-are-digests.patch | 54 +++++++++++----------- gnupg-2.1.10.tar.bz2 | 3 ++ gnupg-2.1.10.tar.bz2.sig | Bin 0 -> 574 bytes gnupg-2.1.9.tar.bz2 | 3 -- gnupg-2.1.9.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-add_legacy_FIPS_mode_option.patch | 26 +++++------ gnupg-set_umask_before_open_outfile.patch | 12 ++--- gpg2.changes | 44 ++++++++++++++++++ gpg2.spec | 7 ++- 9 files changed, 98 insertions(+), 51 deletions(-) create mode 100644 gnupg-2.1.10.tar.bz2 create mode 100644 gnupg-2.1.10.tar.bz2.sig delete mode 100644 gnupg-2.1.9.tar.bz2 delete mode 100644 gnupg-2.1.9.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 63fd170..961e5a0 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.3/g10/gpg.c +Index: gnupg-2.1.10/g10/gpg.c =================================================================== ---- gnupg-2.1.3.orig/g10/gpg.c 2015-04-06 14:03:32.000000000 +0200 -+++ gnupg-2.1.3/g10/gpg.c 2015-04-11 20:45:24.000000000 +0200 -@@ -352,6 +352,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:25:25.749577555 +0100 ++++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:26:04.777192262 +0100 +@@ -355,6 +355,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,23 +16,23 @@ Index: gnupg-2.1.3/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -738,6 +739,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_s (oPersonalCompressPreferences, - "personal-compress-preferences", "@"), - ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), +@@ -757,6 +758,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), + ARGPARSE_s_n (oUnwrap, "unwrap", "@"), + ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), + ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"), /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2148,6 +2150,7 @@ main (int argc, char **argv) +@@ -2483,6 +2485,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; set_homedir (default_homedir ()); opt.passphrase_repeat = 1; + opt.files_are_digests=0; opt.emit_version = 1; /* Limit to the major number. */ - - /* Check whether we have a config file on the command line. */ -@@ -2661,6 +2664,7 @@ main (int argc, char **argv) + opt.weak_digests = NULL; + additional_weak_digest("MD5"); +@@ -3022,6 +3025,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.3/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.3/g10/options.h +Index: gnupg-2.1.10/g10/options.h =================================================================== ---- gnupg-2.1.3.orig/g10/options.h 2015-04-06 13:41:53.000000000 +0200 -+++ gnupg-2.1.3/g10/options.h 2015-04-11 20:45:24.000000000 +0200 -@@ -194,6 +194,7 @@ struct +--- gnupg-2.1.10.orig/g10/options.h 2015-12-04 14:25:25.749577555 +0100 ++++ gnupg-2.1.10/g10/options.h 2015-12-04 14:25:28.472550675 +0100 +@@ -205,6 +205,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ Index: gnupg-2.1.3/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.3/g10/sign.c +Index: gnupg-2.1.10/g10/sign.c =================================================================== ---- gnupg-2.1.3.orig/g10/sign.c 2015-04-05 19:43:32.000000000 +0200 -+++ gnupg-2.1.3/g10/sign.c 2015-04-11 20:45:24.000000000 +0200 +--- gnupg-2.1.10.orig/g10/sign.c 2015-12-04 14:25:25.750577545 +0100 ++++ gnupg-2.1.10/g10/sign.c 2015-12-04 14:25:28.473550666 +0100 @@ -41,7 +41,7 @@ #include "pkglue.h" #include "sysutils.h" @@ -65,7 +65,7 @@ Index: gnupg-2.1.3/g10/sign.c #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" -@@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list +@@ -681,8 +681,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, pk); } @@ -78,7 +78,7 @@ Index: gnupg-2.1.3/g10/sign.c rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -765,6 +769,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -740,6 +744,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -87,7 +87,7 @@ Index: gnupg-2.1.3/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -781,7 +787,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -756,7 +762,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -105,7 +105,7 @@ Index: gnupg-2.1.3/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -802,7 +817,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -777,7 +792,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -114,7 +114,7 @@ Index: gnupg-2.1.3/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -940,7 +955,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -915,7 +930,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -123,7 +123,7 @@ Index: gnupg-2.1.3/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -995,6 +1010,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -970,6 +985,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -132,7 +132,7 @@ Index: gnupg-2.1.3/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1010,6 +1027,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -178,7 +178,7 @@ Index: gnupg-2.1.3/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1052,8 +1108,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1027,8 +1083,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, diff --git a/gnupg-2.1.10.tar.bz2 b/gnupg-2.1.10.tar.bz2 new file mode 100644 index 0000000..2e85c2a --- /dev/null +++ b/gnupg-2.1.10.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 +size 5173253 diff --git a/gnupg-2.1.10.tar.bz2.sig b/gnupg-2.1.10.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..a12710fd5cfdc4bac6c4543ca2ade005fb8f674613290e4b0482f59f7870cccc GIT binary patch literal 574 zcmV-E0>S->0UQJX0SEvF1p-!KaD@O02@oWkInqxhK zjdFa=@BSmOM^RJdPpFtZ53=nN9KB^A-!Nbl+nR9?TE3M{YLlDoRg$V`Z`)EWRm6MG zTbLb$JmhNX<}LKS@gNIMS35xy7?ZB%+2@z87SI&)1bnv?Whd0qf#cc2T~rF zB`gTs@NdWcQ=g}1e6m4XHEouTpg|EG;-vk&oDZ7d9ukkV4K%s+&V;NIN0|SytsT(j zVHk67Ja=t;TMO4syF^KFdh!R?e`0c&lYXI7P{Co>*1CxS90ULX2ml5J0#;#=V*m;X z5Fl}|iZi`G2Gq6({xW32O-c(zBEZH7K!D%YR77Pq^@Dn?Q^F|evau_&ABN38n+fJ5e(&cwlgqVIwbS>Arq!He(@J2uz9bKN*Q4Ie-G+LMaf~@IWV|{rZa7 zSz<%W&+Mp_n|_@&KPO zr&p%?NgG7z&Pr*}V{R>3sCaKnfX+sic;Rz7MY74)Ik@xKN{EPcn5ZiGNjrF>&k%X{ l^7=NJovj=x5_=Yb4Cb2=D1k;bA3Ci#spquedvWB@US+G7gu4I$ diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 1ce8325..968bc34 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.9/doc/gpg.texi +Index: gnupg-2.1.10/doc/gpg.texi =================================================================== ---- gnupg-2.1.9.orig/doc/gpg.texi -+++ gnupg-2.1.9/doc/gpg.texi -@@ -1778,6 +1778,24 @@ implies, this option is for experts only +--- gnupg-2.1.10.orig/doc/gpg.texi 2015-12-04 14:28:28.840769433 +0100 ++++ gnupg-2.1.10/doc/gpg.texi 2015-12-04 14:28:33.784720588 +0100 +@@ -1875,6 +1875,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.9/doc/gpg.texi @end table -Index: gnupg-2.1.9/g10/gpg.c +Index: gnupg-2.1.10/g10/gpg.c =================================================================== ---- gnupg-2.1.9.orig/g10/gpg.c -+++ gnupg-2.1.9/g10/gpg.c -@@ -386,6 +386,7 @@ enum cmd_and_opt_values - oNoAutostart, - oPrintPKARecords, - oPrintDANERecords, +--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:28:28.843769403 +0100 ++++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:29:04.084421214 +0100 +@@ -394,6 +394,7 @@ enum cmd_and_opt_values + oWeakDigest, + oUnwrap, + oOnlySignTextIDs, + oSetLegacyFips, oNoop }; -@@ -780,6 +781,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -796,6 +797,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.9/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3188,6 +3190,13 @@ main (int argc, char **argv) +@@ -3556,6 +3558,13 @@ main (int argc, char **argv) case oNoAutostart: opt.autostart = 0; break; diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index 39eb8c2..b18e04b 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.1.0/g10/plaintext.c +Index: gnupg-2.1.10/g10/plaintext.c =================================================================== ---- gnupg-2.1.0.orig/g10/plaintext.c 2014-11-07 11:35:18.100563974 +0100 -+++ gnupg-2.1.0/g10/plaintext.c 2014-11-07 16:51:59.919347340 +0100 +--- gnupg-2.1.10.orig/g10/plaintext.c 2015-11-30 17:39:52.000000000 +0100 ++++ gnupg-2.1.10/g10/plaintext.c 2015-12-04 14:26:56.876677813 +0100 @@ -25,6 +25,7 @@ #include #include @@ -18,9 +18,9 @@ Index: gnupg-2.1.0/g10/plaintext.c +#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR) +#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS) - /* Handle a plaintext packet. If MFX is not NULL, update the MDs - * Note: We should have used the filter stuff here, but we have to add -@@ -169,11 +173,15 @@ handle_plaintext (PKT_plaintext * pt, md + /* Get the output filename. On success, the actual filename that is + used is set in *FNAMEP and a filepointer is returned in *FP. +@@ -146,11 +150,15 @@ get_output_file (const byte *embedded_na log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); goto leave; } diff --git a/gpg2.changes b/gpg2.changes index 1448cfc..0400288 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,9 +1,53 @@ +------------------------------------------------------------------- +Fri Dec 4 13:35:40 UTC 2015 - astieger@suse.com + +- GnuPG 2.1.10 adds TOFU (Trust-On-First-USe) and anonymous key + retrival via Tor. + * gpg: New trust models "tofu" and "tofu+pgp". + * gpg: New command --tofu-policy. New options --tofu-default-policy + and --tofu-db-format. + * gpg: New option --weak-digest to specify hash algorithms which + should be considered weak. + * gpg: Allow the use of multiple --default-key options; take the last + available key. + * gpg: New option --encrypt-to-default-key. + * gpg: New option --unwrap to only strip the encryption layer. + * gpg: New option --only-sign-text-ids to exclude photo IDs from key + signing. + * gpg: Check for ambigious or non-matching key specification in the + config file or given to --encrypt-to. + * gpg: Show the used card reader with --card-status. + * gpg: Print export statistics and an EXPORTED status line. + * gpg: Allow selecting subkeys by keyid in --edit-key. + * gpg: Allow updating the expiration time of multiple subkeys at + once. + * dirmngr: New option --use-tor. For full support this requires + libassuan version 2.4.2 and a patched version of libadns + (e.g. adns-1.4-g10-7 as used by the standard Windows installer). + * dirmngr: New option --nameserver to specify the nameserver used in + Tor mode. + * dirmngr: Keyservers may again be specified by IP address. + * dirmngr: Fixed problems in resolving keyserver pools. + * dirmngr: Fixed handling of premature termination of TLS streams so + that large numbers of keys can be refreshed via hkps. + * gpg: Fixed a regression in --locate-key [since 2.1.9]. + * gpg: Fixed another bug for keyrings with legacy keys. + * gpgsm: Allow combinations of usage flags in --gen-key. + * Make tilde expansion work with most options. + * Many other cleanups and bug fixes. + ------------------------------------------------------------------- Tue Nov 24 10:27:58 UTC 2015 - vcizek@suse.com - enable tests for PPC64 again, the problem from bsc#935887 went away +------------------------------------------------------------------- +Fri Nov 20 16:03:03 UTC 2015 - astieger@suse.com + +- Improve upgrade to gpg2 from security:privacy w.r.t. libassuan + run-time dependencies (boo#955982) + ------------------------------------------------------------------- Sat Oct 10 11:39:55 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2d21dec..b3f10d7 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.9 +Version: 2.1.10 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -38,7 +38,7 @@ BuildRequires: expect BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 BuildRequires: libadns-devel -BuildRequires: libassuan-devel >= 2.1.0 +BuildRequires: libassuan-devel >= 2.4.1 BuildRequires: libbz2-devel BuildRequires: libcurl-devel >= 7.10 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG @@ -52,7 +52,10 @@ BuildRequires: npth-devel >= 0.91 BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: readline-devel +BuildRequires: sqlite3-devel >= 3.7 BuildRequires: zlib-devel +# Add an explicit runtime dependency to match boo#955982 +Requires: libassuan0 >= 2.4.1 Requires: pinentry # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{install_info_prereq} From a1ba7ab59c6c9e9d1ae68d86ee243af7b48ef6d8891a64ae4a014c6562f3ff43 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 25 Dec 2015 12:05:41 +0000 Subject: [PATCH 091/156] Accepting request 350481 from Base:System Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/350481 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=100 --- gpg2.changes | 5 +++++ gpg2.spec | 12 ++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 0400288..8209510 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sun Dec 6 14:14:45 UTC 2015 - p.drouand@gmail.com + +- Move to pkgconfig() packaging style + ------------------------------------------------------------------- Fri Dec 4 13:35:40 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index b3f10d7..a8d3136 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -36,24 +36,24 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch BuildRequires: expect BuildRequires: fdupes -BuildRequires: gnutls-devel >= 3.0 BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.4.1 -BuildRequires: libbz2-devel -BuildRequires: libcurl-devel >= 7.10 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.6.1 BuildRequires: libgpg-error-devel >= 1.16 BuildRequires: libksba-devel >= 1.2.0 -BuildRequires: libusb-devel BuildRequires: makeinfo BuildRequires: npth-devel >= 0.91 BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: readline-devel -BuildRequires: sqlite3-devel >= 3.7 -BuildRequires: zlib-devel +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(gnutls) >= 3.0 +BuildRequires: pkgconfig(libcurl) >= 7.10 +BuildRequires: pkgconfig(libusb-1.0) +BuildRequires: pkgconfig(sqlite3) >= 3.7 +BuildRequires: pkgconfig(zlib) # Add an explicit runtime dependency to match boo#955982 Requires: libassuan0 >= 2.4.1 Requires: pinentry From 009fb9ad0b32d8129aea7374af8520f4837fc02d6e34f758e6f06979df916104 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 28 Jan 2016 16:20:05 +0000 Subject: [PATCH 092/156] Accepting request 356125 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/356125 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=101 --- ...ve-the-keyblock-cache-s-transparency.patch | 105 ++++++++++++++++++ gpg2.changes | 13 +++ gpg2.spec | 6 +- 3 files changed, 122 insertions(+), 2 deletions(-) create mode 100644 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch diff --git a/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch b/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch new file mode 100644 index 0000000..d3f80b1 --- /dev/null +++ b/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch @@ -0,0 +1,105 @@ +From 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41 Mon Sep 17 00:00:00 2001 +From: "Neal H. Walfield" +Date: Tue, 15 Dec 2015 12:21:30 +0100 +Subject: [PATCH] gpg: Improve the keyblock cache's transparency. + +* kbx/keybox-search.c (keybox_offset): New function. +* g10/keydb.c (struct keyblock_cache): Add fields resource and offset. +(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and +HD->KEYBLOCK_CACHE.OFFSET. +(keydb_search): Don't use the cached result if it comes before the +current file position. When caching an entry, also record the +position at which it was found. + +-- +Signed-off-by: Neal H. Walfield +GnuPG-bug-id: 2187 +--- + g10/keydb.c | 19 ++++++++++++++++++- + kbx/keybox-search.c | 8 ++++++++ + kbx/keybox.h | 2 ++ + 3 files changed, 28 insertions(+), 1 deletion(-) + +diff --git a/g10/keydb.c b/g10/keydb.c +index d7c35de..860187f 100644 +--- a/g10/keydb.c ++++ b/g10/keydb.c +@@ -81,6 +81,9 @@ struct keyblock_cache { + u32 *sigstatus; + int pk_no; + int uid_no; ++ /* Offset of the record in the keybox. */ ++ int resource; ++ off_t offset; + }; + + +@@ -245,6 +248,8 @@ keyblock_cache_clear (struct keydb_handle *hd) + hd->keyblock_cache.sigstatus = NULL; + iobuf_close (hd->keyblock_cache.iobuf); + hd->keyblock_cache.iobuf = NULL; ++ hd->keyblock_cache.resource = -1; ++ hd->keyblock_cache.offset = -1; + } + + +@@ -1701,7 +1706,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20 + || desc[0].mode == KEYDB_SEARCH_MODE_FPR) + && hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED +- && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)) ++ && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20) ++ /* Make sure the current file position occurs before the cached ++ result to avoid an infinite loop. */ ++ && (hd->current < hd->keyblock_cache.resource ++ || (hd->current == hd->keyblock_cache.resource ++ && (keybox_offset (hd->active[hd->current].u.kb) ++ <= hd->keyblock_cache.offset)))) + { + /* (DESCINDEX is already set). */ + if (DBG_CLOCK) +@@ -1772,6 +1783,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX) + { + hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED; ++ hd->keyblock_cache.resource = hd->current; ++ /* The current offset is at the start of the next record. Since ++ a record is at least 1 byte, we just use offset - 1, which is ++ within the record. */ ++ hd->keyblock_cache.offset ++ = keybox_offset (hd->active[hd->current].u.kb) - 1; + memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20); + } + +diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c +index 78e0c23..df959b6 100644 +--- a/kbx/keybox-search.c ++++ b/kbx/keybox-search.c +@@ -1188,3 +1188,11 @@ keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value) + ec = get_flag_from_image (buffer, length, what, value); + return ec? gpg_error (ec):0; + } ++ ++off_t ++keybox_offset (KEYBOX_HANDLE hd) ++{ ++ if (!hd->fp) ++ return 0; ++ return ftello (hd->fp); ++} +diff --git a/kbx/keybox.h b/kbx/keybox.h +index 8c31141..c91a282 100644 +--- a/kbx/keybox.h ++++ b/kbx/keybox.h +@@ -77,6 +77,8 @@ int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes); + + int keybox_lock (KEYBOX_HANDLE hd, int yes); + ++off_t keybox_offset (KEYBOX_HANDLE hd); ++ + /*-- keybox-file.c --*/ + /* Fixme: This function does not belong here: Provide a better + interface to create a new keybox file. */ +-- +2.6.2 + diff --git a/gpg2.changes b/gpg2.changes index 8209510..b7d3ef3 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Jan 26 20:23:18 UTC 2016 - astieger@suse.com + +- add g13, an experimental tool for accessing encrypted storage + with with GnuPG (cards) + +------------------------------------------------------------------- +Tue Jan 19 13:56:58 UTC 2016 - vcizek@suse.com + +- fix fingerprint ambiguity (bsc#958891) + * https://bugs.gnupg.org/gnupg/issue2198 + * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch + ------------------------------------------------------------------- Sun Dec 6 14:14:45 UTC 2015 - p.drouand@gmail.com diff --git a/gpg2.spec b/gpg2.spec index a8d3136..7bddb80 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -84,6 +85,7 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build # build PIEs (position independent executables) for address space randomisation: @@ -107,7 +109,7 @@ date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) --enable-gpgsm=yes \ --enable-gpg \ --enable-gpgtar \ - --enable-large-rsa \ + --enable-g13 \ --enable-large-secmem \ --with-gnu-ld \ --enable-build-timestamp=$date From 1d142dbbfb90ec57bdd3d8519bdd9d4f101ae44f9dfe951e712217c8b9cf98da Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 9 Mar 2016 14:16:27 +0000 Subject: [PATCH 093/156] Accepting request 367545 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/367545 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=102 --- ...ve-the-keyblock-cache-s-transparency.patch | 105 ------------------ gnupg-2.1.10.tar.bz2 | 3 - gnupg-2.1.10.tar.bz2.sig | Bin 574 -> 0 bytes gnupg-2.1.11.tar.bz2 | 3 + gnupg-2.1.11.tar.bz2.sig | Bin 0 -> 574 bytes gpg2.changes | 36 ++++++ gpg2.spec | 21 +--- 7 files changed, 44 insertions(+), 124 deletions(-) delete mode 100644 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch delete mode 100644 gnupg-2.1.10.tar.bz2 delete mode 100644 gnupg-2.1.10.tar.bz2.sig create mode 100644 gnupg-2.1.11.tar.bz2 create mode 100644 gnupg-2.1.11.tar.bz2.sig diff --git a/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch b/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch deleted file mode 100644 index d3f80b1..0000000 --- a/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41 Mon Sep 17 00:00:00 2001 -From: "Neal H. Walfield" -Date: Tue, 15 Dec 2015 12:21:30 +0100 -Subject: [PATCH] gpg: Improve the keyblock cache's transparency. - -* kbx/keybox-search.c (keybox_offset): New function. -* g10/keydb.c (struct keyblock_cache): Add fields resource and offset. -(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and -HD->KEYBLOCK_CACHE.OFFSET. -(keydb_search): Don't use the cached result if it comes before the -current file position. When caching an entry, also record the -position at which it was found. - --- -Signed-off-by: Neal H. Walfield -GnuPG-bug-id: 2187 ---- - g10/keydb.c | 19 ++++++++++++++++++- - kbx/keybox-search.c | 8 ++++++++ - kbx/keybox.h | 2 ++ - 3 files changed, 28 insertions(+), 1 deletion(-) - -diff --git a/g10/keydb.c b/g10/keydb.c -index d7c35de..860187f 100644 ---- a/g10/keydb.c -+++ b/g10/keydb.c -@@ -81,6 +81,9 @@ struct keyblock_cache { - u32 *sigstatus; - int pk_no; - int uid_no; -+ /* Offset of the record in the keybox. */ -+ int resource; -+ off_t offset; - }; - - -@@ -245,6 +248,8 @@ keyblock_cache_clear (struct keydb_handle *hd) - hd->keyblock_cache.sigstatus = NULL; - iobuf_close (hd->keyblock_cache.iobuf); - hd->keyblock_cache.iobuf = NULL; -+ hd->keyblock_cache.resource = -1; -+ hd->keyblock_cache.offset = -1; - } - - -@@ -1701,7 +1706,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, - && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20 - || desc[0].mode == KEYDB_SEARCH_MODE_FPR) - && hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED -- && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)) -+ && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20) -+ /* Make sure the current file position occurs before the cached -+ result to avoid an infinite loop. */ -+ && (hd->current < hd->keyblock_cache.resource -+ || (hd->current == hd->keyblock_cache.resource -+ && (keybox_offset (hd->active[hd->current].u.kb) -+ <= hd->keyblock_cache.offset)))) - { - /* (DESCINDEX is already set). */ - if (DBG_CLOCK) -@@ -1772,6 +1783,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, - && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX) - { - hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED; -+ hd->keyblock_cache.resource = hd->current; -+ /* The current offset is at the start of the next record. Since -+ a record is at least 1 byte, we just use offset - 1, which is -+ within the record. */ -+ hd->keyblock_cache.offset -+ = keybox_offset (hd->active[hd->current].u.kb) - 1; - memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20); - } - -diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c -index 78e0c23..df959b6 100644 ---- a/kbx/keybox-search.c -+++ b/kbx/keybox-search.c -@@ -1188,3 +1188,11 @@ keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value) - ec = get_flag_from_image (buffer, length, what, value); - return ec? gpg_error (ec):0; - } -+ -+off_t -+keybox_offset (KEYBOX_HANDLE hd) -+{ -+ if (!hd->fp) -+ return 0; -+ return ftello (hd->fp); -+} -diff --git a/kbx/keybox.h b/kbx/keybox.h -index 8c31141..c91a282 100644 ---- a/kbx/keybox.h -+++ b/kbx/keybox.h -@@ -77,6 +77,8 @@ int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes); - - int keybox_lock (KEYBOX_HANDLE hd, int yes); - -+off_t keybox_offset (KEYBOX_HANDLE hd); -+ - /*-- keybox-file.c --*/ - /* Fixme: This function does not belong here: Provide a better - interface to create a new keybox file. */ --- -2.6.2 - diff --git a/gnupg-2.1.10.tar.bz2 b/gnupg-2.1.10.tar.bz2 deleted file mode 100644 index 2e85c2a..0000000 --- a/gnupg-2.1.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:93bd58d81771a4fa488566e5d2e13b1fd7afc86789401eb41731882abfd26cf9 -size 5173253 diff --git a/gnupg-2.1.10.tar.bz2.sig b/gnupg-2.1.10.tar.bz2.sig deleted file mode 100644 index a12710fd5cfdc4bac6c4543ca2ade005fb8f674613290e4b0482f59f7870cccc..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 574 zcmV-E0>S->0UQJX0SEvF1p-!KaD@O02@oWkInqxhK zjdFa=@BSmOM^RJdPpFtZ53=nN9KB^A-!Nbl+nR9?TE3M{YLlDoRg$V`Z`)EWRm6MG zTbLb$JmhNX<}LKS@gNIMS35xy7?ZB%+2@z87SI&)1bnv?Whd0qf#cc2T~rF zB`gTs@NdWcQ=g}1e6m4XHEouTpg|EG;-vk&oDZ7d9ukkV4K%s+&V;NIN0|SytsT(j zVHk67Ja=t;TMO4syF^KFdh!R?e`0c&lYXI7P{Co>*1CxS90ULX2ml5J0#;#=V*m;X z5Fl}|iZi`G2Gq6({xW32O-c(zBEZH7K!D%YR77Pq^@Dn?Q^F|evau_&AS->0UQJX0SEvF1p-#5aFGBC2@oWkInqxhs<2mgJj`c3u-$2eZPKH#NW ze_$S)jrX+HMXuHb`_y8>IaMc3PMl%iN(Sqv|F(6<>mp8@-Q9Uv6t9zv?^T*#E|1tf zt3Qb3fJMT(kI_d{mH85SOokT%he=2fAjJKsOt-kto@&%oNW7^FGWpxTWc+2?(8he+ z2)zVQ-`?V~p5X&8zisj52G`qW_kl#7Fbo4mZ|KFb5%e&Thv+9Dbs`~#Zp9CH!Yf0j zIQU_`^=LS8lE;#kB?=d+c@yTCq*?wNPzE#nx|T=miCi_IcYtw)1yv$=SzPVZH-4^! z@Xx(Q+P1Y6UHV%%nt^coC6nAcW*iZ3UB7aOTw9^N(?p2@90ULX2ml5J0#>LhLjVd1 z5Fl}|iZi`G24i^#{T})KgrGnd?^TrhxNhMl?;)x*2c&qW<`|l~b)8UybO z>Ilc^w)C$80poUbb*B?0B?RdP*Hu^h-}h@XTO39H4?oy5k3=K9C^R^G!<;hO7o}mZ M(% 1020 @@ -146,9 +135,9 @@ install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} %endif %check -%if ! 0%{?qemu_user_space_build} -make %{?_smp_mflags} check -%endif +# %if ! 0%{?qemu_user_space_build} +# make %{?_smp_mflags} check +# %endif %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz From 7db1ff1a06044754d09bba6ad127b5c0f5d5e19155fa3539ce262d8890ea5951 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 17 May 2016 15:07:00 +0000 Subject: [PATCH 094/156] Accepting request 394637 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/394637 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=103 --- gnupg-2.1.11.tar.bz2 | 3 --- gnupg-2.1.11.tar.bz2.sig | Bin 574 -> 0 bytes gnupg-2.1.12.tar.bz2 | 3 +++ gnupg-2.1.12.tar.bz2.sig | Bin 0 -> 574 bytes gnupg-set_umask_before_open_outfile.patch | 14 +++++----- gpg2.changes | 31 ++++++++++++++++++++++ gpg2.spec | 3 ++- 7 files changed, 43 insertions(+), 11 deletions(-) delete mode 100644 gnupg-2.1.11.tar.bz2 delete mode 100644 gnupg-2.1.11.tar.bz2.sig create mode 100644 gnupg-2.1.12.tar.bz2 create mode 100644 gnupg-2.1.12.tar.bz2.sig diff --git a/gnupg-2.1.11.tar.bz2 b/gnupg-2.1.11.tar.bz2 deleted file mode 100644 index 956c438..0000000 --- a/gnupg-2.1.11.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b7b0fb2c8c5d47d7ec916d4a1097c0ddcb94a12bb1c0ac424ad86b1ee316b61a -size 5224007 diff --git a/gnupg-2.1.11.tar.bz2.sig b/gnupg-2.1.11.tar.bz2.sig deleted file mode 100644 index 32fba6c95065c110a87eb485bed5bb3af9d5cfcafd07e5a4f6daf2139b1e90a8..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 574 zcmV-E0>S->0UQJX0SEvF1p-#5aFGBC2@oWkInqxhs<2mgJj`c3u-$2eZPKH#NW ze_$S)jrX+HMXuHb`_y8>IaMc3PMl%iN(Sqv|F(6<>mp8@-Q9Uv6t9zv?^T*#E|1tf zt3Qb3fJMT(kI_d{mH85SOokT%he=2fAjJKsOt-kto@&%oNW7^FGWpxTWc+2?(8he+ z2)zVQ-`?V~p5X&8zisj52G`qW_kl#7Fbo4mZ|KFb5%e&Thv+9Dbs`~#Zp9CH!Yf0j zIQU_`^=LS8lE;#kB?=d+c@yTCq*?wNPzE#nx|T=miCi_IcYtw)1yv$=SzPVZH-4^! z@Xx(Q+P1Y6UHV%%nt^coC6nAcW*iZ3UB7aOTw9^N(?p2@90ULX2ml5J0#>LhLjVd1 z5Fl}|iZi`G24i^#{T})KgrGnd?^TrhxNhMl?;)x*2c&qW<`|l~b)8UybO z>Ilc^w)C$80poUbb*B?0B?RdP*Hu^h-}h@XTO39H4?oy5k3=K9C^R^G!<;hO7o}mZ M(%S->0UQJX0SEvF1p-$p0jmHC2@oWkInqxhMO!k;5iY+f|feqg2`6y$fd%gRXL3a_?g0mu<^ZwuA=`l!z=9DqH$IF34)LH61BiBS}h z1&&@cJ}&ERBy~rFPZVx%0VxF(7I{cGue!f?dxv@D>}-hv90ULX2ml5J0#_?Jy8sFa z5Fl}|iZi`G2L56P|6iPV_uulhlVuSc%yFGNQV0OotN9`p<2S`_N8=DXm$c~o%nD;C zV|q;&cyg#AcxS^1#4`>D9$prSgAJKuJL9fC77n*qG|89Hx2L5-8*3wnlSNKi$24by zi+n(D`D0TH;oSS2fcNOeppkixfutZgd+i}Fca==@`|S4Z1l}T2Mq_B~$EXOolkPuM zI;xn)WO*%?>H`+;9f#1UD&+#%f6+7X@>x6jhMC!vV4;^%)xLqBS`F;I7|gejcg18O zqIz0KG!f@@w=u5YnGExxFu;a$zi?4jc6$}55f30ie`t@PQS#m#heWYm$h99#5uFR} Mu2+ga_x5h#93Zg_?*IS* literal 0 HcmV?d00001 diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index b18e04b..291939a 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,16 +1,16 @@ -Index: gnupg-2.1.10/g10/plaintext.c +Index: gnupg-2.1.12/g10/plaintext.c =================================================================== ---- gnupg-2.1.10.orig/g10/plaintext.c 2015-11-30 17:39:52.000000000 +0100 -+++ gnupg-2.1.10/g10/plaintext.c 2015-12-04 14:26:56.876677813 +0100 -@@ -25,6 +25,7 @@ +--- gnupg-2.1.12.orig/g10/plaintext.c 2016-05-04 11:43:16.000000000 +0200 ++++ gnupg-2.1.12/g10/plaintext.c 2016-05-04 17:36:13.945784756 +0200 +@@ -24,6 +24,7 @@ + #include #include - #include #include +#include #ifdef HAVE_DOSISH_SYSTEM # include /* for setmode() */ #endif -@@ -39,6 +40,9 @@ +@@ -38,6 +39,9 @@ #include "status.h" #include "i18n.h" @@ -20,7 +20,7 @@ Index: gnupg-2.1.10/g10/plaintext.c /* Get the output filename. On success, the actual filename that is used is set in *FNAMEP and a filepointer is returned in *FP. -@@ -146,11 +150,15 @@ get_output_file (const byte *embedded_na +@@ -145,11 +149,15 @@ get_output_file (const byte *embedded_na log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); goto leave; } diff --git a/gpg2.changes b/gpg2.changes index 07b7982..91a16d4 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Wed May 4 15:37:12 UTC 2016 - astieger@suse.com + +- GnuPG 2.1.12: + * gpg: New --edit-key sub-command "change-usage" for testing + purposes. + * gpg: Out of order key-signatures are now systematically detected + and fixed by --edit-key. + * gpg: Improved detection of non-armored messages. + * gpg: Removed the extra prompt needed to create Curve25519 keys. + * gpg: Improved user ID selection for --quick-sign-key. + * gpg: Use the root CAs provided by the system with --fetch-key. + * gpg: Add support for the experimental Web Key Directory key + location service. + * gpg: Improve formatting of Tofu messages and emit new Tofu specific + status lines. + * gpgsm: Add option --pinentry-mode to support a loopback pinentry. + * gpgsm: A new pubring.kbx is now created with the header blob so + that gpg can detect that the keybox format needs to be used. + * agent: Add read support for the new private key protection format + openpgp-s2k-ocb-aes. + * agent: Add read support for the new extended private key format. + * agent: Default to --allow-loopback-pinentry and add option + --no-allow-loopback-pinentry. + * scd: Changed to use the new libusb 1.0 API for the internal CCID + driver. + * dirmngr: The dirmngr-client does now auto-detect the PEM format. + * g13: Add experimental support for dm-crypt. + * The man pages for gpg and gpgv are now installed under the correct + name (gpg2 or gpg - depending on a configure option). + ------------------------------------------------------------------- Sun Mar 6 08:17:00 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 1ae65e7..93be054 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.11 +Version: 2.1.12 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -157,6 +157,7 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %{_libdir}/[^d]* %{_sbindir}/addgnupghome %{_sbindir}/applygnupgdefaults +%{_sbindir}/g13-syshelp %{_datadir}/gnupg %dir %{_sysconfdir}/gnupg %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf From 3578bdf698ca90637aefb7b75556fcde427a8d4417fbc6beaceabbeb29f1df33 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 7 Jun 2016 21:43:36 +0000 Subject: [PATCH 095/156] Accepting request 399868 from Base:System - add gnupg-fix-signature-checking.patch (bsc#981020) https://bugs.gnupg.org/gnupg/issue2351 OBS-URL: https://build.opensuse.org/request/show/399868 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=104 --- gnupg-fix-signature-checking.patch | 50 ++++++++++++++++++++++++++++++ gpg2.changes | 6 ++++ gpg2.spec | 2 ++ 3 files changed, 58 insertions(+) create mode 100644 gnupg-fix-signature-checking.patch diff --git a/gnupg-fix-signature-checking.patch b/gnupg-fix-signature-checking.patch new file mode 100644 index 0000000..9ede8fe --- /dev/null +++ b/gnupg-fix-signature-checking.patch @@ -0,0 +1,50 @@ +From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Wed, 11 May 2016 19:27:03 +0900 +Subject: [PATCH] g10: Fix signature checking. + +* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to +walk_kbnode. + +-- + +Thanks to Vincent Brillault (Feandil). + +GnuPG-bug-id: 2351 +Signed-off-by: NIIBE Yutaka +--- + g10/sig-check.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/g10/sig-check.c b/g10/sig-check.c +index 290f19a..7000b48 100644 +--- a/g10/sig-check.c ++++ b/g10/sig-check.c +@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer, + *is_selfsig = 1; + } + else +- /* See if one of the subkeys was the signer (although this is +- extremely unlikely). */ + { + kbnode_t ctx = NULL; + kbnode_t n; + +- while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY))) ++ /* See if one of the subkeys was the signer (although this ++ is extremely unlikely). */ ++ while ((n = walk_kbnode (kb, &ctx, 0))) + { +- PKT_public_key *subk = n->pkt->pkt.public_key; ++ PKT_public_key *subk; ++ ++ if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY) ++ continue; ++ ++ subk = n->pkt->pkt.public_key; + if (sig->keyid[0] == subk->keyid[0] + && sig->keyid[1] == subk->keyid[1]) + /* Issued by a subkey. */ +-- +2.8.0.rc3 + diff --git a/gpg2.changes b/gpg2.changes index 91a16d4..cb5faec 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 2 16:01:40 UTC 2016 - pjanouch@suse.de + +- add gnupg-fix-signature-checking.patch (bsc#981020) + https://bugs.gnupg.org/gnupg/issue2351 + ------------------------------------------------------------------- Wed May 4 15:37:12 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 93be054..467e25a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-fix-signature-checking.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -84,6 +85,7 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) From b9bb071952988b5cfa9b33ea13659b5c956332dd28b7a1f7497e39d85185aa9a Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 9 Jul 2016 07:17:21 +0000 Subject: [PATCH 096/156] Accepting request 402817 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/402817 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=105 --- gnupg-2.0.18-files-are-digests.patch | 56 ++++++++++++------------ gnupg-2.1.12.tar.bz2 | 3 -- gnupg-2.1.12.tar.bz2.sig | Bin 574 -> 0 bytes gnupg-2.1.13.tar.bz2 | 3 ++ gnupg-2.1.13.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-add_legacy_FIPS_mode_option.patch | 22 +++++----- gnupg-fix-signature-checking.patch | 50 --------------------- gpg2.changes | 31 +++++++++++++ gpg2.spec | 4 +- 9 files changed, 74 insertions(+), 95 deletions(-) delete mode 100644 gnupg-2.1.12.tar.bz2 delete mode 100644 gnupg-2.1.12.tar.bz2.sig create mode 100644 gnupg-2.1.13.tar.bz2 create mode 100644 gnupg-2.1.13.tar.bz2.sig delete mode 100644 gnupg-fix-signature-checking.patch diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 961e5a0..e08ff98 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.10/g10/gpg.c +Index: gnupg-2.1.13/g10/gpg.c =================================================================== ---- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:25:25.749577555 +0100 -+++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:26:04.777192262 +0100 -@@ -355,6 +355,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.13.orig/g10/gpg.c ++++ gnupg-2.1.13/g10/gpg.c +@@ -358,6 +358,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.10/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -757,6 +758,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -770,6 +771,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,15 +24,15 @@ Index: gnupg-2.1.10/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2483,6 +2485,7 @@ main (int argc, char **argv) +@@ -2247,6 +2249,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; - set_homedir (default_homedir ()); + gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; + opt.files_are_digests=0; opt.emit_version = 1; /* Limit to the major number. */ opt.weak_digests = NULL; additional_weak_digest("MD5"); -@@ -3022,6 +3025,7 @@ main (int argc, char **argv) +@@ -2797,6 +2800,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.10/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.10/g10/options.h +Index: gnupg-2.1.13/g10/options.h =================================================================== ---- gnupg-2.1.10.orig/g10/options.h 2015-12-04 14:25:25.749577555 +0100 -+++ gnupg-2.1.10/g10/options.h 2015-12-04 14:25:28.472550675 +0100 -@@ -205,6 +205,7 @@ struct +--- gnupg-2.1.13.orig/g10/options.h ++++ gnupg-2.1.13/g10/options.h +@@ -206,6 +206,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,20 +52,20 @@ Index: gnupg-2.1.10/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.10/g10/sign.c +Index: gnupg-2.1.13/g10/sign.c =================================================================== ---- gnupg-2.1.10.orig/g10/sign.c 2015-12-04 14:25:25.750577545 +0100 -+++ gnupg-2.1.10/g10/sign.c 2015-12-04 14:25:28.473550666 +0100 -@@ -41,7 +41,7 @@ - #include "pkglue.h" - #include "sysutils.h" +--- gnupg-2.1.13.orig/g10/sign.c ++++ gnupg-2.1.13/g10/sign.c +@@ -42,6 +42,8 @@ #include "call-agent.h" -- -+#include "host2net.h" + #include "mbox-util.h" ++#include "host2net.h" ++ #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" -@@ -681,8 +681,12 @@ write_signature_packets (SK_LIST sk_list + #else +@@ -694,8 +696,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, pk); } @@ -78,7 +78,7 @@ Index: gnupg-2.1.10/g10/sign.c rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -740,6 +744,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -753,6 +759,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -87,7 +87,7 @@ Index: gnupg-2.1.10/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -756,7 +762,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -769,7 +777,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -105,7 +105,7 @@ Index: gnupg-2.1.10/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -777,7 +792,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -790,7 +807,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -114,7 +114,7 @@ Index: gnupg-2.1.10/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -915,7 +930,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -928,7 +945,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -123,7 +123,7 @@ Index: gnupg-2.1.10/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -970,6 +985,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -983,6 +1000,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -132,7 +132,7 @@ Index: gnupg-2.1.10/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1010,6 +1027,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1023,6 +1042,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -178,7 +178,7 @@ Index: gnupg-2.1.10/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1027,8 +1083,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1040,8 +1098,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, diff --git a/gnupg-2.1.12.tar.bz2 b/gnupg-2.1.12.tar.bz2 deleted file mode 100644 index 812395b..0000000 --- a/gnupg-2.1.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506 -size 5510723 diff --git a/gnupg-2.1.12.tar.bz2.sig b/gnupg-2.1.12.tar.bz2.sig deleted file mode 100644 index 98d8011791a246ca2600b873b5ab042fb7d20e0f042fc0636a0a711f63bf72e8..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 574 zcmV-E0>S->0UQJX0SEvF1p-$p0jmHC2@oWkInqxhMO!k;5iY+f|feqg2`6y$fd%gRXL3a_?g0mu<^ZwuA=`l!z=9DqH$IF34)LH61BiBS}h z1&&@cJ}&ERBy~rFPZVx%0VxF(7I{cGue!f?dxv@D>}-hv90ULX2ml5J0#_?Jy8sFa z5Fl}|iZi`G2L56P|6iPV_uulhlVuSc%yFGNQV0OotN9`p<2S`_N8=DXm$c~o%nD;C zV|q;&cyg#AcxS^1#4`>D9$prSgAJKuJL9fC77n*qG|89Hx2L5-8*3wnlSNKi$24by zi+n(D`D0TH;oSS2fcNOeppkixfutZgd+i}Fca==@`|S4Z1l}T2Mq_B~$EXOolkPuM zI;xn)WO*%?>H`+;9f#1UD&+#%f6+7X@>x6jhMC!vV4;^%)xLqBS`F;I7|gejcg18O zqIz0KG!f@@w=u5YnGExxFu;a$zi?4jc6$}55f30ie`t@PQS#m#heWYm$h99#5uFR} Mu2+ga_x5h#93Zg_?*IS* diff --git a/gnupg-2.1.13.tar.bz2 b/gnupg-2.1.13.tar.bz2 new file mode 100644 index 0000000..6c6df08 --- /dev/null +++ b/gnupg-2.1.13.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4f9d83a6221daa60130fa79f0b1d37d6c20fffdd0320b640c7a597c5b6219675 +size 5545361 diff --git a/gnupg-2.1.13.tar.bz2.sig b/gnupg-2.1.13.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..2507d3ae2166a5f92eb94ed17b7197b18164382c81d9a66463daa84b5d61cf29 GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-%M#s&Zi2@oWkInqxh?9xTxQ0?Ld@`HF4T!;kK9ITfz!Z#QvWDnRz5M6p2ZdWJh$25s-x(GTs<0~& zTv!7k!ft!|xAt`=a~q8YIAs_W4dYWYViw);Kf@>ueKo*6)ne|#;58y7VSr#DdSG>r lYR^tx6`!MMK;7eD&BHVM&K^ literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 968bc34..71d7ba4 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.10/doc/gpg.texi +Index: gnupg-2.1.13/doc/gpg.texi =================================================================== ---- gnupg-2.1.10.orig/doc/gpg.texi 2015-12-04 14:28:28.840769433 +0100 -+++ gnupg-2.1.10/doc/gpg.texi 2015-12-04 14:28:33.784720588 +0100 -@@ -1875,6 +1875,24 @@ implies, this option is for experts only +--- gnupg-2.1.13.orig/doc/gpg.texi ++++ gnupg-2.1.13/doc/gpg.texi +@@ -1996,6 +1996,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.10/doc/gpg.texi @end table -Index: gnupg-2.1.10/g10/gpg.c +Index: gnupg-2.1.13/g10/gpg.c =================================================================== ---- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:28:28.843769403 +0100 -+++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:29:04.084421214 +0100 -@@ -394,6 +394,7 @@ enum cmd_and_opt_values - oWeakDigest, +--- gnupg-2.1.13.orig/g10/gpg.c ++++ gnupg-2.1.13/g10/gpg.c +@@ -398,6 +398,7 @@ enum cmd_and_opt_values oUnwrap, oOnlySignTextIDs, + oDisableSignerUID, + oSetLegacyFips, oNoop }; -@@ -796,6 +797,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -809,6 +810,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.10/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3556,6 +3558,13 @@ main (int argc, char **argv) +@@ -3330,6 +3332,13 @@ main (int argc, char **argv) case oNoAutostart: opt.autostart = 0; break; diff --git a/gnupg-fix-signature-checking.patch b/gnupg-fix-signature-checking.patch deleted file mode 100644 index 9ede8fe..0000000 --- a/gnupg-fix-signature-checking.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Wed, 11 May 2016 19:27:03 +0900 -Subject: [PATCH] g10: Fix signature checking. - -* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to -walk_kbnode. - --- - -Thanks to Vincent Brillault (Feandil). - -GnuPG-bug-id: 2351 -Signed-off-by: NIIBE Yutaka ---- - g10/sig-check.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/g10/sig-check.c b/g10/sig-check.c -index 290f19a..7000b48 100644 ---- a/g10/sig-check.c -+++ b/g10/sig-check.c -@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer, - *is_selfsig = 1; - } - else -- /* See if one of the subkeys was the signer (although this is -- extremely unlikely). */ - { - kbnode_t ctx = NULL; - kbnode_t n; - -- while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY))) -+ /* See if one of the subkeys was the signer (although this -+ is extremely unlikely). */ -+ while ((n = walk_kbnode (kb, &ctx, 0))) - { -- PKT_public_key *subk = n->pkt->pkt.public_key; -+ PKT_public_key *subk; -+ -+ if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY) -+ continue; -+ -+ subk = n->pkt->pkt.public_key; - if (sig->keyid[0] == subk->keyid[0] - && sig->keyid[1] == subk->keyid[1]) - /* Issued by a subkey. */ --- -2.8.0.rc3 - diff --git a/gpg2.changes b/gpg2.changes index cb5faec..80ceebd 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com + +- GnuPG 2.1.13: + * gpg: New command --quick-addkey. Extend the --quick-gen-key + command. + * gpg: New --keyid-format "none" which is now also the default. + * gpg: New option --with-subkey-fingerprint. + * gpg: Include Signer's UID subpacket in signatures if the secret key + has been specified using a mail address and the new option + --disable-signer-uid is not used. + * gpg: Allow unattended deletion of a secret key. + * gpg: Allow export of non-passphrase protected secret keys. + * gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS. + * gpg: Change status line TOFU_STATS_LONG to use '~' as + a non-breaking-space character. + * gpg: Speedup key listings in Tofu mode. + * gpg: Make sure that the current and total values of a PROGRESS + status line are small enough. + * gpgsm: Allow the use of AES192 and SERPENT ciphers. + * dirmngr: Adjust WKD lookup to current specs. + * dirmngr: Fallback to LDAP v3 if v2 is is not supported. + * gpgconf: New commands --create-socketdir and --remove-socketdir, + new option --homedir. + * If a /run/user/$UID directory exists, that directory is now used + for IPC sockets instead of the GNUPGHOME directory. This fixes + problems with NFS and too long socket names and thus avoids the + need for redirection files. + * Speedup fd closing after a fork. +- drop upstreamed gnupg-fix-signature-checking.patch + ------------------------------------------------------------------- Thu Jun 2 16:01:40 UTC 2016 - pjanouch@suse.de diff --git a/gpg2.spec b/gpg2.spec index 467e25a..7c2283a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.12 +Version: 2.1.13 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -34,7 +34,6 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-fix-signature-checking.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -85,7 +84,6 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 %build date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) From 677e15e75eb1033e561c3ac01d1a0ef2713a3d5dcbeac7f431de372d2f34c452 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 6 Aug 2016 18:36:23 +0000 Subject: [PATCH 097/156] Accepting request 416968 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/416968 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=106 --- gnupg-make_--try-all-secrets_work.patch | 129 ++++++++++++++++++++++++ gpg2.changes | 15 +++ gpg2.spec | 6 +- 3 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 gnupg-make_--try-all-secrets_work.patch diff --git a/gnupg-make_--try-all-secrets_work.patch b/gnupg-make_--try-all-secrets_work.patch new file mode 100644 index 0000000..e1989d6 --- /dev/null +++ b/gnupg-make_--try-all-secrets_work.patch @@ -0,0 +1,129 @@ +From 82b90eee100cf1c9680517059b2d35e295dd992a Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 18 Aug 2015 16:57:44 +0900 +Subject: [PATCH] gpg: Make --try-all-secrets work for hidden recipients +Upstream: committed + +* g10/getkey.c (enum_secret_keys): Really enumerate all secret +keys if --try-all-secrets is specified. +-- + +GnuPG-bug-id: 1985 +Signed-off-by: Daiki Ueno + +- Add new arg CTRL to getkey_byname call. + +Signed-off-by: Werner Koch +--- + g10/getkey.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 50 insertions(+), 10 deletions(-) + +On openSUSE, this fixes the unit tests of the duplicity package. + +diff --git a/g10/getkey.c b/g10/getkey.c +index 90fd175..3fe8274 100644 +--- a/g10/getkey.c ++++ b/g10/getkey.c +@@ -3555,6 +3555,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + { + gpg_error_t err = 0; + const char *name; ++ kbnode_t keyblock; + struct + { + int eof; +@@ -3562,6 +3563,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + strlist_t sl; + kbnode_t keyblock; + kbnode_t node; ++ getkey_ctx_t ctx; + } *c = *context; + + if (!c) +@@ -3577,6 +3579,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + { + /* Free the context. */ + release_kbnode (c->keyblock); ++ getkey_end (c->ctx); + xfree (c); + *context = NULL; + return 0; +@@ -3594,6 +3597,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + do + { + name = NULL; ++ keyblock = NULL; + switch (c->state) + { + case 0: /* First try to use the --default-key. */ +@@ -3616,24 +3620,60 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + c->state++; + break; + ++ case 3: /* Init search context to try all keys. */ ++ if (opt.try_all_secrets) ++ { ++ err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock); ++ if (err) ++ { ++ release_kbnode (keyblock); ++ keyblock = NULL; ++ getkey_end (c->ctx); ++ c->ctx = NULL; ++ } ++ } ++ c->state++; ++ break; ++ ++ case 4: /* Get next item from the context. */ ++ if (c->ctx) ++ { ++ err = getkey_next (c->ctx, NULL, &keyblock); ++ if (err) ++ { ++ release_kbnode (keyblock); ++ keyblock = NULL; ++ getkey_end (c->ctx); ++ c->ctx = NULL; ++ } ++ } ++ else ++ c->state++; ++ break; ++ + default: /* No more names to check - stop. */ + c->eof = 1; + return gpg_error (GPG_ERR_EOF); + } + } +- while (!name || !*name); ++ while ((!name || !*name) && !keyblock); + +- err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); +- if (err) ++ if (keyblock) ++ c->node = c->keyblock = keyblock; ++ else + { +- /* getkey_byname might return a keyblock even in the +- error case - I have not checked. Thus better release +- it. */ +- release_kbnode (c->keyblock); +- c->keyblock = NULL; ++ err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); ++ if (err) ++ { ++ /* getkey_byname might return a keyblock even in the ++ error case - I have not checked. Thus better release ++ it. */ ++ release_kbnode (c->keyblock); ++ c->keyblock = NULL; ++ } ++ else ++ c->node = c->keyblock; + } +- else +- c->node = c->keyblock; + } + + /* Get the next key from the current keyblock. */ diff --git a/gpg2.changes b/gpg2.changes index 80ceebd..74f1f90 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Thu Aug 4 12:17:14 UTC 2016 - tchvatal@suse.com + +- Fix date call as the curlified parameter for sure are not parsed + correctly by escaping it with % + +------------------------------------------------------------------- +Wed Aug 3 11:56:58 UTC 2016 - astieger@suse.com + +- Fix upstream bug 1985: --try-all-secrets doesn't work when + decrypting messages encrypted with --hidden-recipient, fixes unit + tests of the duplicity package. + Adding gnupg-make_--try-all-secrets_work.patch +- record the fact that gpg-error 1.21 is required + ------------------------------------------------------------------- Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 7c2283a..29b9d7f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-make_--try-all-secrets_work.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -41,7 +42,7 @@ BuildRequires: libassuan-devel >= 2.4.1 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.6.1 -BuildRequires: libgpg-error-devel >= 1.16 +BuildRequires: libgpg-error-devel >= 1.21 BuildRequires: libksba-devel >= 1.2.0 BuildRequires: makeinfo BuildRequires: npth-devel >= 0.91 @@ -84,9 +85,10 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build -date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) +date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %configure \ --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \ From bfbf6949a893469d70ad59c8ee1edf534a821858613c7dc072e326ffdef02954 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 30 Aug 2016 22:00:37 +0000 Subject: [PATCH 098/156] Accepting request 420990 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/420990 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=107 --- ...-to-14479e2-fix-void-return-in-non-v.patch | 28 ++++ gnupg-2.0.18-files-are-digests.patch | 46 +++---- gnupg-2.1.13.tar.bz2 | 3 - gnupg-2.1.13.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.15.tar.bz2 | 3 + gnupg-2.1.15.tar.bz2.sig | Bin 0 -> 287 bytes gnupg-add_legacy_FIPS_mode_option.patch | 22 +-- gnupg-make_--try-all-secrets_work.patch | 129 ------------------ gpg2.changes | 71 ++++++++++ gpg2.spec | 14 +- 10 files changed, 143 insertions(+), 173 deletions(-) create mode 100644 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch delete mode 100644 gnupg-2.1.13.tar.bz2 delete mode 100644 gnupg-2.1.13.tar.bz2.sig create mode 100644 gnupg-2.1.15.tar.bz2 create mode 100644 gnupg-2.1.15.tar.bz2.sig delete mode 100644 gnupg-make_--try-all-secrets_work.patch diff --git a/0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch b/0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch new file mode 100644 index 0000000..bde6238 --- /dev/null +++ b/0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch @@ -0,0 +1,28 @@ +From ae52c486ef5e71445aa0adfdac30124abff7da46 Mon Sep 17 00:00:00 2001 +From: Andreas Stieger +Date: Fri, 19 Aug 2016 23:09:13 +0200 +Subject: [PATCH] common: Follow-up to 14479e2, fix void return in non-void + function + +* simple-pwquery.c (agent_open): return -1 in errout label as documented. + +Signed-off-by: Andreas Stieger +--- + common/simple-pwquery.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c +index 240451b..0c3233b 100644 +--- a/common/simple-pwquery.c ++++ b/common/simple-pwquery.c +@@ -285,6 +285,7 @@ agent_open (assuan_context_t *ctx) + errout: + assuan_release (*ctx); + *ctx = NULL; ++ return -1; + } + + +-- +2.6.6 + diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index e08ff98..1daf76c 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.13/g10/gpg.c +Index: gnupg-2.1.15/g10/gpg.c =================================================================== ---- gnupg-2.1.13.orig/g10/gpg.c -+++ gnupg-2.1.13/g10/gpg.c -@@ -358,6 +358,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.15.orig/g10/gpg.c ++++ gnupg-2.1.15/g10/gpg.c +@@ -368,6 +368,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.13/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -770,6 +771,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -791,6 +792,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,15 +24,15 @@ Index: gnupg-2.1.13/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2247,6 +2249,7 @@ main (int argc, char **argv) +@@ -2239,6 +2241,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; + opt.files_are_digests=0; - opt.emit_version = 1; /* Limit to the major number. */ + opt.emit_version = 0; opt.weak_digests = NULL; additional_weak_digest("MD5"); -@@ -2797,6 +2800,7 @@ main (int argc, char **argv) +@@ -2807,6 +2810,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.13/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.13/g10/options.h +Index: gnupg-2.1.15/g10/options.h =================================================================== ---- gnupg-2.1.13.orig/g10/options.h -+++ gnupg-2.1.13/g10/options.h -@@ -206,6 +206,7 @@ struct +--- gnupg-2.1.15.orig/g10/options.h ++++ gnupg-2.1.15/g10/options.h +@@ -212,6 +212,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ Index: gnupg-2.1.13/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.13/g10/sign.c +Index: gnupg-2.1.15/g10/sign.c =================================================================== ---- gnupg-2.1.13.orig/g10/sign.c -+++ gnupg-2.1.13/g10/sign.c +--- gnupg-2.1.15.orig/g10/sign.c ++++ gnupg-2.1.15/g10/sign.c @@ -42,6 +42,8 @@ #include "call-agent.h" #include "mbox-util.h" @@ -65,7 +65,7 @@ Index: gnupg-2.1.13/g10/sign.c #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" #else -@@ -694,8 +696,12 @@ write_signature_packets (SK_LIST sk_list +@@ -711,8 +713,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, pk); } @@ -78,7 +78,7 @@ Index: gnupg-2.1.13/g10/sign.c rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -753,6 +759,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -770,6 +776,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -87,7 +87,7 @@ Index: gnupg-2.1.13/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -769,7 +777,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -786,7 +794,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -105,7 +105,7 @@ Index: gnupg-2.1.13/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -790,7 +807,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -807,7 +824,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -114,7 +114,7 @@ Index: gnupg-2.1.13/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -928,7 +945,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -945,7 +962,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -123,7 +123,7 @@ Index: gnupg-2.1.13/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -983,6 +1000,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1000,6 +1017,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -132,7 +132,7 @@ Index: gnupg-2.1.13/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1023,6 +1042,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1040,6 +1059,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -178,7 +178,7 @@ Index: gnupg-2.1.13/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1040,8 +1098,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1058,8 +1116,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, diff --git a/gnupg-2.1.13.tar.bz2 b/gnupg-2.1.13.tar.bz2 deleted file mode 100644 index 6c6df08..0000000 --- a/gnupg-2.1.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4f9d83a6221daa60130fa79f0b1d37d6c20fffdd0320b640c7a597c5b6219675 -size 5545361 diff --git a/gnupg-2.1.13.tar.bz2.sig b/gnupg-2.1.13.tar.bz2.sig deleted file mode 100644 index 2507d3ae2166a5f92eb94ed17b7197b18164382c81d9a66463daa84b5d61cf29..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-%M#s&Zi2@oWkInqxh?9xTxQ0?Ld@`HF4T!;kK9ITfz!Z#QvWDnRz5M6p2ZdWJh$25s-x(GTs<0~& zTv!7k!ft!|xAt`=a~q8YIAs_W4dYWYViw);Kf@>ueKo*6)ne|#;58y7VSr#DdSG>r lYR^tx6`!MMK;7eD&BHVM&K^ diff --git a/gnupg-2.1.15.tar.bz2 b/gnupg-2.1.15.tar.bz2 new file mode 100644 index 0000000..0f825ab --- /dev/null +++ b/gnupg-2.1.15.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd +size 5723689 diff --git a/gnupg-2.1.15.tar.bz2.sig b/gnupg-2.1.15.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..fb3f0710c26b8f4a5f2a6a4214d22ed6ce1ebf3a89e6f3f1cf7ddfad8ea4d0cd GIT binary patch literal 287 zcmV+)0pR|L0UQJX0SEvF1p-&K(x?Cm2@oWkInqxhL82meTHoMG=aOU{g?(Kr9Y zMtw6CYZ%y2oO9$$4{b*~9B0-zA&0@^5(}9o(-0_3UCzn zu|+CM^p@Tj>l5sABnk%DESQilWGqn(#)k19dvKQQ`YrVn2v;|)Uqnn_LZ1eI_VnO_ zC#4X_9OzW3XvP6r!O+pxu#rU|IrD_RKGf)gNh6M#7dA2|bIN(vwE2s+E6dOJ&+xmZ zdg1pZg>EJKvO!fJltvbpb!NS5n?QQV@c8l$$J!iNHe|UL^u^(i{GN1%KlFmgj>OZJ lND6q}u3tk`3>YxxI1AfLT~Qu=}h+O~x literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 71d7ba4..08193b4 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.13/doc/gpg.texi +Index: gnupg-2.1.15/doc/gpg.texi =================================================================== ---- gnupg-2.1.13.orig/doc/gpg.texi -+++ gnupg-2.1.13/doc/gpg.texi -@@ -1996,6 +1996,24 @@ implies, this option is for experts only +--- gnupg-2.1.15.orig/doc/gpg.texi ++++ gnupg-2.1.15/doc/gpg.texi +@@ -1992,6 +1992,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.13/doc/gpg.texi @end table -Index: gnupg-2.1.13/g10/gpg.c +Index: gnupg-2.1.15/g10/gpg.c =================================================================== ---- gnupg-2.1.13.orig/g10/gpg.c -+++ gnupg-2.1.13/g10/gpg.c -@@ -398,6 +398,7 @@ enum cmd_and_opt_values - oUnwrap, +--- gnupg-2.1.15.orig/g10/gpg.c ++++ gnupg-2.1.15/g10/gpg.c +@@ -409,6 +409,7 @@ enum cmd_and_opt_values oOnlySignTextIDs, oDisableSignerUID, + oSender, + oSetLegacyFips, oNoop }; -@@ -809,6 +810,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -830,6 +831,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.13/g10/gpg.c /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3330,6 +3332,13 @@ main (int argc, char **argv) +@@ -3373,6 +3375,13 @@ main (int argc, char **argv) case oNoAutostart: opt.autostart = 0; break; diff --git a/gnupg-make_--try-all-secrets_work.patch b/gnupg-make_--try-all-secrets_work.patch deleted file mode 100644 index e1989d6..0000000 --- a/gnupg-make_--try-all-secrets_work.patch +++ /dev/null @@ -1,129 +0,0 @@ -From 82b90eee100cf1c9680517059b2d35e295dd992a Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Tue, 18 Aug 2015 16:57:44 +0900 -Subject: [PATCH] gpg: Make --try-all-secrets work for hidden recipients -Upstream: committed - -* g10/getkey.c (enum_secret_keys): Really enumerate all secret -keys if --try-all-secrets is specified. --- - -GnuPG-bug-id: 1985 -Signed-off-by: Daiki Ueno - -- Add new arg CTRL to getkey_byname call. - -Signed-off-by: Werner Koch ---- - g10/getkey.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 50 insertions(+), 10 deletions(-) - -On openSUSE, this fixes the unit tests of the duplicity package. - -diff --git a/g10/getkey.c b/g10/getkey.c -index 90fd175..3fe8274 100644 ---- a/g10/getkey.c -+++ b/g10/getkey.c -@@ -3555,6 +3555,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) - { - gpg_error_t err = 0; - const char *name; -+ kbnode_t keyblock; - struct - { - int eof; -@@ -3562,6 +3563,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) - strlist_t sl; - kbnode_t keyblock; - kbnode_t node; -+ getkey_ctx_t ctx; - } *c = *context; - - if (!c) -@@ -3577,6 +3579,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) - { - /* Free the context. */ - release_kbnode (c->keyblock); -+ getkey_end (c->ctx); - xfree (c); - *context = NULL; - return 0; -@@ -3594,6 +3597,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) - do - { - name = NULL; -+ keyblock = NULL; - switch (c->state) - { - case 0: /* First try to use the --default-key. */ -@@ -3616,24 +3620,60 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) - c->state++; - break; - -+ case 3: /* Init search context to try all keys. */ -+ if (opt.try_all_secrets) -+ { -+ err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock); -+ if (err) -+ { -+ release_kbnode (keyblock); -+ keyblock = NULL; -+ getkey_end (c->ctx); -+ c->ctx = NULL; -+ } -+ } -+ c->state++; -+ break; -+ -+ case 4: /* Get next item from the context. */ -+ if (c->ctx) -+ { -+ err = getkey_next (c->ctx, NULL, &keyblock); -+ if (err) -+ { -+ release_kbnode (keyblock); -+ keyblock = NULL; -+ getkey_end (c->ctx); -+ c->ctx = NULL; -+ } -+ } -+ else -+ c->state++; -+ break; -+ - default: /* No more names to check - stop. */ - c->eof = 1; - return gpg_error (GPG_ERR_EOF); - } - } -- while (!name || !*name); -+ while ((!name || !*name) && !keyblock); - -- err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); -- if (err) -+ if (keyblock) -+ c->node = c->keyblock = keyblock; -+ else - { -- /* getkey_byname might return a keyblock even in the -- error case - I have not checked. Thus better release -- it. */ -- release_kbnode (c->keyblock); -- c->keyblock = NULL; -+ err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); -+ if (err) -+ { -+ /* getkey_byname might return a keyblock even in the -+ error case - I have not checked. Thus better release -+ it. */ -+ release_kbnode (c->keyblock); -+ c->keyblock = NULL; -+ } -+ else -+ c->node = c->keyblock; - } -- else -- c->node = c->keyblock; - } - - /* Get the next key from the current keyblock. */ diff --git a/gpg2.changes b/gpg2.changes index 74f1f90..c6600b5 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,74 @@ +------------------------------------------------------------------- +Fri Aug 19 21:22:22 UTC 2016 - astieger@suse.com + +- GnuPG 2.1.15: + * gpg: Remove the --tofu-db-format option and support for the + split TOFU database. + * gpg: Add option --sender to prepare for coming features. + * gpg: Add option --input-size-hint to help progress indicators. + * gpg: Extend the PROGRESS status line with the counted unit. + * gpg: Avoid publishing the GnuPG version by default with --armor. + * gpg: Properly ignore legacy keys in the keyring cache. + * gpg: Always print fingerprint records in --with-colons mode. + * gpg: Make sure that keygrips are printed for each subkey in + --with-colons mode. + * gpg: New import filter "drop-sig". + * gpgsm: Fix a bug in the machine-readable key listing. + * gpg,gpgsm: Block signals during keyring updates to limits the + effects of a Ctrl-C at the wrong time. + * g13: Add command --umount and other fixes for dm-crypt. + * agent: Fix regression in SIGTERM handling. + * agent: Cleanup of the ssh-agent code. + * agent: Allow import of overly long keys. + * scd: Fix problems with card removal. + * dirmngr: Remove all code for running as a system service. + * tools: Make gpg-wks-client conforming to the specs. + * tests: Improve the output of the new regression test tool. + * tests: Distribute the standalone test runner. + * tests: Run each test in a clean environment. + * Spelling and grammar fixes. +- fix build error, adding + 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch + +------------------------------------------------------------------- +Sun Aug 14 14:12:40 UTC 2016 - astieger@suse.com + +- GnuPG 2.1.14: + * gpg: Removed options --print-dane-records and --print-pka-records. + The new export options "export-pka" and "export-dane" can instead + be used with the export command. + * gpg: New options --import-filter and --export-filter. + * gpg: New import options "import-show" and "import-export". + * gpg: New option --no-keyring. + * gpg: New command --quick-revuid. + * gpg: New options -f/--recipient-file and -F/--hidden-recipient-file + to directly specify encryption keys. + * gpg: New option --mimemode to indicate that the content is a MIME + part. Does only enable --textmode right now. + * gpg: New option --rfc4880bis to allow experiments with proposed + changes to the current OpenPGP specs. + * gpg: Fix regression in the "fetch" sub-command of --card-edit. + * gpg: Fix regression since 2.1 in option --try-all-secrets. + * gpgv: Change default options for extra security. + * gpgsm: No more root certificates are installed by default. + * agent: "updatestartuptty" does now affect more environment + variables. + * scd: The option --homedir does now work with scdaemon. + * scd: Support some more GEMPlus card readers. + * gpgtar: Fix handling of '-' as file name. + * gpgtar: New commands --create and --extract. + * gpgconf: Tweak for --list-dirs to better support shell scripts. + * tools: Add programs gpg-wks-client and gpg-wks-server to implement + a Web Key Service. The configure option --enable-wks-tools is + required to build them; they should be considered Beta software. + * tests: Complete rework of the openpgp part of the test suite. The + test scripts have been changed from Bourne shell scripts to Scheme + programs. A customized scheme interpreter (gpgscm) is included. + This change was triggered by the need to run the test suite on + non-Unix platforms. + * The rendering of the man pages has been improved. +- drop upstream gnupg-make_--try-all-secrets_work.patch + ------------------------------------------------------------------- Thu Aug 4 12:17:14 UTC 2016 - tchvatal@suse.com diff --git a/gpg2.spec b/gpg2.spec index 29b9d7f..6c49b73 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.13 +Version: 2.1.15 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -34,18 +34,18 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-make_--try-all-secrets_work.patch +Patch12: 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel -BuildRequires: libassuan-devel >= 2.4.1 +BuildRequires: libassuan-devel >= 2.4.3 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # raising gcrypt requirement from 1.4.0 -BuildRequires: libgcrypt-devel >= 1.6.1 -BuildRequires: libgpg-error-devel >= 1.21 -BuildRequires: libksba-devel >= 1.2.0 +BuildRequires: libgcrypt-devel >= 1.7.0 +BuildRequires: libgpg-error-devel >= 1.24 +BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo -BuildRequires: npth-devel >= 0.91 +BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: readline-devel From a85e7f0481bb756ac23787af16ec522f312e3f6ba5bebeb936074d83d04006ab Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 17 Sep 2016 12:32:21 +0000 Subject: [PATCH 099/156] Accepting request 427261 from Base:System - avoid mixing up status and colon line output - bsc#993324 - enable web key discovery tools - Add an explicit runtime dependency on libgcrypt >= 1.7.0 to match runtime version check OBS-URL: https://build.opensuse.org/request/show/427261 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=108 --- gnupg-2.1.15-bsc993324-status-output.patch | 190 +++++++++++++++++++++ gpg2.changes | 17 ++ gpg2.spec | 9 +- 3 files changed, 213 insertions(+), 3 deletions(-) create mode 100644 gnupg-2.1.15-bsc993324-status-output.patch diff --git a/gnupg-2.1.15-bsc993324-status-output.patch b/gnupg-2.1.15-bsc993324-status-output.patch new file mode 100644 index 0000000..461d7b6 --- /dev/null +++ b/gnupg-2.1.15-bsc993324-status-output.patch @@ -0,0 +1,190 @@ +From 31fc420727f45dd081f8ad5d056da6675dad29f2 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 12 Sep 2016 17:42:50 +0200 +Subject: [PATCH] gpg: Avoid mixing up status and colon line output. + +* g10/keylist.c (list_keyblock_colon): Avoid calling functions which +trigger a status line output before having printed a LF. +-- + +Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the +colons output, like here: + + pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...] + +Reported-by: Andreas Stieger +Signed-off-by: Werner Koch + +--- + +This version of the patch backported onto the 2.1.15 tag -- astieger@suse.com + +--- + g10/keylist.c | 83 +++++++++++++++++++++++++++++++++-------------------------- + 1 file changed, 47 insertions(+), 36 deletions(-) + +Index: gnupg-2.1.15/g10/keylist.c +=================================================================== +--- gnupg-2.1.15.orig/g10/keylist.c 2016-09-13 15:40:30.178482877 +0200 ++++ gnupg-2.1.15/g10/keylist.c 2016-09-13 15:45:53.605670795 +0200 +@@ -1183,9 +1183,10 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + PKT_public_key *pk; + u32 keyid[2]; + int trustletter = 0; ++ int trustletter_print; ++ int ownertrust_print; + int ulti_hack = 0; + int i; +- char *p; + char *hexgrip_buffer = NULL; + const char *hexgrip = NULL; + char *serialno = NULL; +@@ -1217,31 +1218,38 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + stubkey = 1; /* Key not found. */ + + keyid_from_pk (pk, keyid); +- es_fputs (secret? "sec:":"pub:", es_stdout); + if (!pk->flags.valid) +- es_putc ('i', es_stdout); ++ trustletter_print = 'i'; + else if (pk->flags.revoked) +- es_putc ('r', es_stdout); ++ trustletter_print = 'r'; + else if (pk->has_expired) +- es_putc ('e', es_stdout); ++ trustletter_print = 'e'; + else if (opt.fast_list_mode || opt.no_expensive_trust_checks) +- ; ++ trustletter_print = 0; + else + { + trustletter = get_validity_info (ctrl, pk, NULL); + if (trustletter == 'u') + ulti_hack = 1; +- es_putc (trustletter, es_stdout); ++ trustletter_print = trustletter; + } + ++ if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) ++ ownertrust_print = get_ownertrust_info (pk); ++ else ++ ownertrust_print = 0; ++ ++ es_fputs (secret? "sec:":"pub:", es_stdout); ++ if (trustletter_print) ++ es_putc (trustletter_print, es_stdout); + es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::", + nbits_from_pk (pk), + pk->pubkey_algo, + (ulong) keyid[0], (ulong) keyid[1], + colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); + +- if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) +- es_putc (get_ownertrust_info (pk), es_stdout); ++ if (ownertrust_print) ++ es_putc (ownertrust_print, es_stdout); + es_putc (':', es_stdout); + + es_putc (':', es_stdout); +@@ -1286,31 +1294,27 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + { + if (node->pkt->pkttype == PKT_USER_ID) + { +- char *str; + PKT_user_id *uid = node->pkt->pkt.user_id; ++ int uid_validity; + + if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) + dump_attribs (node->pkt->pkt.user_id, pk); +- /* +- * Fixme: We need a valid flag here too +- */ +- str = uid->attrib_data ? "uat" : "uid"; ++ + if (uid->is_revoked) +- es_fprintf (es_stdout, "%s:r::::", str); ++ uid_validity = 'r'; + else if (uid->is_expired) +- es_fprintf (es_stdout, "%s:e::::", str); ++ uid_validity = 'e'; + else if (opt.no_expensive_trust_checks) +- es_fprintf (es_stdout, "%s:::::", str); +- else +- { +- int uid_validity; +- +- if (!ulti_hack) +- uid_validity = get_validity_info (ctrl, pk, uid); +- else +- uid_validity = 'u'; +- es_fprintf (es_stdout, "%s:%c::::", str, uid_validity); +- } ++ uid_validity = 0; ++ else if (ulti_hack) ++ uid_validity = 'u'; ++ else ++ uid_validity = get_validity_info (ctrl, pk, uid); ++ ++ es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout); ++ if (uid_validity) ++ es_putc (uid_validity, es_stdout); ++ es_fputs ("::::", es_stdout); + + es_fprintf (es_stdout, "%s:", colon_strtime (uid->created)); + es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate)); +@@ -1425,6 +1429,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + char *sigstr; + size_t fplen; + byte fparray[MAX_FINGERPRINT_LEN]; ++ char *siguid; ++ size_t siguidlen; + + if (sig->sig_class == 0x20 || sig->sig_class == 0x28 + || sig->sig_class == 0x30) +@@ -1484,6 +1490,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + rc = 0; + sigrc = ' '; + } ++ ++ if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode) ++ siguid = get_user_id (sig->keyid, &siguidlen); ++ else ++ { ++ siguid = NULL; ++ siguidlen = 0; ++ } ++ ++ + es_fputs (sigstr, es_stdout); + es_putc (':', es_stdout); + if (sigrc != ' ') +@@ -1504,17 +1520,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + + if (sigrc == '%') + es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); +- else if (sigrc == '?') +- ; +- else if (!opt.fast_list_mode) +- { +- size_t n; +- p = get_user_id (sig->keyid, &n); +- es_write_sanitized (es_stdout, p, n, ":", NULL); +- xfree (p); +- } ++ else if (siguid) ++ es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL); ++ + es_fprintf (es_stdout, ":%02x%c::", sig->sig_class, +- sig->flags.exportable ? 'x' : 'l'); ++ sig->flags.exportable ? 'x' : 'l'); + + if (opt.no_sig_cache && opt.check_sigs && fprokay) + { +@@ -1528,6 +1538,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + print_subpackets_colon (sig); + + /* fixme: check or list other sigs here */ ++ xfree (siguid); + } + } + diff --git a/gpg2.changes b/gpg2.changes index c6600b5..6ebe73d 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Sep 13 13:50:52 UTC 2016 - astieger@suse.com + +- avoid mixing up status and colon line output - bsc#993324 + add gnupg-2.1.15-bsc993324-status-output.patch + +------------------------------------------------------------------- +Thu Sep 1 08:23:28 UTC 2016 - astieger@suse.com + +- enable web key discovery tools + +------------------------------------------------------------------- +Wed Aug 31 13:06:28 UTC 2016 - astieger@suse.com + +- Add an explicit runtime dependency on libgcrypt >= 1.7.0 to + match runtime version check + ------------------------------------------------------------------- Fri Aug 19 21:22:22 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 6c49b73..fc234ca 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -35,12 +35,11 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch +Patch13: gnupg-2.1.15-bsc993324-status-output.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.4.3 -# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG -# raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.7.0 BuildRequires: libgpg-error-devel >= 1.24 BuildRequires: libksba-devel >= 1.3.4 @@ -56,7 +55,9 @@ BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) # Add an explicit runtime dependency to match boo#955982 -Requires: libassuan0 >= 2.4.1 +Requires: libassuan0 >= 2.4.3 +# Explicit runtime depencency - runtime version check +Requires: libgcrypt20 >= 1.7.0 Requires: pinentry # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{install_info_prereq} @@ -86,6 +87,7 @@ gpg-agent, and a keybox library. %patch9 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) @@ -102,6 +104,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ + --enable-wks-tools \ --with-gnu-ld \ --enable-build-timestamp=$date From 6d2701f439a801e1f81a0dbc2246a6defc97a997604cd92d2cdcd8d45370e640 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 22 Nov 2016 17:57:36 +0000 Subject: [PATCH 100/156] Accepting request 441009 from Base:System GnuPG 2.1.16 (forwarded request 441007 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/441009 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=109 --- ...-to-14479e2-fix-void-return-in-non-v.patch | 28 --- gnupg-2.1.15-bsc993324-status-output.patch | 190 ------------------ gnupg-2.1.15.tar.bz2 | 3 - gnupg-2.1.15.tar.bz2.sig | Bin 287 -> 0 bytes gnupg-2.1.16.tar.bz2 | 3 + gnupg-2.1.16.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 47 +++++ gpg2.spec | 6 +- 8 files changed, 51 insertions(+), 226 deletions(-) delete mode 100644 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch delete mode 100644 gnupg-2.1.15-bsc993324-status-output.patch delete mode 100644 gnupg-2.1.15.tar.bz2 delete mode 100644 gnupg-2.1.15.tar.bz2.sig create mode 100644 gnupg-2.1.16.tar.bz2 create mode 100644 gnupg-2.1.16.tar.bz2.sig diff --git a/0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch b/0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch deleted file mode 100644 index bde6238..0000000 --- a/0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ae52c486ef5e71445aa0adfdac30124abff7da46 Mon Sep 17 00:00:00 2001 -From: Andreas Stieger -Date: Fri, 19 Aug 2016 23:09:13 +0200 -Subject: [PATCH] common: Follow-up to 14479e2, fix void return in non-void - function - -* simple-pwquery.c (agent_open): return -1 in errout label as documented. - -Signed-off-by: Andreas Stieger ---- - common/simple-pwquery.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c -index 240451b..0c3233b 100644 ---- a/common/simple-pwquery.c -+++ b/common/simple-pwquery.c -@@ -285,6 +285,7 @@ agent_open (assuan_context_t *ctx) - errout: - assuan_release (*ctx); - *ctx = NULL; -+ return -1; - } - - --- -2.6.6 - diff --git a/gnupg-2.1.15-bsc993324-status-output.patch b/gnupg-2.1.15-bsc993324-status-output.patch deleted file mode 100644 index 461d7b6..0000000 --- a/gnupg-2.1.15-bsc993324-status-output.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 31fc420727f45dd081f8ad5d056da6675dad29f2 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Mon, 12 Sep 2016 17:42:50 +0200 -Subject: [PATCH] gpg: Avoid mixing up status and colon line output. - -* g10/keylist.c (list_keyblock_colon): Avoid calling functions which -trigger a status line output before having printed a LF. --- - -Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the -colons output, like here: - - pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...] - -Reported-by: Andreas Stieger -Signed-off-by: Werner Koch - ---- - -This version of the patch backported onto the 2.1.15 tag -- astieger@suse.com - ---- - g10/keylist.c | 83 +++++++++++++++++++++++++++++++++-------------------------- - 1 file changed, 47 insertions(+), 36 deletions(-) - -Index: gnupg-2.1.15/g10/keylist.c -=================================================================== ---- gnupg-2.1.15.orig/g10/keylist.c 2016-09-13 15:40:30.178482877 +0200 -+++ gnupg-2.1.15/g10/keylist.c 2016-09-13 15:45:53.605670795 +0200 -@@ -1183,9 +1183,10 @@ list_keyblock_colon (ctrl_t ctrl, kbnode - PKT_public_key *pk; - u32 keyid[2]; - int trustletter = 0; -+ int trustletter_print; -+ int ownertrust_print; - int ulti_hack = 0; - int i; -- char *p; - char *hexgrip_buffer = NULL; - const char *hexgrip = NULL; - char *serialno = NULL; -@@ -1217,31 +1218,38 @@ list_keyblock_colon (ctrl_t ctrl, kbnode - stubkey = 1; /* Key not found. */ - - keyid_from_pk (pk, keyid); -- es_fputs (secret? "sec:":"pub:", es_stdout); - if (!pk->flags.valid) -- es_putc ('i', es_stdout); -+ trustletter_print = 'i'; - else if (pk->flags.revoked) -- es_putc ('r', es_stdout); -+ trustletter_print = 'r'; - else if (pk->has_expired) -- es_putc ('e', es_stdout); -+ trustletter_print = 'e'; - else if (opt.fast_list_mode || opt.no_expensive_trust_checks) -- ; -+ trustletter_print = 0; - else - { - trustletter = get_validity_info (ctrl, pk, NULL); - if (trustletter == 'u') - ulti_hack = 1; -- es_putc (trustletter, es_stdout); -+ trustletter_print = trustletter; - } - -+ if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) -+ ownertrust_print = get_ownertrust_info (pk); -+ else -+ ownertrust_print = 0; -+ -+ es_fputs (secret? "sec:":"pub:", es_stdout); -+ if (trustletter_print) -+ es_putc (trustletter_print, es_stdout); - es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::", - nbits_from_pk (pk), - pk->pubkey_algo, - (ulong) keyid[0], (ulong) keyid[1], - colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); - -- if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) -- es_putc (get_ownertrust_info (pk), es_stdout); -+ if (ownertrust_print) -+ es_putc (ownertrust_print, es_stdout); - es_putc (':', es_stdout); - - es_putc (':', es_stdout); -@@ -1286,31 +1294,27 @@ list_keyblock_colon (ctrl_t ctrl, kbnode - { - if (node->pkt->pkttype == PKT_USER_ID) - { -- char *str; - PKT_user_id *uid = node->pkt->pkt.user_id; -+ int uid_validity; - - if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) - dump_attribs (node->pkt->pkt.user_id, pk); -- /* -- * Fixme: We need a valid flag here too -- */ -- str = uid->attrib_data ? "uat" : "uid"; -+ - if (uid->is_revoked) -- es_fprintf (es_stdout, "%s:r::::", str); -+ uid_validity = 'r'; - else if (uid->is_expired) -- es_fprintf (es_stdout, "%s:e::::", str); -+ uid_validity = 'e'; - else if (opt.no_expensive_trust_checks) -- es_fprintf (es_stdout, "%s:::::", str); -- else -- { -- int uid_validity; -- -- if (!ulti_hack) -- uid_validity = get_validity_info (ctrl, pk, uid); -- else -- uid_validity = 'u'; -- es_fprintf (es_stdout, "%s:%c::::", str, uid_validity); -- } -+ uid_validity = 0; -+ else if (ulti_hack) -+ uid_validity = 'u'; -+ else -+ uid_validity = get_validity_info (ctrl, pk, uid); -+ -+ es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout); -+ if (uid_validity) -+ es_putc (uid_validity, es_stdout); -+ es_fputs ("::::", es_stdout); - - es_fprintf (es_stdout, "%s:", colon_strtime (uid->created)); - es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate)); -@@ -1425,6 +1429,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode - char *sigstr; - size_t fplen; - byte fparray[MAX_FINGERPRINT_LEN]; -+ char *siguid; -+ size_t siguidlen; - - if (sig->sig_class == 0x20 || sig->sig_class == 0x28 - || sig->sig_class == 0x30) -@@ -1484,6 +1490,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode - rc = 0; - sigrc = ' '; - } -+ -+ if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode) -+ siguid = get_user_id (sig->keyid, &siguidlen); -+ else -+ { -+ siguid = NULL; -+ siguidlen = 0; -+ } -+ -+ - es_fputs (sigstr, es_stdout); - es_putc (':', es_stdout); - if (sigrc != ' ') -@@ -1504,17 +1520,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode - - if (sigrc == '%') - es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); -- else if (sigrc == '?') -- ; -- else if (!opt.fast_list_mode) -- { -- size_t n; -- p = get_user_id (sig->keyid, &n); -- es_write_sanitized (es_stdout, p, n, ":", NULL); -- xfree (p); -- } -+ else if (siguid) -+ es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL); -+ - es_fprintf (es_stdout, ":%02x%c::", sig->sig_class, -- sig->flags.exportable ? 'x' : 'l'); -+ sig->flags.exportable ? 'x' : 'l'); - - if (opt.no_sig_cache && opt.check_sigs && fprokay) - { -@@ -1528,6 +1538,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode - print_subpackets_colon (sig); - - /* fixme: check or list other sigs here */ -+ xfree (siguid); - } - } - diff --git a/gnupg-2.1.15.tar.bz2 b/gnupg-2.1.15.tar.bz2 deleted file mode 100644 index 0f825ab..0000000 --- a/gnupg-2.1.15.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd -size 5723689 diff --git a/gnupg-2.1.15.tar.bz2.sig b/gnupg-2.1.15.tar.bz2.sig deleted file mode 100644 index fb3f0710c26b8f4a5f2a6a4214d22ed6ce1ebf3a89e6f3f1cf7ddfad8ea4d0cd..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 287 zcmV+)0pR|L0UQJX0SEvF1p-&K(x?Cm2@oWkInqxhL82meTHoMG=aOU{g?(Kr9Y zMtw6CYZ%y2oO9$$4{b*~9B0-zA&0@^5(}9o(-0_3UCzn zu|+CM^p@Tj>l5sABnk%DESQilWGqn(#)k19dvKQQ`YrVn2v;|)Uqnn_LZ1eI_VnO_ zC#4X_9OzW3XvP6r!O+pxu#rU|IrD_RKGf)gNh6M#7dA2|bIN(vwE2s+E6dOJ&+xmZ zdg1pZg>EJKvO!fJltvbpb!NS5n?QQV@c8l$$J!iNHe|UL^u^(i{GN1%KlFmgj>OZJ lND6q}u3tk`3>YxxI1AfLT~Qu=}h+O~x diff --git a/gnupg-2.1.16.tar.bz2 b/gnupg-2.1.16.tar.bz2 new file mode 100644 index 0000000..798b1c2 --- /dev/null +++ b/gnupg-2.1.16.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:49b9a6a6787ad00d4d2d69d8c7ee8905923782583f06078a064a0c80531d8844 +size 5840687 diff --git a/gnupg-2.1.16.tar.bz2.sig b/gnupg-2.1.16.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..d4a02a2ce6be02d59c38789566876703df87d07afead4f3c6d60e4cace9b2b92 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$4944gd-X5G0#9 z(oZGhwtfW%{w))1_Af6Xm8_3OZJJ07e>&z(X5q(`K_U-rjoIutjEd~gUMuaLNSi0N znS=XZqa7iNE{rEKwKkrU^$LV%vQu~* zF6`vD&((G}N_+sJruJv9xe~93P+8|m7Rn*xV-VgbxJen{*V@E}13mySS}5k) Date: Thu, 29 Dec 2016 21:41:42 +0000 Subject: [PATCH 101/156] Accepting request 447204 from Base:System GnuPG 2.1.17 (forwarded request 447203 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/447204 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=110 --- gnupg-2.1.16.tar.bz2 | 3 --- gnupg-2.1.16.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.1.17.tar.bz2 | 3 +++ gnupg-2.1.17.tar.bz2.sig | Bin 0 -> 310 bytes gnupg-add_legacy_FIPS_mode_option.patch | 26 ++++++++++++------------ gpg2.changes | 23 +++++++++++++++++++++ gpg2.spec | 9 ++++---- 7 files changed, 43 insertions(+), 21 deletions(-) delete mode 100644 gnupg-2.1.16.tar.bz2 delete mode 100644 gnupg-2.1.16.tar.bz2.sig create mode 100644 gnupg-2.1.17.tar.bz2 create mode 100644 gnupg-2.1.17.tar.bz2.sig diff --git a/gnupg-2.1.16.tar.bz2 b/gnupg-2.1.16.tar.bz2 deleted file mode 100644 index 798b1c2..0000000 --- a/gnupg-2.1.16.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:49b9a6a6787ad00d4d2d69d8c7ee8905923782583f06078a064a0c80531d8844 -size 5840687 diff --git a/gnupg-2.1.16.tar.bz2.sig b/gnupg-2.1.16.tar.bz2.sig deleted file mode 100644 index d4a02a2ce6be02d59c38789566876703df87d07afead4f3c6d60e4cace9b2b92..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$4944gd-X5G0#9 z(oZGhwtfW%{w))1_Af6Xm8_3OZJJ07e>&z(X5q(`K_U-rjoIutjEd~gUMuaLNSi0N znS=XZqa7iNE{rEKwKkrU^$LV%vQu~* zF6`vD&((G}N_+sJruJv9xe~93P+8|m7Rn*xV-VgbxJen{*V@E}13mySS}5k)o@?CF8aQ0$5o&RsaeK5G0#9 z(oZGhw%GRv{ydRqy|K*8{Xy<6&+0q1vLs#Y&a>u=fm9KIfPxcz^q1ii%qSG_$xG?IjyZVCEd z_nY&dIWBsykDv#zGgH$3<&8s!fEs0k-vhB<2F^kEVXt$A_%t5|?XDhT=V%t{=}QJV zioT#9i~U7T;*n$eI=bKXipRc%5*Way@@T$y+24)j!Oe7W#0>U-Mkbn-Ll(CLdkQLC zxR80uRk36{vv619^65P#l3|quFC6!Y$)j|52(|eUd!1eMIv*=r1E00XYzAcG#Q0}M IFdXSr9K&vutN;K2 literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 08193b4..31833ba 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.15/doc/gpg.texi +Index: gnupg-2.1.17/doc/gpg.texi =================================================================== ---- gnupg-2.1.15.orig/doc/gpg.texi -+++ gnupg-2.1.15/doc/gpg.texi -@@ -1992,6 +1992,24 @@ implies, this option is for experts only +--- gnupg-2.1.17.orig/doc/gpg.texi ++++ gnupg-2.1.17/doc/gpg.texi +@@ -2034,6 +2034,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,11 +32,11 @@ Index: gnupg-2.1.15/doc/gpg.texi @end table -Index: gnupg-2.1.15/g10/gpg.c +Index: gnupg-2.1.17/g10/gpg.c =================================================================== ---- gnupg-2.1.15.orig/g10/gpg.c -+++ gnupg-2.1.15/g10/gpg.c -@@ -409,6 +409,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.17.orig/g10/gpg.c ++++ gnupg-2.1.17/g10/gpg.c +@@ -415,6 +415,7 @@ enum cmd_and_opt_values oOnlySignTextIDs, oDisableSignerUID, oSender, @@ -44,17 +44,17 @@ Index: gnupg-2.1.15/g10/gpg.c oNoop }; -@@ -830,6 +831,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -857,6 +858,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), - /* These two are aliases to help users of the PGP command line - product use gpg with minimal pain. Many commands are common -@@ -3373,6 +3375,13 @@ main (int argc, char **argv) + ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), - case oNoAutostart: opt.autostart = 0; break; +@@ -3510,6 +3512,13 @@ main (int argc, char **argv) + opt.def_new_key_algo = pargs.r.ret_str; + break; + case oSetLegacyFips: + if(gcry_fips_mode_active()) diff --git a/gpg2.changes b/gpg2.changes index 3f672be..4e43dd6 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Tue Dec 20 18:58:55 UTC 2016 - astieger@suse.com + +- GnuPG 2.1.17: + * gpg: By default new keys expire after 2 years. + * gpg: New command --quick-set-expire to conveniently change the + expiration date of keys. + * gpg: Option and command names have been changed for easier + comprehension. The old names are still available as aliases. + * gpg: Improved the TOFU trust model. + * gpg: New option --default-new-key-algo. + * scd: Support OpenPGP card V3 for RSA. + * dirmngr: Support for the ADNS library has been removed. Now using + bundled libdns, enabling Tor support on all platforms. + New option --standard-resolver can be used to disable this code + at runtime. + * dirmngr: Lazily launch ldap reaper thread. + * tools: New options --check and --status-fd for gpg-wks-client. + * The UTF-8 byte order mark is now skipped when reading conf files. + * Fixed many bugs and regressions. + * Major improvements to the test suite. For example it is possible + to run the external test suite of GPGME. + ------------------------------------------------------------------- Sat Nov 19 22:07:13 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 6f39bb8..34c35dc 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.16 +Version: 2.1.17 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -36,7 +36,6 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch BuildRequires: expect BuildRequires: fdupes -BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.4.3 BuildRequires: libgcrypt-devel >= 1.7.0 BuildRequires: libgpg-error-devel >= 1.24 @@ -44,7 +43,7 @@ BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel -BuildRequires: pkg-config +BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 @@ -107,7 +106,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) make %{?_smp_mflags} %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ # bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg @@ -152,7 +151,7 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %files %defattr(-,root,root) %{_infodir}/gnupg* -%{_mandir}/*/*.gz +%{_mandir}/*/*%{ext_man} %doc %{_docdir}/%{name} %{_bindir}/* %{_libdir}/[^d]* From 91f2b8f045214bb0193c885b70ce68934429573b8620f123a65d89edb0e0ef32 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 10 Jan 2017 09:36:57 +0000 Subject: [PATCH 102/156] Accepting request 449308 from Base:System - Remove the fixme, condition around fdupes - add runtime dependency to match runtime version check for libksba OBS-URL: https://build.opensuse.org/request/show/449308 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=111 --- gpg2.changes | 10 ++++++++++ gpg2.spec | 17 ++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 4e43dd6..c836816 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jan 9 09:18:48 UTC 2017 - tchvatal@suse.com + +- Remove the fixme, condition around fdupes + +------------------------------------------------------------------- +Sun Dec 25 15:12:44 UTC 2016 - astieger@suse.com + +- add runtime dependency to match runtime version check for libksba + ------------------------------------------------------------------- Tue Dec 20 18:58:55 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 34c35dc..e480277 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -55,9 +55,9 @@ BuildRequires: pkgconfig(zlib) Requires: libassuan0 >= 2.4.3 # Explicit runtime depencency - runtime version check Requires: libgcrypt20 >= 1.7.0 +Requires: libksba >= 1.3.4 Requires: pinentry -# FIXME: use proper Requires(pre/post/preun/...) -PreReq: %{install_info_prereq} +Requires(post): %{install_info_prereq} Recommends: %{name}-lang = %{version} Obsoletes: dirmngr < 2.1.0 Provides: dirmngr = %{version} @@ -130,14 +130,13 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} # install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} %find_lang gnupg2 -%if 0%{?suse_version} > 1020 -%fdupes %{buildroot} -%endif +%fdupes -s %{buildroot} %check -# %if ! 0%{?qemu_user_space_build} -# make %{?_smp_mflags} check -# %endif +# Run only localy, fails in OBS +#%if ! 0%{?qemu_user_space_build} +#make %{?_smp_mflags} check +#%endif %post %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz From 50535566eb392729762d3e19d6c3b00521aa48e728ba4359f142f98256a050c4 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 1 Feb 2017 08:48:26 +0000 Subject: [PATCH 103/156] Accepting request 452272 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/452272 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=112 --- gnupg-2.1.17.tar.bz2 | 3 --- gnupg-2.1.17.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.1.18.tar.bz2 | 3 +++ gnupg-2.1.18.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 42 +++++++++++++++++++++++++++++++++++++++ gpg2.spec | 2 +- 6 files changed, 46 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.1.17.tar.bz2 delete mode 100644 gnupg-2.1.17.tar.bz2.sig create mode 100644 gnupg-2.1.18.tar.bz2 create mode 100644 gnupg-2.1.18.tar.bz2.sig diff --git a/gnupg-2.1.17.tar.bz2 b/gnupg-2.1.17.tar.bz2 deleted file mode 100644 index 69dafdb..0000000 --- a/gnupg-2.1.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c5dc54db432209fa8f9bdb071c8fb60a765ff28e363150e30bdd4543160243cb -size 5970042 diff --git a/gnupg-2.1.17.tar.bz2.sig b/gnupg-2.1.17.tar.bz2.sig deleted file mode 100644 index f71c2aa2c907d622e8211a06ae9c15bdd18e621b80bcc6aa767f2e9cca94352a..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$5o&RsaeK5G0#9 z(oZGhw%GRv{ydRqy|K*8{Xy<6&+0q1vLs#Y&a>u=fm9KIfPxcz^q1ii%qSG_$xG?IjyZVCEd z_nY&dIWBsykDv#zGgH$3<&8s!fEs0k-vhB<2F^kEVXt$A_%t5|?XDhT=V%t{=}QJV zioT#9i~U7T;*n$eI=bKXipRc%5*Way@@T$y+24)j!Oe7W#0>U-Mkbn-Ll(CLdkQLC zxR80uRk36{vv619^65P#l3|quFC6!Y$)j|52(|eUd!1eMIv*=r1E00XYzAcG#Q0}M IFdXSr9K&vutN;K2 diff --git a/gnupg-2.1.18.tar.bz2 b/gnupg-2.1.18.tar.bz2 new file mode 100644 index 0000000..d5290d1 --- /dev/null +++ b/gnupg-2.1.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 +size 6308666 diff --git a/gnupg-2.1.18.tar.bz2.sig b/gnupg-2.1.18.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..5f8c8c69bf4c5f7c371d12b667d5b2433bd2595274cc2df1cd84683a1831898e GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$7G>rvM5G5G0#9 z(oZGhw#p_50F5uOF;)OVNyL1=(X?;x(iZS8kjnsR-Wz%ZFnZ=d9+|o#A>+q2>m#PR zs*dR~{)NjrJ_D)EJ+6Y*C+Vs`^WkLPi)<~+t4;}FVvcH<@IUok#?+!-E@wo-Kr7qr z9D3l`VRUwRHGi1HJrVnDfP0}<*?gF1Q8AyBwJoHsoCm0i0zh9%ScRM$W+m{mE8UQr z;cPB(3xY>joqQ8Xts-=xqeTpd8+YRDZH7rEfzT z69DDgmgKE!hP{4wnvTGEBFs+yQO9o|h2CR+Vox{?%wiIJ(tE3SBsBAc{m==@KjN&p IsitT6d{m#2VE_OC literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index c836816..609b77b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Tue Jan 24 16:32:04 UTC 2017 - astieger@suse.com + +- GnuPG 2.1.18: + * gpg: Remove bogus subkey signature while cleaning a key (with + export-clean, import-clean, or --edit-key's sub-command clean) + * gpg: Allow freezing the clock with --faked-system-time. + * gpg: New --export-option flag "backup", new --import-option flag + "restore". + * gpg-agent: Fixed long delay due to a regression in the progress + callback code. + * scd: Lots of code cleanup and internal changes. + * scd: Improved the internal CCID driver. + * dirmngr: Fixed problem with the DNS glue code (removal of the + trailing dot in domain names). + * dirmngr: Make sure that Tor is actually enabled after changing the + conf file and sending SIGHUP or "gpgconf --reload dirmngr". + * dirmngr: Fixed Tor access to IPv6 addresses. Note that current + versions of Tor may require that the flag "IPv6Traffic" is used + with the option "SocksPort" in torrc to actually allow IPv6 + traffic. + * dirmngr: Fixed HKP for literally given IPv6 addresses. + * dirmngr: Enabled reverse DNS lookups via Tor. + * dirmngr: Added experimental SRV record lookup for WKD. + See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details. + * dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record + lookups. Avoid SRV record lookup when a port is explicitly + specified. This fixes a regression from the 1.4 and 2.0 behavior. + * dirmngr: Gracefully handle a missing /etc/nsswitch.conf. Ignore + negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out. + * dirmngr: Better debug output for flags "dns" and "network". + * dirmngr: On reload mark all known HKP servers alive. + * gpgconf: Allow keyword "all" for --launch, --kill, and --reload. + * tools: gpg-wks-client now ignores a missing policy file on the + server. + * Avoid unnecessary ambiguity error message in the option parsing. + * Further improvements of the regression test suite. + * Fixed building with --disable-libdns configure option. + * Fixed a crash running the tests on 32 bit architectures. + * Fixed spurious failures on BSD system in the spawn functions. + This affected for example gpg-wks-client and gpgconf. + ------------------------------------------------------------------- Mon Jan 9 09:18:48 UTC 2017 - tchvatal@suse.com diff --git a/gpg2.spec b/gpg2.spec index e480277..45b979c 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.17 +Version: 2.1.18 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ From bcf4b2989db595915b40f26b9d5550825303dd09002aa20ebcfe90ece15bab48 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 11 Mar 2017 14:18:43 +0000 Subject: [PATCH 104/156] Accepting request 477543 from Base:System GnuPG 2.1.19 OBS-URL: https://build.opensuse.org/request/show/477543 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=113 --- gnupg-2.1.18.tar.bz2 | 3 --- gnupg-2.1.18.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.1.19.tar.bz2 | 3 +++ gnupg-2.1.19.tar.bz2.sig | Bin 0 -> 620 bytes gpg2.changes | 38 ++++++++++++++++++++++++++++++++++++++ gpg2.spec | 14 +++++++++----- 6 files changed, 50 insertions(+), 8 deletions(-) delete mode 100644 gnupg-2.1.18.tar.bz2 delete mode 100644 gnupg-2.1.18.tar.bz2.sig create mode 100644 gnupg-2.1.19.tar.bz2 create mode 100644 gnupg-2.1.19.tar.bz2.sig diff --git a/gnupg-2.1.18.tar.bz2 b/gnupg-2.1.18.tar.bz2 deleted file mode 100644 index d5290d1..0000000 --- a/gnupg-2.1.18.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d04c6fab7e5562ce4b915b22020e34d4c1a256847690cf149842264fc7cef994 -size 6308666 diff --git a/gnupg-2.1.18.tar.bz2.sig b/gnupg-2.1.18.tar.bz2.sig deleted file mode 100644 index 5f8c8c69bf4c5f7c371d12b667d5b2433bd2595274cc2df1cd84683a1831898e..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$7G>rvM5G5G0#9 z(oZGhw#p_50F5uOF;)OVNyL1=(X?;x(iZS8kjnsR-Wz%ZFnZ=d9+|o#A>+q2>m#PR zs*dR~{)NjrJ_D)EJ+6Y*C+Vs`^WkLPi)<~+t4;}FVvcH<@IUok#?+!-E@wo-Kr7qr z9D3l`VRUwRHGi1HJrVnDfP0}<*?gF1Q8AyBwJoHsoCm0i0zh9%ScRM$W+m{mE8UQr z;cPB(3xY>joqQ8Xts-=xqeTpd8+YRDZH7rEfzT z69DDgmgKE!hP{4wnvTGEBFs+yQO9o|h2CR+Vox{?%wiIJ(tE3SBsBAc{m==@KjN&p IsitT6d{m#2VE_OC diff --git a/gnupg-2.1.19.tar.bz2 b/gnupg-2.1.19.tar.bz2 new file mode 100644 index 0000000..364d489 --- /dev/null +++ b/gnupg-2.1.19.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 +size 6404836 diff --git a/gnupg-2.1.19.tar.bz2.sig b/gnupg-2.1.19.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..553183bda80d03316e9c7f06a46e42a233eae1a39ff7823daafe2b529412797b GIT binary patch literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$8^Rd;kgw5G0#9 z(oZGhw%q~;{wvI{%DnraGJ<(i9xkF`R{qQo@&-m43sT9j%Ukv70iL}|h2FBquY#U3 z@u&-0E85+Fr4iJ!OXf-DvdZ2IM#@g;C0^A;>c`@pguOi@JFSaClH4K?IYtqT@CrML zL=cv_5_~^BBr&fS!+=C--rvJtUE08PouA)EEJyo^}%#EAhj1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6Gx9!aU3JDM(aj=Rr zy*~!Kmk0o`7}G3)%ynoO&1VW{)_L4Bs0WYAsNFpcc&|+O{d0fdY5@wU0T1e&FVpUZ z@>+|E5PWrMR6&)@_`Wx99eB70Q54mO>Ep8c8h2uG0&C1oS?fAsIxaF&oW&`vLO(G& z-uY4dgx&0Z!k`>|Oc9pge7O&a8ve26Rn-n;GT*uIO%rbj3rbfTML0jQ>XXk!fM(Yl zHUhf-qT{JZHaE!>Y4<}?5qB7?IJt7eO-XW8K=&xC#bEe)cWuenP&;h*@LPXoo8t6n zMuIy$K{q6Z?HhNRWi# Date: Sat, 18 Mar 2017 19:48:59 +0000 Subject: [PATCH 105/156] Accepting request 479947 from Base:System - Use stronger defaults for new users, using SHA-2 digest family for certificates and message signatures - FATE#323084 adding gnupg-2.1.19-stronger-defaults.patch (forwarded request 479376 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/479947 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=114 --- gnupg-2.1.19-stronger-defaults.patch | 26 ++++++++++++++++++++++++++ gpg2.changes | 7 +++++++ gpg2.spec | 2 ++ 3 files changed, 35 insertions(+) create mode 100644 gnupg-2.1.19-stronger-defaults.patch diff --git a/gnupg-2.1.19-stronger-defaults.patch b/gnupg-2.1.19-stronger-defaults.patch new file mode 100644 index 0000000..983dabd --- /dev/null +++ b/gnupg-2.1.19-stronger-defaults.patch @@ -0,0 +1,26 @@ +From: Andreas Stieger +Date: Tue, 14 Mar 2017 20:43:20 +0000 +Subject; FATE#323084: Stronger GnuPG defaults +References: FATE#323084 +Upstream: no + +Index: gnupg-2.1.19/g10/options.skel +=================================================================== +--- gnupg-2.1.19.orig/g10/options.skel ++++ gnupg-2.1.19/g10/options.skel +@@ -137,3 +137,15 @@ + # Uncomment the following option to get rid of the copyright notice + + #no-greeting ++ ++# SUSE recommended output options ++with-fingerprint ++keyid-format 0xlong ++no-emit-version ++ ++# SUSE recommends SHA-2 family of hashes for all ++personal-digest-preferences SHA512 SHA384 SHA256 SHA224 ++default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed ++cert-digest-algo SHA512 ++digest-algo SHA512 ++ diff --git a/gpg2.changes b/gpg2.changes index 0e1f74b..aedb1c6 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 14 20:41:55 UTC 2017 - astieger@suse.com + +- Use stronger defaults for new users, using SHA-2 digest family + for certificates and message signatures - FATE#323084 + adding gnupg-2.1.19-stronger-defaults.patch + ------------------------------------------------------------------- Tue Mar 7 12:55:14 UTC 2017 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 08a32ac..0daa985 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-2.1.19-stronger-defaults.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.4.3 @@ -86,6 +87,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) From 0782bfbfd8fb19a389ed0487acc991ac3f11e8b7137c67ccf7c28ffa7c871807 Mon Sep 17 00:00:00 2001 From: Yuchen Lin Date: Tue, 11 Apr 2017 07:29:46 +0000 Subject: [PATCH 106/156] Accepting request 485787 from Base:System GnuPG 2.1.20 OBS-URL: https://build.opensuse.org/request/show/485787 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=115 --- gnupg-2.0.18-files-are-digests.patch | 52 +++++++++++----------- gnupg-2.1.19.tar.bz2 | 3 -- gnupg-2.1.19.tar.bz2.sig | Bin 620 -> 0 bytes gnupg-2.1.20.tar.bz2 | 3 ++ gnupg-2.1.20.tar.bz2.sig | Bin 0 -> 620 bytes gnupg-set_umask_before_open_outfile.patch | 12 ++--- gpg2.changes | 30 +++++++++++++ gpg2.spec | 2 +- 8 files changed, 66 insertions(+), 36 deletions(-) delete mode 100644 gnupg-2.1.19.tar.bz2 delete mode 100644 gnupg-2.1.19.tar.bz2.sig create mode 100644 gnupg-2.1.20.tar.bz2 create mode 100644 gnupg-2.1.20.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 1daf76c..2d55365 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.15/g10/gpg.c +Index: gnupg-2.1.20/g10/gpg.c =================================================================== ---- gnupg-2.1.15.orig/g10/gpg.c -+++ gnupg-2.1.15/g10/gpg.c -@@ -368,6 +368,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.20.orig/g10/gpg.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.20/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200 +@@ -374,6 +374,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.15/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -791,6 +792,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -820,6 +821,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.15/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2239,6 +2241,7 @@ main (int argc, char **argv) +@@ -2393,6 +2395,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; @@ -32,7 +32,7 @@ Index: gnupg-2.1.15/g10/gpg.c opt.emit_version = 0; opt.weak_digests = NULL; additional_weak_digest("MD5"); -@@ -2807,6 +2810,7 @@ main (int argc, char **argv) +@@ -2942,6 +2945,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.15/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.15/g10/options.h +Index: gnupg-2.1.20/g10/options.h =================================================================== ---- gnupg-2.1.15.orig/g10/options.h -+++ gnupg-2.1.15/g10/options.h -@@ -212,6 +212,7 @@ struct +--- gnupg-2.1.20.orig/g10/options.h 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.20/g10/options.h 2017-04-04 15:59:20.827799905 +0200 +@@ -214,6 +214,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,20 +52,20 @@ Index: gnupg-2.1.15/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.15/g10/sign.c +Index: gnupg-2.1.20/g10/sign.c =================================================================== ---- gnupg-2.1.15.orig/g10/sign.c -+++ gnupg-2.1.15/g10/sign.c +--- gnupg-2.1.20.orig/g10/sign.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.20/g10/sign.c 2017-04-04 15:59:27.515864763 +0200 @@ -42,6 +42,8 @@ #include "call-agent.h" - #include "mbox-util.h" + #include "../common/mbox-util.h" -+#include "host2net.h" ++#include "../common/host2net.h" + #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" #else -@@ -711,8 +713,12 @@ write_signature_packets (SK_LIST sk_list +@@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl, mk_notation_policy_etc (sig, NULL, pk); } @@ -76,9 +76,9 @@ Index: gnupg-2.1.15/g10/sign.c + log_bug("files-are-digests doesn't work with v4 sigs\n"); + } - rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); + rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -770,6 +776,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -781,6 +787,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -87,7 +87,7 @@ Index: gnupg-2.1.15/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -786,7 +794,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -798,7 +806,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -105,7 +105,7 @@ Index: gnupg-2.1.15/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -807,7 +824,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -819,7 +836,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -114,7 +114,7 @@ Index: gnupg-2.1.15/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -945,7 +962,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -957,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -123,7 +123,7 @@ Index: gnupg-2.1.15/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1000,6 +1017,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1012,6 +1029,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -132,7 +132,7 @@ Index: gnupg-2.1.15/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1040,6 +1059,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1052,6 +1071,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -178,10 +178,10 @@ Index: gnupg-2.1.15/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1058,8 +1116,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1070,8 +1128,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ - rc = write_signature_packets (sk_list, out, mfx.md, + rc = write_signature_packets (ctrl, sk_list, out, mfx.md, - opt.textmode && !outfile? 0x01 : 0x00, - 0, duration, detached ? 'D':'S', NULL); + sigclass, diff --git a/gnupg-2.1.19.tar.bz2 b/gnupg-2.1.19.tar.bz2 deleted file mode 100644 index 364d489..0000000 --- a/gnupg-2.1.19.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0 -size 6404836 diff --git a/gnupg-2.1.19.tar.bz2.sig b/gnupg-2.1.19.tar.bz2.sig deleted file mode 100644 index 553183bda80d03316e9c7f06a46e42a233eae1a39ff7823daafe2b529412797b..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$8^Rd;kgw5G0#9 z(oZGhw%q~;{wvI{%DnraGJ<(i9xkF`R{qQo@&-m43sT9j%Ukv70iL}|h2FBquY#U3 z@u&-0E85+Fr4iJ!OXf-DvdZ2IM#@g;C0^A;>c`@pguOi@JFSaClH4K?IYtqT@CrML zL=cv_5_~^BBr&fS!+=C--rvJtUE08PouA)EEJyo^}%#EAhj1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6Gx9!aU3JDM(aj=Rr zy*~!Kmk0o`7}G3)%ynoO&1VW{)_L4Bs0WYAsNFpcc&|+O{d0fdY5@wU0T1e&FVpUZ z@>+|E5PWrMR6&)@_`Wx99eB70Q54mO>Ep8c8h2uG0&C1oS?fAsIxaF&oW&`vLO(G& z-uY4dgx&0Z!k`>|Oc9pge7O&a8ve26Rn-n;GT*uIO%rbj3rbfTML0jQ>XXk!fM(Yl zHUhf-qT{JZHaE!>Y4<}?5qB7?IJt7eO-XW8K=&xC#bEe)cWuenP&;h*@LPXoo8t6n zMuIy$K{q6Z?HhNRWi#o@?CF8aQ0$Adn3IGZT5G0#9 z(oZGhwvnC)0H1RXVvfvD1I4M68EjK;$fIM3y3Pa+by<*s#)NpL=gL!Tn;fT*XTukd zkv&Dx0}z)JEF_fARc$S`Th^>O2T<*On~lV-u#veLWqFyU0S@v=BU-?(_%Kot}izZoG?yE+rX zGJ5`FrilSF1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6G<9*No3JDM(aj=Rr zy*~!0@CW}&$@dt`{v*T2Tby17fLqwl%2)^-arD@s9&s!V$D)^o;{XZMqusCr$(tg2 zgSdbscym+SKdk2abXCPmBaC?JC6kR%lpKMl^RTWJTUpu$AF(1bns}hZ6X4kMAs2&0 zQbOTnKX(Wtk2=Xqt-YY}z%3Rdr7*GyPOK89$y?y35Rz%$ zV^7Z8lFOAO)#d{T*rE3?w`*}K>TdulG@w&dZr)DJ?bY*egXE;-YL)&aiZT-DCLX8K zZo_zcEnr9m(_PGq0e GCg0b%WGFiT literal 0 HcmV?d00001 diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index 291939a..195e99c 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.1.12/g10/plaintext.c +Index: gnupg-2.1.20/g10/plaintext.c =================================================================== ---- gnupg-2.1.12.orig/g10/plaintext.c 2016-05-04 11:43:16.000000000 +0200 -+++ gnupg-2.1.12/g10/plaintext.c 2016-05-04 17:36:13.945784756 +0200 +--- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200 @@ -24,6 +24,7 @@ #include #include @@ -11,8 +11,8 @@ Index: gnupg-2.1.12/g10/plaintext.c # include /* for setmode() */ #endif @@ -38,6 +39,9 @@ - #include "status.h" - #include "i18n.h" + #include "../common/status.h" + #include "../common/i18n.h" +/* define safe permissions for creating plaintext files */ +#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR) @@ -20,7 +20,7 @@ Index: gnupg-2.1.12/g10/plaintext.c /* Get the output filename. On success, the actual filename that is used is set in *FNAMEP and a filepointer is returned in *FP. -@@ -145,11 +149,15 @@ get_output_file (const byte *embedded_na +@@ -161,11 +165,15 @@ get_output_file (const byte *embedded_na log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); goto leave; } diff --git a/gpg2.changes b/gpg2.changes index aedb1c6..67513e1 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Tue Apr 4 14:00:36 UTC 2017 - astieger@suse.com + +- GnuPG 2.1.20: + * gpg: New properties 'expired', 'revoked', and 'disabled' for the + import and export filters. + * gpg: New command --quick-set-primary-uid. + * gpg: New compliance field for the --with-colon key listing. + * gpg: Changed the key parser to generalize the processing of local + meta data packets. + * gpg: Fixed assertion failure in the TOFU trust model. + * gpg: Fixed exporting of zero length user ID packets. + * scd: Improved support for multiple readers. + * scd: Fixed timeout handling for key generation. + * agent: New option --enable-extended-key-format. + * dirmngr: Do not add a keyserver to a new dirmngr.conf. Dirmngr + uses a default keyserver. + * dimngr: Do not treat TLS warning alerts as severe error when + building with GNUTLS. + * dirmngr: Actually take /etc/hosts in account. + * wks: Fixed client problems on Windows. Published keys are now set + to world-readable. + * tests: Fixed creation of temporary directories. + * A socket directory for a non standard GNUGHOME is now created on + the fly under /run/user. Thus "gpgconf --create-socketdir" is now + optional. The use of "gpgconf --remove-socketdir" to clean up + obsolete socket directories is however recommended to avoid + cluttering /run/user with useless directories. + * Fixed build problems on some platforms. + ------------------------------------------------------------------- Tue Mar 14 20:41:55 UTC 2017 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 0daa985..8af4583 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.19 +Version: 2.1.20 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ From 7da7bdd6996b47ff8be59d4fdc24d2b49e96108a4653d2d7231aaa47fb1a0656 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 20 May 2017 12:29:25 +0000 Subject: [PATCH 107/156] Accepting request 495114 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/495114 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=116 --- gnupg-2.1.19-stronger-defaults.patch | 26 -------------------------- gnupg-2.1.20.tar.bz2 | 3 --- gnupg-2.1.20.tar.bz2.sig | Bin 620 -> 0 bytes gnupg-2.1.21.tar.bz2 | 3 +++ gnupg-2.1.21.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 16 ++++++++++++++++ gpg2.spec | 4 +--- 7 files changed, 20 insertions(+), 32 deletions(-) delete mode 100644 gnupg-2.1.19-stronger-defaults.patch delete mode 100644 gnupg-2.1.20.tar.bz2 delete mode 100644 gnupg-2.1.20.tar.bz2.sig create mode 100644 gnupg-2.1.21.tar.bz2 create mode 100644 gnupg-2.1.21.tar.bz2.sig diff --git a/gnupg-2.1.19-stronger-defaults.patch b/gnupg-2.1.19-stronger-defaults.patch deleted file mode 100644 index 983dabd..0000000 --- a/gnupg-2.1.19-stronger-defaults.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Andreas Stieger -Date: Tue, 14 Mar 2017 20:43:20 +0000 -Subject; FATE#323084: Stronger GnuPG defaults -References: FATE#323084 -Upstream: no - -Index: gnupg-2.1.19/g10/options.skel -=================================================================== ---- gnupg-2.1.19.orig/g10/options.skel -+++ gnupg-2.1.19/g10/options.skel -@@ -137,3 +137,15 @@ - # Uncomment the following option to get rid of the copyright notice - - #no-greeting -+ -+# SUSE recommended output options -+with-fingerprint -+keyid-format 0xlong -+no-emit-version -+ -+# SUSE recommends SHA-2 family of hashes for all -+personal-digest-preferences SHA512 SHA384 SHA256 SHA224 -+default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed -+cert-digest-algo SHA512 -+digest-algo SHA512 -+ diff --git a/gnupg-2.1.20.tar.bz2 b/gnupg-2.1.20.tar.bz2 deleted file mode 100644 index c7c955c..0000000 --- a/gnupg-2.1.20.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d -size 6456128 diff --git a/gnupg-2.1.20.tar.bz2.sig b/gnupg-2.1.20.tar.bz2.sig deleted file mode 100644 index 4bc8e1445f537f27264f693f57628e158bf6f7d2bbf26b814ab18e907cd136a9..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Adn3IGZT5G0#9 z(oZGhwvnC)0H1RXVvfvD1I4M68EjK;$fIM3y3Pa+by<*s#)NpL=gL!Tn;fT*XTukd zkv&Dx0}z)JEF_fARc$S`Th^>O2T<*On~lV-u#veLWqFyU0S@v=BU-?(_%Kot}izZoG?yE+rX zGJ5`FrilSF1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6G<9*No3JDM(aj=Rr zy*~!0@CW}&$@dt`{v*T2Tby17fLqwl%2)^-arD@s9&s!V$D)^o;{XZMqusCr$(tg2 zgSdbscym+SKdk2abXCPmBaC?JC6kR%lpKMl^RTWJTUpu$AF(1bns}hZ6X4kMAs2&0 zQbOTnKX(Wtk2=Xqt-YY}z%3Rdr7*GyPOK89$y?y35Rz%$ zV^7Z8lFOAO)#d{T*rE3?w`*}K>TdulG@w&dZr)DJ?bY*egXE;-YL)&aiZT-DCLX8K zZo_zcEnr9m(_PGq0e GCg0b%WGFiT diff --git a/gnupg-2.1.21.tar.bz2 b/gnupg-2.1.21.tar.bz2 new file mode 100644 index 0000000..dc0cbdc --- /dev/null +++ b/gnupg-2.1.21.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7aead8a8ba75b69866f583b6c747d91414d523bfdfbe9a8e0fe026b16ba427dd +size 6472887 diff --git a/gnupg-2.1.21.tar.bz2.sig b/gnupg-2.1.21.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..0bbb1e244da57f4d6b288a842bf60598d0b35c95543c91255da4d06fbf94b38f GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$CZkxBvAq9>LT2mnd+@Z;zfg-WR^`VT|36 zbBD4d1>H-UPdc3n*oal*N`=Jbq_w(qnpInQ_K|f8gFf4tV~+w%$q-NPG@Nr;8g#=W zhR6DdJK?=Y4mw>#cA0t|2gtbP;a{iWBtfQU= 2.4.3 @@ -87,7 +86,6 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) From 07680c0f3a10c74b05fba3889e62f95abce82f3c20ca751dbb2e07115eb93670 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 1 Jun 2017 14:28:24 +0000 Subject: [PATCH 108/156] Accepting request 497286 from Base:System (forwarded request 496742 from mstrigl) OBS-URL: https://build.opensuse.org/request/show/497286 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=117 --- gnupg-2.0.18-files-are-digests.patch | 27 ++++++++++++++++++--------- gpg2.changes | 7 +++++++ 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 2d55365..8e1bba7 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,10 +4,10 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.20/g10/gpg.c +Index: gnupg-2.1.21/g10/gpg.c =================================================================== ---- gnupg-2.1.20.orig/g10/gpg.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200 +--- gnupg-2.1.21.orig/g10/gpg.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.21/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200 @@ -374,6 +374,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, @@ -40,10 +40,10 @@ Index: gnupg-2.1.20/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.20/g10/options.h +Index: gnupg-2.1.21/g10/options.h =================================================================== ---- gnupg-2.1.20.orig/g10/options.h 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/options.h 2017-04-04 15:59:20.827799905 +0200 +--- gnupg-2.1.21.orig/g10/options.h 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.21/g10/options.h 2017-04-04 15:59:20.827799905 +0200 @@ -214,6 +214,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; @@ -52,10 +52,10 @@ Index: gnupg-2.1.20/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.20/g10/sign.c +Index: gnupg-2.1.21/g10/sign.c =================================================================== ---- gnupg-2.1.20.orig/g10/sign.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/sign.c 2017-04-04 15:59:27.515864763 +0200 +--- gnupg-2.1.21.orig/g10/sign.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.21/g10/sign.c 2017-04-04 15:59:27.515864763 +0200 @@ -42,6 +42,8 @@ #include "call-agent.h" #include "../common/mbox-util.h" @@ -65,6 +65,15 @@ Index: gnupg-2.1.20/g10/sign.c #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" #else +@@ -695,6 +697,8 @@ write_signature_packets(ctrl_t ctrl, + if (duration || opt.sig_policy_url + || opt.sig_notations || opt.sig_keyserver_url) + sig->version = 4; ++ else if (opt.files_are_digests) ++ sig->version = 3; + else + sig->version = pk->version; + @@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl, mk_notation_policy_etc (sig, NULL, pk); } diff --git a/gpg2.changes b/gpg2.changes index 0ffc0eb..5b165e9 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri May 19 11:59:24 UTC 2017 - marco.strigl@suse.com + +- GnuPG 2.1.21: + * modified gnupg-2.0.18-files-are-digests.patch to work with + obs-sign again bsc#1039899 + ------------------------------------------------------------------- Mon May 15 20:49:25 UTC 2017 - astieger@suse.com From 867a8522071184a01eba808c1c02d4569a844b342e506f2969b52423c0c768ba Mon Sep 17 00:00:00 2001 From: Yuchen Lin Date: Fri, 4 Aug 2017 09:56:51 +0000 Subject: [PATCH 109/156] Accepting request 512957 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/512957 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=118 --- gnupg-2.0.18-files-are-digests.patch | 52 ++++++++++++------------ gnupg-2.1.21.tar.bz2 | 3 -- gnupg-2.1.21.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.1.22.tar.bz2 | 3 ++ gnupg-2.1.22.tar.bz2.sig | Bin 0 -> 310 bytes gnupg-add_legacy_FIPS_mode_option.patch | 22 +++++----- gpg2.changes | 26 ++++++++++++ gpg2.spec | 11 ++--- 8 files changed, 70 insertions(+), 47 deletions(-) delete mode 100644 gnupg-2.1.21.tar.bz2 delete mode 100644 gnupg-2.1.21.tar.bz2.sig create mode 100644 gnupg-2.1.22.tar.bz2 create mode 100644 gnupg-2.1.22.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 8e1bba7..11dbac6 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.21/g10/gpg.c +Index: gnupg-2.1.22/g10/gpg.c =================================================================== ---- gnupg-2.1.21.orig/g10/gpg.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.21/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200 -@@ -374,6 +374,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.22.orig/g10/gpg.c ++++ gnupg-2.1.22/g10/gpg.c +@@ -379,6 +379,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.21/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -820,6 +821,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -828,6 +829,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.21/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2393,6 +2395,7 @@ main (int argc, char **argv) +@@ -2383,6 +2385,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; @@ -32,7 +32,7 @@ Index: gnupg-2.1.21/g10/gpg.c opt.emit_version = 0; opt.weak_digests = NULL; additional_weak_digest("MD5"); -@@ -2942,6 +2945,7 @@ main (int argc, char **argv) +@@ -2944,6 +2947,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.21/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.21/g10/options.h +Index: gnupg-2.1.22/g10/options.h =================================================================== ---- gnupg-2.1.21.orig/g10/options.h 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.21/g10/options.h 2017-04-04 15:59:20.827799905 +0200 -@@ -214,6 +214,7 @@ struct +--- gnupg-2.1.22.orig/g10/options.h ++++ gnupg-2.1.22/g10/options.h +@@ -212,6 +212,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,20 +52,20 @@ Index: gnupg-2.1.21/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.21/g10/sign.c +Index: gnupg-2.1.22/g10/sign.c =================================================================== ---- gnupg-2.1.21.orig/g10/sign.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.21/g10/sign.c 2017-04-04 15:59:27.515864763 +0200 -@@ -42,6 +42,8 @@ - #include "call-agent.h" +--- gnupg-2.1.22.orig/g10/sign.c ++++ gnupg-2.1.22/g10/sign.c +@@ -43,6 +43,8 @@ #include "../common/mbox-util.h" + #include "../common/compliance.h" +#include "../common/host2net.h" + #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" #else -@@ -695,6 +697,8 @@ write_signature_packets(ctrl_t ctrl, +@@ -727,6 +729,8 @@ write_signature_packets (ctrl_t ctrl, if (duration || opt.sig_policy_url || opt.sig_notations || opt.sig_keyserver_url) sig->version = 4; @@ -73,8 +73,8 @@ Index: gnupg-2.1.21/g10/sign.c + sig->version = 3; else sig->version = pk->version; - -@@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl, + +@@ -750,8 +754,12 @@ write_signature_packets (ctrl_t ctrl, mk_notation_policy_etc (sig, NULL, pk); } @@ -87,7 +87,7 @@ Index: gnupg-2.1.21/g10/sign.c rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -781,6 +787,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -813,6 +821,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -96,7 +96,7 @@ Index: gnupg-2.1.21/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -798,7 +806,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -830,7 +840,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -114,7 +114,7 @@ Index: gnupg-2.1.21/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -819,7 +836,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -851,7 +870,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -123,7 +123,7 @@ Index: gnupg-2.1.21/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -957,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -989,7 +1008,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -132,7 +132,7 @@ Index: gnupg-2.1.21/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1012,6 +1029,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1044,6 +1063,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -141,7 +141,7 @@ Index: gnupg-2.1.21/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1052,6 +1071,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1084,6 +1105,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -187,7 +187,7 @@ Index: gnupg-2.1.21/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1070,8 +1128,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1102,8 +1162,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (ctrl, sk_list, out, mfx.md, diff --git a/gnupg-2.1.21.tar.bz2 b/gnupg-2.1.21.tar.bz2 deleted file mode 100644 index dc0cbdc..0000000 --- a/gnupg-2.1.21.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7aead8a8ba75b69866f583b6c747d91414d523bfdfbe9a8e0fe026b16ba427dd -size 6472887 diff --git a/gnupg-2.1.21.tar.bz2.sig b/gnupg-2.1.21.tar.bz2.sig deleted file mode 100644 index 0bbb1e244da57f4d6b288a842bf60598d0b35c95543c91255da4d06fbf94b38f..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$CZkxBvAq9>LT2mnd+@Z;zfg-WR^`VT|36 zbBD4d1>H-UPdc3n*oal*N`=Jbq_w(qnpInQ_K|f8gFf4tV~+w%$q-NPG@Nr;8g#=W zhR6DdJK?=Y4mw>#cA0t|2gtbP;a{iWBtfQUo@?CF8aQ0$F=>e*g*z5G0#9 z(oZGhwiIp%0H(dV|5(j{Rmgs+PRY{3J^n3dGZ7%KAF8HwuP&?NVttqCkT@E>%c-9c zhv$^b&>@%=H_B8nt$5Ov3JiqU#nrMXTHVJk?Aio-nP?NIuLd&yb^5}e$0CM=k-n6A zH@ot*{^a8An?%Vz&^Pm+(*U*NT>dB?4fE^{4_N89(Up(AU6M-83_Hd9F5l*29s?gM ziEsWZ&M!ZkIyltOh^3lQ;X#6(mY%Q2awTZ_@wA0s^LGTE<5PuB5%cgwm;!1m0l(0o z#KqiqXezbEAa?fSEMrv4xUA*)IHr1Thi@dHKJnI>In}W3YwnRkP$Cq(Y4^C(N`SiR IpJwO Date: Mon, 4 Sep 2017 10:26:32 +0000 Subject: [PATCH 110/156] Accepting request 519193 from Base:System GnuPG 2.2.0 bsc#1054088 (forwarded request 519191 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/519193 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=119 --- gnupg-2.0.18-files-are-digests.patch | 30 +++++++++++------------ gnupg-2.1.22.tar.bz2 | 3 --- gnupg-2.1.22.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.0.tar.bz2 | 3 +++ gnupg-2.2.0.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 34 +++++++++++++++++++++++++++ gpg2.spec | 5 ++-- 7 files changed, 55 insertions(+), 20 deletions(-) delete mode 100644 gnupg-2.1.22.tar.bz2 delete mode 100644 gnupg-2.1.22.tar.bz2.sig create mode 100644 gnupg-2.2.0.tar.bz2 create mode 100644 gnupg-2.2.0.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 11dbac6..7035cc6 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.22/g10/gpg.c +Index: gnupg-2.1.23/g10/gpg.c =================================================================== ---- gnupg-2.1.22.orig/g10/gpg.c -+++ gnupg-2.1.22/g10/gpg.c -@@ -379,6 +379,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.23.orig/g10/gpg.c 2017-08-09 15:46:17.000000000 +0200 ++++ gnupg-2.1.23/g10/gpg.c 2017-08-10 16:21:26.692847431 +0200 +@@ -380,6 +380,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.22/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -828,6 +829,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -829,6 +830,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,15 +24,15 @@ Index: gnupg-2.1.22/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2383,6 +2385,7 @@ main (int argc, char **argv) +@@ -2388,6 +2390,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; + opt.files_are_digests=0; opt.emit_version = 0; opt.weak_digests = NULL; - additional_weak_digest("MD5"); -@@ -2944,6 +2947,7 @@ main (int argc, char **argv) + +@@ -2952,6 +2955,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.22/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.22/g10/options.h +Index: gnupg-2.1.23/g10/options.h =================================================================== ---- gnupg-2.1.22.orig/g10/options.h -+++ gnupg-2.1.22/g10/options.h -@@ -212,6 +212,7 @@ struct +--- gnupg-2.1.23.orig/g10/options.h 2017-08-09 15:46:17.000000000 +0200 ++++ gnupg-2.1.23/g10/options.h 2017-08-10 16:21:26.692847431 +0200 +@@ -213,6 +213,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ Index: gnupg-2.1.22/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.22/g10/sign.c +Index: gnupg-2.1.23/g10/sign.c =================================================================== ---- gnupg-2.1.22.orig/g10/sign.c -+++ gnupg-2.1.22/g10/sign.c +--- gnupg-2.1.23.orig/g10/sign.c 2017-07-28 19:39:06.000000000 +0200 ++++ gnupg-2.1.23/g10/sign.c 2017-08-10 16:21:26.692847431 +0200 @@ -43,6 +43,8 @@ #include "../common/mbox-util.h" #include "../common/compliance.h" diff --git a/gnupg-2.1.22.tar.bz2 b/gnupg-2.1.22.tar.bz2 deleted file mode 100644 index 182c69f..0000000 --- a/gnupg-2.1.22.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 -size 6530433 diff --git a/gnupg-2.1.22.tar.bz2.sig b/gnupg-2.1.22.tar.bz2.sig deleted file mode 100644 index 1f26f4f042d0e603b9dd6dfc7e6c2e4d94d4691e8bfbd017f18bf664a1e14d81..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$F=>e*g*z5G0#9 z(oZGhwiIp%0H(dV|5(j{Rmgs+PRY{3J^n3dGZ7%KAF8HwuP&?NVttqCkT@E>%c-9c zhv$^b&>@%=H_B8nt$5Ov3JiqU#nrMXTHVJk?Aio-nP?NIuLd&yb^5}e$0CM=k-n6A zH@ot*{^a8An?%Vz&^Pm+(*U*NT>dB?4fE^{4_N89(Up(AU6M-83_Hd9F5l*29s?gM ziEsWZ&M!ZkIyltOh^3lQ;X#6(mY%Q2awTZ_@wA0s^LGTE<5PuB5%cgwm;!1m0l(0o z#KqiqXezbEAa?fSEMrv4xUA*)IHr1Thi@dHKJnI>In}W3YwnRkP$Cq(Y4^C(N`SiR IpJwOo@?CF8aQ0$HQtF8~S&5G0#9 z(oZGhwxH7p0GH|?WBHVf4zSBF>LObKwhy5uR4`=5{HO5wI0=N58ULiK4>X2i)#P9~ zo+mdH_5`E{{ZR}S8^tIb>;H1h0+i*>2ENbeNF`eOR|XNgHtMgy28HLF>;;qWCHV-N zf^#I;GkrBgmFwwTotV+EXPOD09Lw1 zrS;d{ewn@evTXTg9=|rC*ZtW8z6~5Y^o=>a!V?lW2FceMU-JpMo^af8I=c@2Kq}hB Ic0U_fF?aQnX8-^I literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index f1836f6..88636e6 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Mon Aug 28 17:21:30 UTC 2017 - astieger@suse.com + +- GnuPG 2.2.0: + * New long term stable branch, replacing the 2.0.x series + * gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve + is again the default boo#1054088 + * Fixed a few minor bugs + +------------------------------------------------------------------- +Sat Aug 12 16:56:26 UTC 2017 - astieger@suse.com + +- GnuPG 2.1.23: + * gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd" + are now used by default. Note: this enables keyserver and Web Key + Directory operators to notice when a signature from a locally + non-available key is being verified for the first time or when + you intend to encrypt to a mail address without having the key + locally. This new behaviour will eventually make key discovery + much easier and mostly automatic. Disable this by adding + no-auto-key-retrieve + auto-key-locate local + to your gpg.conf. + * agent: Option --no-grab is now the default. The new option --grab + allows to revert this. + * gpg: New import option "show-only". + * gpg: New option --disable-dirmngr to entirely disable network + access for gpg. + * gpg,gpgsm: Tweaked DE-VS compliance behaviour. + * New configure flag --enable-all-tests to run more extensive tests + during "make check". + * gpgsm: The keygrip is now always printed in colon mode as + documented in the man page. + ------------------------------------------------------------------- Fri Jul 28 19:29:52 UTC 2017 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2c9e9c8..5b77867 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.22 +Version: 2.2.0 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ @@ -103,8 +103,9 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --enable-large-secmem \ --enable-wks-tools \ --with-gnu-ld \ - --with-default-trust-store=%{_sysconfdir}/ssl/ca-bundle.pem \ + --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ + --enable-gpg-is-gpg2 \ make %{?_smp_mflags} From 312ce911aae6b9cce5e84f127f7d1bb5dd98972559d90e84a37b24448d9017c8 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 22 Sep 2017 19:32:08 +0000 Subject: [PATCH 111/156] Accepting request 527382 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/527382 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=120 --- gnupg-2.2.0.tar.bz2 | 3 --- gnupg-2.2.0.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.1.tar.bz2 | 3 +++ gnupg-2.2.1.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 15 +++++++++++++++ gpg2.spec | 2 +- 6 files changed, 19 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.0.tar.bz2 delete mode 100644 gnupg-2.2.0.tar.bz2.sig create mode 100644 gnupg-2.2.1.tar.bz2 create mode 100644 gnupg-2.2.1.tar.bz2.sig diff --git a/gnupg-2.2.0.tar.bz2 b/gnupg-2.2.0.tar.bz2 deleted file mode 100644 index 75642d3..0000000 --- a/gnupg-2.2.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d4514a0be0f7a1ff263193330019eb4b53c82f0f5e230af3c14df371271a45e6 -size 6532475 diff --git a/gnupg-2.2.0.tar.bz2.sig b/gnupg-2.2.0.tar.bz2.sig deleted file mode 100644 index cb3c0b3bc272663fe19f7f7c3170bf2618ba4e7646d843aedf30fa60a6ab29e2..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$HQtF8~S&5G0#9 z(oZGhwxH7p0GH|?WBHVf4zSBF>LObKwhy5uR4`=5{HO5wI0=N58ULiK4>X2i)#P9~ zo+mdH_5`E{{ZR}S8^tIb>;H1h0+i*>2ENbeNF`eOR|XNgHtMgy28HLF>;;qWCHV-N zf^#I;GkrBgmFwwTotV+EXPOD09Lw1 zrS;d{ewn@evTXTg9=|rC*ZtW8z6~5Y^o=>a!V?lW2FceMU-JpMo^af8I=c@2Kq}hB Ic0U_fF?aQnX8-^I diff --git a/gnupg-2.2.1.tar.bz2 b/gnupg-2.2.1.tar.bz2 new file mode 100644 index 0000000..feed3a5 --- /dev/null +++ b/gnupg-2.2.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:34d70cd65b9c95f3f2f90a9f5c1e0b6a0fe039a8d685e2d66d69c33d1cbf62fb +size 6537959 diff --git a/gnupg-2.2.1.tar.bz2.sig b/gnupg-2.2.1.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..1058b52cba7c600232a98ae6ccb50c9ee0c6203357dd79bbe180e719990dd259 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$ISf$^Z%p5G0#9 z(oZGhww>b#|7vcIXcdYK*(H$j>+RK40H-n&BMU&+*3PI^ip0-9MC@?ADBsw_NWTKP z-)7MYB!c_46vBE@Nyx$DFavE8c4PR9ag)mgd!&ynADm)&Kwi literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 88636e6..030f07a 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Tue Sep 19 19:12:53 UTC 2017 - astieger@suse.com + +- GnuPG 2.2.1: + * gpg: Fix formatting of the user id in batch mode key generation + if only "name-email" is given. + * gpgv: Fix annoying "not suitable for" warnings. + * wks: Convey only the newest user id to the provider. This is + the case if different names are used with the same addr-spec. + * wks: Create a complying user id for provider policy mailbox-only. + * wks: Add workaround for posteo.de. + * scd: Fix the use of large ECC keys with an OpenPGP card. + * dirmngr: Use system provided root certificates if no specific + HKP certificates are configured. If bu + ------------------------------------------------------------------- Mon Aug 28 17:21:30 UTC 2017 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 5b77867..1f3abec 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.0 +Version: 2.2.1 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ From 1760a59f2665e0a6d981a972183fa74826633dc2b7cbf293b0b5ccc43b273037 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 14 Nov 2017 11:36:43 +0000 Subject: [PATCH 112/156] Accepting request 539677 from Base:System GnuPG 2.2.2 (forwarded request 539676 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/539677 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=121 --- gnupg-2.2.1.tar.bz2 | 3 --- gnupg-2.2.1.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.2.tar.bz2 | 3 +++ gnupg-2.2.2.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 27 +++++++++++++++++++++++++++ gpg2.spec | 3 ++- 6 files changed, 32 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.1.tar.bz2 delete mode 100644 gnupg-2.2.1.tar.bz2.sig create mode 100644 gnupg-2.2.2.tar.bz2 create mode 100644 gnupg-2.2.2.tar.bz2.sig diff --git a/gnupg-2.2.1.tar.bz2 b/gnupg-2.2.1.tar.bz2 deleted file mode 100644 index feed3a5..0000000 --- a/gnupg-2.2.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34d70cd65b9c95f3f2f90a9f5c1e0b6a0fe039a8d685e2d66d69c33d1cbf62fb -size 6537959 diff --git a/gnupg-2.2.1.tar.bz2.sig b/gnupg-2.2.1.tar.bz2.sig deleted file mode 100644 index 1058b52cba7c600232a98ae6ccb50c9ee0c6203357dd79bbe180e719990dd259..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$ISf$^Z%p5G0#9 z(oZGhww>b#|7vcIXcdYK*(H$j>+RK40H-n&BMU&+*3PI^ip0-9MC@?ADBsw_NWTKP z-)7MYB!c_46vBE@Nyx$DFavE8c4PR9ag)mgd!&ynADm)&Kwi diff --git a/gnupg-2.2.2.tar.bz2 b/gnupg-2.2.2.tar.bz2 new file mode 100644 index 0000000..ef2b910 --- /dev/null +++ b/gnupg-2.2.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bfb62c7412ceb3b9422c6c7134a34ff01a560f98eb981c2d96829c1517c08197 +size 6546951 diff --git a/gnupg-2.2.2.tar.bz2.sig b/gnupg-2.2.2.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..abc3926e03a5d2c91dee9bcebf82c128829f2a460580b31c49fd33e07d462c70 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Krq9smjn5G0#9 z(oZGhwgDLk0HZ#(S~EnbUpDlV!ZEIr9&KyX1nB)rX)PQE|TI4|L;#t+~V9Y!{z?#-%D(N^jJfkE3uDB;E66vJl8Q>_u20JOwxkT{^j}qkx(hC z0%tEPqPNY#rnS8K@&b8Dh0aq=?YivkXYkAoqcth5;!RZ>2L2mRP4K0_i}Y~m5LO~ I3hc3lNX~qe00000 literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 030f07a..732643b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Tue Nov 7 20:08:04 UTC 2017 - astieger@suse.com + +- GnuPG 2.2.2: + * gpg: Avoid duplicate key imports by concurrently running gpg + processes + * gpg: Fix creating on-disk subkey with on-card primary key + * gpg: Fix validity retrieval for multiple keyrings + * gpg: Fix --dry-run and import option show-only for secret keys + * gpg: Print "sec" or "sbb" for secret keys with import option + import-show + * gpg: Make import less verbose + * gpg: Add alias "Key-Grip" for parameter "Keygrip" and new + parameter "Subkey-Grip" to unattended key generation + * gpg: Improve "factory-reset" command for OpenPGP cards + * gpg: Ease switching Gnuk tokens into ECC mode by using the magic + keysize value 25519 + * gpgsm: Fix --with-colon listing in crt records for fields > 12. + * gpgsm: Do not expect X.509 keyids to be unique + * agent: Fix stucked Pinentry when using --max-passphrase-days + * agent: New option --s2k-count + * dirmngr: Do not follow https-to-http redirects + * dirmngr: Reduce default LDAP timeout from 100 to 15 seconds + * gpgconf: Ignore non-installed components for commands + --apply-profile and --apply-defaults + * Add configure option --enable-werror + ------------------------------------------------------------------- Tue Sep 19 19:12:53 UTC 2017 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 1f3abec..1f7d0f3 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.1 +Version: 2.2.2 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ @@ -106,6 +106,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ --enable-gpg-is-gpg2 \ + --enable-Werror make %{?_smp_mflags} From 4ee5d76e2da6c17e5e2e5854b912b66bc57f86256e92d95d7003593c59f5b6cf Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 25 Nov 2017 07:40:01 +0000 Subject: [PATCH 113/156] Accepting request 544086 from Base:System OBS-URL: https://build.opensuse.org/request/show/544086 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=122 --- gnupg-2.2.2.tar.bz2 | 3 --- gnupg-2.2.2.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.3.tar.bz2 | 3 +++ gnupg-2.2.3.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 10 ++++++++++ gpg2.spec | 2 +- 6 files changed, 14 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.2.tar.bz2 delete mode 100644 gnupg-2.2.2.tar.bz2.sig create mode 100644 gnupg-2.2.3.tar.bz2 create mode 100644 gnupg-2.2.3.tar.bz2.sig diff --git a/gnupg-2.2.2.tar.bz2 b/gnupg-2.2.2.tar.bz2 deleted file mode 100644 index ef2b910..0000000 --- a/gnupg-2.2.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bfb62c7412ceb3b9422c6c7134a34ff01a560f98eb981c2d96829c1517c08197 -size 6546951 diff --git a/gnupg-2.2.2.tar.bz2.sig b/gnupg-2.2.2.tar.bz2.sig deleted file mode 100644 index abc3926e03a5d2c91dee9bcebf82c128829f2a460580b31c49fd33e07d462c70..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Krq9smjn5G0#9 z(oZGhwgDLk0HZ#(S~EnbUpDlV!ZEIr9&KyX1nB)rX)PQE|TI4|L;#t+~V9Y!{z?#-%D(N^jJfkE3uDB;E66vJl8Q>_u20JOwxkT{^j}qkx(hC z0%tEPqPNY#rnS8K@&b8Dh0aq=?YivkXYkAoqcth5;!RZ>2L2mRP4K0_i}Y~m5LO~ I3hc3lNX~qe00000 diff --git a/gnupg-2.2.3.tar.bz2 b/gnupg-2.2.3.tar.bz2 new file mode 100644 index 0000000..c323053 --- /dev/null +++ b/gnupg-2.2.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cbd37105d139f7aa74f92b6f65d136658682094b0e308666b820ae4b984084b4 +size 6547069 diff --git a/gnupg-2.2.3.tar.bz2.sig b/gnupg-2.2.3.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..2d5744422a97126df84e2be8a01f14717f09567137de4c9cc255d458dade7223 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$LKukpKz_5G0#9 z(oZGhwjW3b{vbD%3suo1HsDACbT|TaqyckP5Wq={15WnjzZQZAl-O32`RcU!7x;30LI z`~*--a<^OXsT69-^eo%pr)u;br02XfJL8x)b5}YL?n{18Wh^~Qh%IZlK+3_AA^^XO z5SI6{s)!Bk$fOT1+z5t%k*HsScI>a_sM#AVC#0N^QVM Date: Sat, 23 Dec 2017 11:11:05 +0000 Subject: [PATCH 114/156] Accepting request 559114 from Base:System OBS-URL: https://build.opensuse.org/request/show/559114 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=123 --- gnupg-2.2.3.tar.bz2 | 3 --- gnupg-2.2.3.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.4.tar.bz2 | 3 +++ gnupg-2.2.4.tar.bz2.sig | Bin 0 -> 620 bytes gpg2.changes | 24 ++++++++++++++++++++++++ gpg2.spec | 2 +- 6 files changed, 28 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.3.tar.bz2 delete mode 100644 gnupg-2.2.3.tar.bz2.sig create mode 100644 gnupg-2.2.4.tar.bz2 create mode 100644 gnupg-2.2.4.tar.bz2.sig diff --git a/gnupg-2.2.3.tar.bz2 b/gnupg-2.2.3.tar.bz2 deleted file mode 100644 index c323053..0000000 --- a/gnupg-2.2.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cbd37105d139f7aa74f92b6f65d136658682094b0e308666b820ae4b984084b4 -size 6547069 diff --git a/gnupg-2.2.3.tar.bz2.sig b/gnupg-2.2.3.tar.bz2.sig deleted file mode 100644 index 2d5744422a97126df84e2be8a01f14717f09567137de4c9cc255d458dade7223..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$LKukpKz_5G0#9 z(oZGhwjW3b{vbD%3suo1HsDACbT|TaqyckP5Wq={15WnjzZQZAl-O32`RcU!7x;30LI z`~*--a<^OXsT69-^eo%pr)u;br02XfJL8x)b5}YL?n{18Wh^~Qh%IZlK+3_AA^^XO z5SI6{s)!Bk$fOT1+z5t%k*HsScI>a_sM#AVC#0N^QVMo@?CF8aQ0$MsKX8;Nb5G0#9 z(oZGhwsoZk{xL>mLlnW~*D%&fF42 zm^Pgd}0n7a0`L^PkIy`mv|&4NvKiE~$FH{rS z=e$aOxtGf~tA$Z!E;67c)Uk07Z#KUVxFr&vtT-g~Bayz2EGuog0E58$E!CdkmqaiAi1hwcAJz&w$4cYGrq)lq`T;b8#FNU*;qD z>v!GY#5i;_k>+$vn@^XcNa~4FNy13XE#5q+Z93*93S$Jh`ryb3DjZ@#ce79vfZq?| G`wrTtXC5;E literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index f63f3cb..bab380b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Thu Dec 21 09:44:03 UTC 2017 - astieger@suse.com + +- GnuPG 2.2.4: + * gpg: Change default preferences to prefer SHA512. + * gpg: Print a warning when more than 150 MiB are encrypted using + a cipher with 64 bit block size. + * gpg: Print a warning if the MDC feature has not been used for a + message. + * gpg: Fix regular expression of domain addresses in trust + signatures + * agent: New option --auto-expand-secmem to help with high + numbers of concurrent connections. Requires libgcrypt 1.8.2 + for having an effect. + * dirmngr: Cache responses of WKD queries. + * gpgconf: Add option --status-fd. + * wks: Add commands --check and --remove-key to gpg-wks-server + * Increase the backlog parameter of the daemons to 64 and add + option --listen-backlog. +- Not enabled features: + * New configure option --enable-run-gnupg-user-socket to first + try a socket directory which is not removed by systemd at + session end. + ------------------------------------------------------------------- Tue Nov 21 08:25:48 UTC 2017 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 5b1adf2..32628fe 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.3 +Version: 2.2.4 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ From 968facf567b3e36a6d0af77bab7fb84dd242b9ad74333b94da6e26a88e9257c4 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 28 Feb 2018 18:54:31 +0000 Subject: [PATCH 115/156] Accepting request 580131 from Base:System OBS-URL: https://build.opensuse.org/request/show/580131 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=124 --- gnupg-2.2.4.tar.bz2 | 3 --- gnupg-2.2.4.tar.bz2.sig | Bin 620 -> 0 bytes gnupg-2.2.5.tar.bz2 | 3 +++ gnupg-2.2.5.tar.bz2.sig | Bin 0 -> 620 bytes gpg2.changes | 29 +++++++++++++++++++++++++++++ gpg2.spec | 10 +++++----- 6 files changed, 37 insertions(+), 8 deletions(-) delete mode 100644 gnupg-2.2.4.tar.bz2 delete mode 100644 gnupg-2.2.4.tar.bz2.sig create mode 100644 gnupg-2.2.5.tar.bz2 create mode 100644 gnupg-2.2.5.tar.bz2.sig diff --git a/gnupg-2.2.4.tar.bz2 b/gnupg-2.2.4.tar.bz2 deleted file mode 100644 index e9631b7..0000000 --- a/gnupg-2.2.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ec -size 6571487 diff --git a/gnupg-2.2.4.tar.bz2.sig b/gnupg-2.2.4.tar.bz2.sig deleted file mode 100644 index d7aacb9ba25a1414a3ad15c4d1f23b05be3899505a044583dbd901730fe277b4..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$MsKX8;Nb5G0#9 z(oZGhwsoZk{xL>mLlnW~*D%&fF42 zm^Pgd}0n7a0`L^PkIy`mv|&4NvKiE~$FH{rS z=e$aOxtGf~tA$Z!E;67c)Uk07Z#KUVxFr&vtT-g~Bayz2EGuog0E58$E!CdkmqaiAi1hwcAJz&w$4cYGrq)lq`T;b8#FNU*;qD z>v!GY#5i;_k>+$vn@^XcNa~4FNy13XE#5q+Z93*93S$Jh`ryb3DjZ@#ce79vfZq?| G`wrTtXC5;E diff --git a/gnupg-2.2.5.tar.bz2 b/gnupg-2.2.5.tar.bz2 new file mode 100644 index 0000000..ccb4d41 --- /dev/null +++ b/gnupg-2.2.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57 +size 6584756 diff --git a/gnupg-2.2.5.tar.bz2.sig b/gnupg-2.2.5.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..9c1f226edd63d4eef5c5f6c4a7d9f0178c11d7cbdf32a473aadbaa8803df0754 GIT binary patch literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$PsS5C94Z5G0#9 z(oZGhwwccd|5G{ha*jA4g1utYjiK6r5o zl;UO$&E~~Pti|Vvg%$~|=IFKTgMXxuiWigk)+tBv@e8@0?`4rKNXFYKUAF8tEbKLg zrt3#4^`1I#^YzfICdJqf$F><%pL2uaI`DbTSmZ+R!D-$X_E8bt5`Z1X06G{`Cfwfv ztII>sI^qA3?R&W~yXveN30;FNB+}`|5S_aca-LVZ(K|KIl4@T9=1Q zOk|+2Wy^xn_tn=FPYI9?B?|Ii0JKp*R=4K!A2OQzg|O<_bgTkhLWC|3IFQ51pmC>h zU9-yo!lOmoKg~ET9OgrS{`?E!^u$jq>CZ7qt*GI>Lc>((!ZhZwu3?F*xAHM0VKml) zjkf=#QZqi(R0BpIzwm|SPx}Exd4WsS4O`rm>8j?I+v=RMS6MwY+!**eiEMRsK%w;5 zm-YZA>5tOdFkLhbI5bR3z{7B-kOc8tV8wj>kw5fP= 2.4.3 +BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libgcrypt-devel >= 1.7.0 BuildRequires: libgpg-error-devel >= 1.24 BuildRequires: libksba-devel >= 1.3.4 @@ -125,8 +125,6 @@ ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot -# additional files to documentation directory -install -m 644 AUTHORS COPYING* ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/%{_docdir}/%{name} # install scdaemon to %{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} @@ -154,6 +152,8 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %files %{_infodir}/gnupg* %{_mandir}/*/*%{ext_man} +%license COPYING* +%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ %doc %{_docdir}/%{name} %{_bindir}/* %{_libdir}/[^d]* From 519f73a4dde4ab5fee771a7bcda2b10d980c2f605c9c52adad51dc5f14ab22d7 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 7 Apr 2018 18:47:23 +0000 Subject: [PATCH 116/156] Accepting request 593728 from Base:System OBS-URL: https://build.opensuse.org/request/show/593728 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=125 --- gnupg-CVE-2018-9234.patch | 23 +++++++++++++++++++++++ gpg2.changes | 7 +++++++ gpg2.spec | 2 ++ 3 files changed, 32 insertions(+) create mode 100644 gnupg-CVE-2018-9234.patch diff --git a/gnupg-CVE-2018-9234.patch b/gnupg-CVE-2018-9234.patch new file mode 100644 index 0000000..c3a550f --- /dev/null +++ b/gnupg-CVE-2018-9234.patch @@ -0,0 +1,23 @@ +From: Karol Babioch +Date: Thu Apr 5 10:32:21 CEST 2018 +Upstream: merged +References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657 +References: https://dev.gnupg.org/T3844 +Subject: Fix for bnc#1088255 (CVE-2018-9234) +--- + g10/getkey.c | 2 ++ + 1 file changed, 2 insertions(+) + +Index: gnupg-2.2.5/g10/getkey.c +=================================================================== +--- gnupg-2.2.5.orig/g10/getkey.c ++++ gnupg-2.2.5/g10/getkey.c +@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu + ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 + : KEYDB_SEARCH_MODE_FPR20; + memcpy (ctx.items[0].u.fpr, fprint, fprint_len); ++ if (pk) ++ ctx.req_usage = pk->req_usage; + rc = lookup (ctrl, &ctx, 0, &kb, &found_key); + if (!rc && pk) + pk_from_block (pk, kb, found_key); diff --git a/gpg2.changes b/gpg2.changes index c9cab4b..e9a66c3 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Apr 5 08:38:58 UTC 2018 - kbabioch@suse.com + +- Added gnupg-CVE-2018-9234.patch: Enforce that key certification + can only be done with the master key, and not a signing subkey. + (bnc#1088255 CVE-2018-9234) + ------------------------------------------------------------------- Sun Feb 25 12:14:54 UTC 2018 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 3147026..2a62784 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-CVE-2018-9234.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -85,6 +86,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) From e37ba65b10a565afc4995cd1f9a062f1fed18f89534dac46caae9465faef9e9c Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 17 Apr 2018 09:15:25 +0000 Subject: [PATCH 117/156] Accepting request 597193 from Base:System GnuPG 2.2.6 OBS-URL: https://build.opensuse.org/request/show/597193 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=126 --- gnupg-2.2.5.tar.bz2 | 3 --- gnupg-2.2.5.tar.bz2.sig | Bin 620 -> 0 bytes gnupg-2.2.6.tar.bz2 | 3 +++ gnupg-2.2.6.tar.bz2.sig | Bin 0 -> 620 bytes gnupg-CVE-2018-9234.patch | 23 ------------------- gnupg-add_legacy_FIPS_mode_option.patch | 22 +++++++++--------- gpg2.changes | 29 ++++++++++++++++++++++++ gpg2.spec | 4 +--- 8 files changed, 44 insertions(+), 40 deletions(-) delete mode 100644 gnupg-2.2.5.tar.bz2 delete mode 100644 gnupg-2.2.5.tar.bz2.sig create mode 100644 gnupg-2.2.6.tar.bz2 create mode 100644 gnupg-2.2.6.tar.bz2.sig delete mode 100644 gnupg-CVE-2018-9234.patch diff --git a/gnupg-2.2.5.tar.bz2 b/gnupg-2.2.5.tar.bz2 deleted file mode 100644 index ccb4d41..0000000 --- a/gnupg-2.2.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57 -size 6584756 diff --git a/gnupg-2.2.5.tar.bz2.sig b/gnupg-2.2.5.tar.bz2.sig deleted file mode 100644 index 9c1f226edd63d4eef5c5f6c4a7d9f0178c11d7cbdf32a473aadbaa8803df0754..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$PsS5C94Z5G0#9 z(oZGhwwccd|5G{ha*jA4g1utYjiK6r5o zl;UO$&E~~Pti|Vvg%$~|=IFKTgMXxuiWigk)+tBv@e8@0?`4rKNXFYKUAF8tEbKLg zrt3#4^`1I#^YzfICdJqf$F><%pL2uaI`DbTSmZ+R!D-$X_E8bt5`Z1X06G{`Cfwfv ztII>sI^qA3?R&W~yXveN30;FNB+}`|5S_aca-LVZ(K|KIl4@T9=1Q zOk|+2Wy^xn_tn=FPYI9?B?|Ii0JKp*R=4K!A2OQzg|O<_bgTkhLWC|3IFQ51pmC>h zU9-yo!lOmoKg~ET9OgrS{`?E!^u$jq>CZ7qt*GI>Lc>((!ZhZwu3?F*xAHM0VKml) zjkf=#QZqi(R0BpIzwm|SPx}Exd4WsS4O`rm>8j?I+v=RMS6MwY+!**eiEMRsK%w;5 zm-YZA>5tOdFkLhbI5bR3z{7B-kOc8tV8wj>kw5fPo@?CF8aQ0$R(-cK`|r5G0#9 z(oZGhwyN|8|7D=X7TitpC|Bw5C6|-ExW)_D1Em>761Ox^5SNqn0jT;#0o|2mB%^T! z3Y=xnZ^uSU9$F68vb=XiMJOT~3lH!%zCeuZ9##Kp?WcVcn66qnaV0Kip@F2mIeWc? z2A#Bn*!LiT;kpVNvceyZukQe+DLsSr)zums4N5LdyPcN@&`!urKd-Xv*z5u~t}i7r zqU`WuO-Hjm-iM_kc&C8p`4@T%m?jsl@KB0L<8iQewl#4~ZA9o&3Y?nChT3)CHpps( z>SHH=I_i;)yCN=4#I#JpBff(&!{yLiD+ZlPcD z7TM7Q0Eq!J1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6I%ja1D3JDM(aj=Rr zy*~zn{RjYv^<6pmrvWS=hI;Apq!t9gky<$jzkFdQcX4Z6rie{eboKGt%~yMzyJw`Z z>6c|5vw)8G{B}B$S>V6gA}!a$Un#gMD?P(+;XI7k0zZal>8W^;W07_qaGO2ZBl~t- zG%>vpXeB`P7}24M?rcSIz#Uvj GFL)?r+93D< literal 0 HcmV?d00001 diff --git a/gnupg-CVE-2018-9234.patch b/gnupg-CVE-2018-9234.patch deleted file mode 100644 index c3a550f..0000000 --- a/gnupg-CVE-2018-9234.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Karol Babioch -Date: Thu Apr 5 10:32:21 CEST 2018 -Upstream: merged -References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657 -References: https://dev.gnupg.org/T3844 -Subject: Fix for bnc#1088255 (CVE-2018-9234) ---- - g10/getkey.c | 2 ++ - 1 file changed, 2 insertions(+) - -Index: gnupg-2.2.5/g10/getkey.c -=================================================================== ---- gnupg-2.2.5.orig/g10/getkey.c -+++ gnupg-2.2.5/g10/getkey.c -@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu - ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 - : KEYDB_SEARCH_MODE_FPR20; - memcpy (ctx.items[0].u.fpr, fprint, fprint_len); -+ if (pk) -+ ctx.req_usage = pk->req_usage; - rc = lookup (ctrl, &ctx, 0, &kb, &found_key); - if (!rc && pk) - pk_from_block (pk, kb, found_key); diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 01607e7..56d9841 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.22/doc/gpg.texi +Index: gnupg-2.2.6/doc/gpg.texi =================================================================== ---- gnupg-2.1.22.orig/doc/gpg.texi -+++ gnupg-2.1.22/doc/gpg.texi -@@ -2079,6 +2079,24 @@ implies, this option is for experts only +--- gnupg-2.2.6.orig/doc/gpg.texi 2018-04-10 09:05:55.807324463 +0200 ++++ gnupg-2.2.6/doc/gpg.texi 2018-04-10 09:05:58.627349563 +0200 +@@ -2094,6 +2094,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.22/doc/gpg.texi @end table -Index: gnupg-2.1.22/g10/gpg.c +Index: gnupg-2.2.6/g10/gpg.c =================================================================== ---- gnupg-2.1.22.orig/g10/gpg.c -+++ gnupg-2.1.22/g10/gpg.c -@@ -422,6 +422,7 @@ enum cmd_and_opt_values - oDisableSignerUID, +--- gnupg-2.2.6.orig/g10/gpg.c 2018-04-10 09:05:55.807324463 +0200 ++++ gnupg-2.2.6/g10/gpg.c 2018-04-10 09:06:21.583553887 +0200 +@@ -424,6 +424,7 @@ enum cmd_and_opt_values oSender, oKeyOrigin, + oRequestOrigin, + oSetLegacyFips, oNoop }; -@@ -867,6 +868,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -871,6 +872,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.22/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3537,6 +3539,13 @@ main (int argc, char **argv) +@@ -3565,6 +3567,13 @@ main (int argc, char **argv) opt.def_new_key_algo = pargs.r.ret_str; break; diff --git a/gpg2.changes b/gpg2.changes index e9a66c3..52aaa26 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Tue Apr 10 06:32:22 UTC 2018 - kbabioch@suse.com + +- GnuPG 2.2.6: + * gpg,gpgsm: New option --request-origin to pretend requests coming + from a browser or a remote site. + * gpg: Fix race condition on trustdb.gpg updates due to too early + released lock. + * gpg: Emit FAILURE status lines in almost all cases. + * gpg: Implement --dry-run for --passwd to make checking a key's + passphrase straightforward. + * gpg: Make sure to only accept a certification capable key for key + signatures. + * gpg: Better user interaction in --card-edit for the factory-reset + sub-command. + * gpg: Improve changing key attributes in --card-edit by adding an + explicit "key-attr" sub-command. + * gpg: Print the keygrips in the --card-status. + * scd: Support KDF DO setup. + * scd: Fix suspend/resume handling in the CCID driver. + * agent: Evict cached passphrases also via a timer. + * agent: Use separate passphrase caches depending on the request + origin. + * ssh: Support signature flags. + * dirmngr: Handle failures related to missing IPv6 support + gracefully. + * Allow the use of UNC directory names as homedir. [#3818] +- Dropped gnupg-CVE-2018-9234.patch since it is included upstream + ------------------------------------------------------------------- Thu Apr 5 08:38:58 UTC 2018 - kbabioch@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2a62784..68043ee 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.5 +Version: 2.2.6 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ @@ -34,7 +34,6 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-CVE-2018-9234.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -86,7 +85,6 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) From 9cdea5fadb6ab1afdd099da332e655e731701cf84db68aa91a9899e575cd62d9 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 8 May 2018 11:32:14 +0000 Subject: [PATCH 118/156] Accepting request 604049 from Base:System OBS-URL: https://build.opensuse.org/request/show/604049 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=127 --- gnupg-2.2.6.tar.bz2 | 3 --- gnupg-2.2.6.tar.bz2.sig | Bin 620 -> 0 bytes gnupg-2.2.7.tar.bz2 | 3 +++ gnupg-2.2.7.tar.bz2.sig | Bin 0 -> 310 bytes gnupg-add_legacy_FIPS_mode_option.patch | 22 +++++++++++----------- gpg2.changes | 22 ++++++++++++++++++++++ gpg2.spec | 2 +- 7 files changed, 37 insertions(+), 15 deletions(-) delete mode 100644 gnupg-2.2.6.tar.bz2 delete mode 100644 gnupg-2.2.6.tar.bz2.sig create mode 100644 gnupg-2.2.7.tar.bz2 create mode 100644 gnupg-2.2.7.tar.bz2.sig diff --git a/gnupg-2.2.6.tar.bz2 b/gnupg-2.2.6.tar.bz2 deleted file mode 100644 index 4f13a70..0000000 --- a/gnupg-2.2.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e64d8c5fa2d05938a5080cb784a98ac21be0812f2a26f844b18f0d6a0e711984 -size 6605028 diff --git a/gnupg-2.2.6.tar.bz2.sig b/gnupg-2.2.6.tar.bz2.sig deleted file mode 100644 index acda3dac5a5fc1558c6454b811e03914d22974e667567ddbeef8acdf1205d5a4..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$R(-cK`|r5G0#9 z(oZGhwyN|8|7D=X7TitpC|Bw5C6|-ExW)_D1Em>761Ox^5SNqn0jT;#0o|2mB%^T! z3Y=xnZ^uSU9$F68vb=XiMJOT~3lH!%zCeuZ9##Kp?WcVcn66qnaV0Kip@F2mIeWc? z2A#Bn*!LiT;kpVNvceyZukQe+DLsSr)zums4N5LdyPcN@&`!urKd-Xv*z5u~t}i7r zqU`WuO-Hjm-iM_kc&C8p`4@T%m?jsl@KB0L<8iQewl#4~ZA9o&3Y?nChT3)CHpps( z>SHH=I_i;)yCN=4#I#JpBff(&!{yLiD+ZlPcD z7TM7Q0Eq!J1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6I%ja1D3JDM(aj=Rr zy*~zn{RjYv^<6pmrvWS=hI;Apq!t9gky<$jzkFdQcX4Z6rie{eboKGt%~yMzyJw`Z z>6c|5vw)8G{B}B$S>V6gA}!a$Un#gMD?P(+;XI7k0zZal>8W^;W07_qaGO2ZBl~t- zG%>vpXeB`P7}24M?rcSIz#Uvj GFL)?r+93D< diff --git a/gnupg-2.2.7.tar.bz2 b/gnupg-2.2.7.tar.bz2 new file mode 100644 index 0000000..7cc2cef --- /dev/null +++ b/gnupg-2.2.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d95b361ee6ef7eff86af40c8c72bf9313736ac9f7010d6604d78bf83818e976e +size 6631100 diff --git a/gnupg-2.2.7.tar.bz2.sig b/gnupg-2.2.7.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..7e4ca39b0d8d3cc6e052543c65cdbb1831457ca07f27af78bf218f867b695933 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$S=AJpc*`5G0#9 z(oZGhw*SNk0Gh84=Q>A2n*Sozj_twIc3N4wRDXN5)?jE~T}wJSS_a^&iBS7}EB*}m zPQ(?F+b?c@goR&%aS^j+f!wyW2wVMU8cbI8wa6h$y6+~LmTXk=hW~1VxY13kAn`RO zwU9jQrsJQ^u?*yOe%1DsS0xkb8xl#cyPw3x%ubHK2B=d|0KsQD+F0<3tz2*sPdy^1x&@#<=_MM9%E2QXE+Y=V_Y!)aR2`zyxEpu#>%kyy5#dorJFa7ms5B$ zKrBpR+hztPCbpBPrywEf($g!H1lUN1Kr@6JRfXgaeyUMm8<)dRsb>1niA9m1PekXd I^lPMxw2zOIjsO4v literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 56d9841..0a89bec 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.6/doc/gpg.texi +Index: gnupg-2.2.7/doc/gpg.texi =================================================================== ---- gnupg-2.2.6.orig/doc/gpg.texi 2018-04-10 09:05:55.807324463 +0200 -+++ gnupg-2.2.6/doc/gpg.texi 2018-04-10 09:05:58.627349563 +0200 -@@ -2094,6 +2094,24 @@ implies, this option is for experts only +--- gnupg-2.2.7.orig/doc/gpg.texi 2018-05-04 16:14:30.949580264 +0200 ++++ gnupg-2.2.7/doc/gpg.texi 2018-05-04 16:14:34.025609243 +0200 +@@ -2097,6 +2097,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.2.6/doc/gpg.texi @end table -Index: gnupg-2.2.6/g10/gpg.c +Index: gnupg-2.2.7/g10/gpg.c =================================================================== ---- gnupg-2.2.6.orig/g10/gpg.c 2018-04-10 09:05:55.807324463 +0200 -+++ gnupg-2.2.6/g10/gpg.c 2018-04-10 09:06:21.583553887 +0200 -@@ -424,6 +424,7 @@ enum cmd_and_opt_values - oSender, +--- gnupg-2.2.7.orig/g10/gpg.c 2018-05-04 16:14:30.949580264 +0200 ++++ gnupg-2.2.7/g10/gpg.c 2018-05-04 16:15:00.441858109 +0200 +@@ -425,6 +425,7 @@ enum cmd_and_opt_values oKeyOrigin, oRequestOrigin, + oNoSymkeyCache, + oSetLegacyFips, oNoop }; -@@ -871,6 +872,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -872,6 +873,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.2.6/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3565,6 +3567,13 @@ main (int argc, char **argv) +@@ -3568,6 +3570,13 @@ main (int argc, char **argv) opt.def_new_key_algo = pargs.r.ret_str; break; diff --git a/gpg2.changes b/gpg2.changes index 52aaa26..fbec722 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri May 4 14:15:27 UTC 2018 - astieger@suse.com + +- GnuPG 2.2.7: + * gpg: New option --no-symkey-cache to disable the passphrase + cache for symmetrical en- and decryption. + * gpg: The ERRSIG status now prints the fingerprint if that is + part of the signature + * gpg: Relax emitting of FAILURE status lines + * gpg: Add a status flag to "sig" lines printed with --list-sigs + * gpg: Fix "Too many open files" when using --multifile + * ssh: Return an error for unknown ssh-agent flags + * dirmngr: Fix a CNAME problem with pools and TLS. Also use a + fixed mapping of keys.gnupg.net to sks-keyservers.net + * dirmngr: Try resurrecting dead hosts earlier (from 3h to 1.5h) + * dirmngr: Fallback to CRL if no default OCSP responder is + configured + * dirmngr: Implement CRL fetching via https. Here a redirection + to http is explictly allowed + * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease + debugging + ------------------------------------------------------------------- Tue Apr 10 06:32:22 UTC 2018 - kbabioch@suse.com diff --git a/gpg2.spec b/gpg2.spec index 68043ee..25aeb85 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.6 +Version: 2.2.7 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ From 4dae542981813c8777033c6edbd4c469b741b9840c1eafe294bdc2f02fe33da0 Mon Sep 17 00:00:00 2001 From: Yuchen Lin Date: Fri, 22 Jun 2018 11:11:25 +0000 Subject: [PATCH 119/156] Accepting request 615264 from Base:System GnuPG 2.2.8 (bsc#1096745, CVE-2018-12020) OBS-URL: https://build.opensuse.org/request/show/615264 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=128 --- gnupg-2.2.7.tar.bz2 | 3 -- gnupg-2.2.7.tar.bz2.sig | Bin 310 -> 0 bytes ...tch => gnupg-2.2.8-files-are-digests.patch | 32 +++++++++--------- gnupg-2.2.8.tar.bz2 | 3 ++ gnupg-2.2.8.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 22 ++++++++++++ gpg2.spec | 8 ++--- 7 files changed, 45 insertions(+), 23 deletions(-) delete mode 100644 gnupg-2.2.7.tar.bz2 delete mode 100644 gnupg-2.2.7.tar.bz2.sig rename gnupg-2.0.18-files-are-digests.patch => gnupg-2.2.8-files-are-digests.patch (88%) create mode 100644 gnupg-2.2.8.tar.bz2 create mode 100644 gnupg-2.2.8.tar.bz2.sig diff --git a/gnupg-2.2.7.tar.bz2 b/gnupg-2.2.7.tar.bz2 deleted file mode 100644 index 7cc2cef..0000000 --- a/gnupg-2.2.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d95b361ee6ef7eff86af40c8c72bf9313736ac9f7010d6604d78bf83818e976e -size 6631100 diff --git a/gnupg-2.2.7.tar.bz2.sig b/gnupg-2.2.7.tar.bz2.sig deleted file mode 100644 index 7e4ca39b0d8d3cc6e052543c65cdbb1831457ca07f27af78bf218f867b695933..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$S=AJpc*`5G0#9 z(oZGhw*SNk0Gh84=Q>A2n*Sozj_twIc3N4wRDXN5)?jE~T}wJSS_a^&iBS7}EB*}m zPQ(?F+b?c@goR&%aS^j+f!wyW2wVMU8cbI8wa6h$y6+~LmTXk=hW~1VxY13kAn`RO zwU9jQrsJQ^u?*yOe%1DsS0xkb8xl#cyPw3x%ubHK2B=d|0KsQD+F0<3tz2*sPdy^1x&@#<=_MM9%E2QXE+Y=V_Y!)aR2`zyxEpu#>%kyy5#dorJFa7ms5B$ zKrBpR+hztPCbpBPrywEf($g!H1lUN1Kr@6JRfXgaeyUMm8<)dRsb>1niA9m1PekXd I^lPMxw2zOIjsO4v diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.2.8-files-are-digests.patch similarity index 88% rename from gnupg-2.0.18-files-are-digests.patch rename to gnupg-2.2.8-files-are-digests.patch index 7035cc6..6de374e 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.2.8-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.23/g10/gpg.c +Index: gnupg-2.2.8/g10/gpg.c =================================================================== ---- gnupg-2.1.23.orig/g10/gpg.c 2017-08-09 15:46:17.000000000 +0200 -+++ gnupg-2.1.23/g10/gpg.c 2017-08-10 16:21:26.692847431 +0200 -@@ -380,6 +380,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.8.orig/g10/gpg.c 2018-06-06 11:59:06.000000000 +0200 ++++ gnupg-2.2.8/g10/gpg.c 2018-06-08 16:34:33.287514003 +0200 +@@ -376,6 +376,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.23/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -829,6 +830,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -824,6 +825,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.23/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2388,6 +2390,7 @@ main (int argc, char **argv) +@@ -2392,6 +2394,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; @@ -32,19 +32,19 @@ Index: gnupg-2.1.23/g10/gpg.c opt.emit_version = 0; opt.weak_digests = NULL; -@@ -2952,6 +2955,7 @@ main (int argc, char **argv) +@@ -2963,6 +2966,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; + case oFilesAreDigests: opt.files_are_digests = 1; break; - case oForceMDC: opt.force_mdc = 1; break; - case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.23/g10/options.h + case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; + +Index: gnupg-2.2.8/g10/options.h =================================================================== ---- gnupg-2.1.23.orig/g10/options.h 2017-08-09 15:46:17.000000000 +0200 -+++ gnupg-2.1.23/g10/options.h 2017-08-10 16:21:26.692847431 +0200 -@@ -213,6 +213,7 @@ struct +--- gnupg-2.2.8.orig/g10/options.h 2018-05-31 12:03:06.000000000 +0200 ++++ gnupg-2.2.8/g10/options.h 2018-06-08 16:34:33.287514003 +0200 +@@ -210,6 +210,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ Index: gnupg-2.1.23/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.23/g10/sign.c +Index: gnupg-2.2.8/g10/sign.c =================================================================== ---- gnupg-2.1.23.orig/g10/sign.c 2017-07-28 19:39:06.000000000 +0200 -+++ gnupg-2.1.23/g10/sign.c 2017-08-10 16:21:26.692847431 +0200 +--- gnupg-2.2.8.orig/g10/sign.c 2017-08-28 12:22:54.000000000 +0200 ++++ gnupg-2.2.8/g10/sign.c 2018-06-08 16:34:33.287514003 +0200 @@ -43,6 +43,8 @@ #include "../common/mbox-util.h" #include "../common/compliance.h" diff --git a/gnupg-2.2.8.tar.bz2 b/gnupg-2.2.8.tar.bz2 new file mode 100644 index 0000000..94e11d7 --- /dev/null +++ b/gnupg-2.2.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd +size 6632465 diff --git a/gnupg-2.2.8.tar.bz2.sig b/gnupg-2.2.8.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..9647eb57d717fff0700b3ef34679121d323d30e3b67f43e5b0dce857cbed61d8 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Unh761wf5G0#9 z(oZGhws!{y`UB5HR609$J%amN_3-xi*}e`1ZQ(8(xCwSkZQCBe77nd$NdWAhIg*<9 z{_tC){^?&7q|;zNJEDzpuK!0_?h1z~0`CoKyAgq_Dn%c3a%A{r+auZ5-pS2HJwTiU zTOp2ZQVbNy4}yeZCPTKt@=z2esJ_1owLG<3&8!4UO~EfF?Cw0K(~6zRUd74VPbHf$ z#2Pp21M_JL8rr16P$W^1)akLL-Ri?CYKElY$b}#Z&8gPv4oAV!2yaxW-2&NY<-Ebv zr{7KnjU-H=ETr-=%B{EN5VHUBL41vmmx%3q#oDz-F;p6??MT9X`HQd^ySyz+fN6jm I%)788Dv;cgaR2}S literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index fbec722..4f5dec8 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Jun 8 14:37:06 UTC 2018 - kbabioch@suse.com + +- Update to version 2.2.8: + * gpg: Decryption of messages not using the MDC mode will now lead to a + hard failure even if a legacy cipher algorithm was used. The option + --ignore-mdc-error can be used to turn this failure into a warning. Take + care: Never use that option unconditionally or without a prior warning. + * gpg: The MDC encryption mode is now always used regardless of the + cipher algorithm or any preferences. For testing --rfc2440 can be + used to create a message without an MDC. + * gpg: Sanitize the diagnostic output of the original file name in + verbose mode (bsc#1096745, CVE-2018-12020) + * gpg: Detect suspicious multiple plaintext packets in a more reliable way. + * gpg: Fix the duplicate key signature detection code. + * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, + --disable-mdc and --no-disable-mdc have no more effect. + * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the + list of startup environment variables. +- Refresh gnupg-2.0.18-files-are-digests.patch + to gnupg-2.2.8-files-are-digests.patch + ------------------------------------------------------------------- Fri May 4 14:15:27 UTC 2018 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 25aeb85..89a86f9 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,19 +17,19 @@ Name: gpg2 -Version: 2.2.7 +Version: 2.2.8 Release: 0 Summary: File encryption, decryption, signature creation and verification utility -License: GPL-3.0+ +License: GPL-3.0-or-later Group: Productivity/Networking/Security -Url: http://www.gnupg.org/aegypten2/ +URL: https://www.gnupg.org Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring Source99: %{name}.changes Patch4: gnupg-2.0.9-langinfo.patch -Patch5: gnupg-2.0.18-files-are-digests.patch +Patch5: gnupg-2.2.8-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch From cd58797a772ebe8c8d4978facb5691fa9885366ba6b976798f749b3a9b6892a7 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 17 Jul 2018 07:38:39 +0000 Subject: [PATCH 120/156] Accepting request 622429 from Base:System OBS-URL: https://build.opensuse.org/request/show/622429 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=129 --- gnupg-2.2.8.tar.bz2 | 3 --- gnupg-2.2.8.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.9.tar.bz2 | 3 +++ gnupg-2.2.9.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 27 +++++++++++++++++++++++++++ gpg2.spec | 2 +- 6 files changed, 31 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.8.tar.bz2 delete mode 100644 gnupg-2.2.8.tar.bz2.sig create mode 100644 gnupg-2.2.9.tar.bz2 create mode 100644 gnupg-2.2.9.tar.bz2.sig diff --git a/gnupg-2.2.8.tar.bz2 b/gnupg-2.2.8.tar.bz2 deleted file mode 100644 index 94e11d7..0000000 --- a/gnupg-2.2.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd -size 6632465 diff --git a/gnupg-2.2.8.tar.bz2.sig b/gnupg-2.2.8.tar.bz2.sig deleted file mode 100644 index 9647eb57d717fff0700b3ef34679121d323d30e3b67f43e5b0dce857cbed61d8..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Unh761wf5G0#9 z(oZGhws!{y`UB5HR609$J%amN_3-xi*}e`1ZQ(8(xCwSkZQCBe77nd$NdWAhIg*<9 z{_tC){^?&7q|;zNJEDzpuK!0_?h1z~0`CoKyAgq_Dn%c3a%A{r+auZ5-pS2HJwTiU zTOp2ZQVbNy4}yeZCPTKt@=z2esJ_1owLG<3&8!4UO~EfF?Cw0K(~6zRUd74VPbHf$ z#2Pp21M_JL8rr16P$W^1)akLL-Ri?CYKElY$b}#Z&8gPv4oAV!2yaxW-2&NY<-Ebv zr{7KnjU-H=ETr-=%B{EN5VHUBL41vmmx%3q#oDz-F;p6??MT9X`HQd^ySyz+fN6jm I%)788Dv;cgaR2}S diff --git a/gnupg-2.2.9.tar.bz2 b/gnupg-2.2.9.tar.bz2 new file mode 100644 index 0000000..9ba983a --- /dev/null +++ b/gnupg-2.2.9.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6278eaabffa1ebc9fa2ceb3dc53eea9a1505ab02a668a86dd6fec06951af2164 +size 6659547 diff --git a/gnupg-2.2.9.tar.bz2.sig b/gnupg-2.2.9.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..705478e640cbb7e9db178077aed67f95fec982c69d4f50852d40be71a5888d83 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$WE_xBvy{ECPz=|b4*URR-*RZmI~am{h>_Bu3+bdbn<)wylDPq&cgx`{@$B=r5LoEw z>BmEE+`xR8Dd9Q<@tk=#%1!=WBR%k%(eH^;`B*vLarj!Pr-_Bj69{QoM1imsnfcxY-2Yh4QW z^vHNUM83}|xNtwoAC+mNxinZs@27uvyu~yTmRmnR$Nd*-hmDraVm?};ifNon6OT4D IWGhA;V-uK*ssI20 literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 4f5dec8..19ca8eb 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Fri Jul 13 07:13:12 UTC 2018 - astieger@suse.com + +- GnuPG 2.2.9: + * dirmngr: Fix recursive resolver mode and other bugs in the + libdns code + * dirmngr: When using libgpg-error 1.32 or later a GnuPG build + with NTBTLS support does not anymore block for dozens of + seconds before returning data. + * gpg: Fix bug in --show-keys which actually imported revocation + certificates + * gpg: Ignore too long user-ID and comment packets + * gpg: Fix crash due to bad German translation. Improved printf + format compile time check. + * gpg: Handle missing ISSUER sub packet gracefully in the presence of + the new ISSUER_FPR + * gpg: Allow decryption using several passphrases in most cases. + * gpg: Command --show-keys now enables the list options + show-unusable-uids, show-unusable-subkeys, show-notations and + show-policy-urls by default. + * gpg: Command --show-keys now prints revocation certificates. + * gpg: Add revocation reason to the "rev" and "rvs" records of the + option --with-colons. [#1173] + * gpg: Export option export-clean does now remove certain expired + subkeys; export-minimal removes all expired subkeys. + * gpg: New "usage" property for the drop-subkey filters. + ------------------------------------------------------------------- Fri Jun 8 14:37:06 UTC 2018 - kbabioch@suse.com diff --git a/gpg2.spec b/gpg2.spec index 89a86f9..c85377c 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.8 +Version: 2.2.9 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 212147741af38520badc0e54fa049d54a2875953e782a982f33e964182b205a2 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 26 Jul 2018 08:16:32 +0000 Subject: [PATCH 121/156] Accepting request 625188 from Base:System - Add basic udev rules for smartcards to be used with scdaemon, taken from debian: * scdaemon.udev OBS-URL: https://build.opensuse.org/request/show/625188 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=130 --- gpg2.changes | 7 ++++++ gpg2.spec | 5 ++++ scdaemon.udev | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 scdaemon.udev diff --git a/gpg2.changes b/gpg2.changes index 19ca8eb..9d92b94 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jul 25 05:50:42 UTC 2018 - tchvatal@suse.com + +- Add basic udev rules for smartcards to be used with + scdaemon, taken from debian: + * scdaemon.udev + ------------------------------------------------------------------- Fri Jul 13 07:13:12 UTC 2018 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index c85377c..716934a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -27,6 +27,7 @@ Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring +Source4: scdaemon.udev Source99: %{name}.changes Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.2.8-files-are-digests.patch @@ -128,6 +129,8 @@ rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot # install scdaemon to %{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} +# install udev rules for scdaemon +install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules # install legacy tools install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} # install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} @@ -142,6 +145,7 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} #%endif %post +%udev_rules_update %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz %preun @@ -160,6 +164,7 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %{_sbindir}/addgnupghome %{_sbindir}/applygnupgdefaults %{_sbindir}/g13-syshelp +%{_udevrulesdir}/60-scdaemon.rules %{_datadir}/gnupg %dir %{_sysconfdir}/gnupg %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf diff --git a/scdaemon.udev b/scdaemon.udev new file mode 100644 index 0000000..1c9e1e2 --- /dev/null +++ b/scdaemon.udev @@ -0,0 +1,65 @@ +# do not edit this file, it will be overwritten on update + +SUBSYSTEM!="usb", GOTO="gnupg_rules_end" +ACTION!="add", GOTO="gnupg_rules_end" + +# USB SmartCard Readers +## Cherry GmbH (XX33, ST2000) +SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and SPR532) +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Omnikey AG (CardMan 3821, CardMan 6121) +SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Gemalto +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Reiner (SCT cyberJack) +SUBSYSTEM=="usb", ATTR{idVendor}=="0c4b", ATTR{idProduct}=="0500", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Kobil (KAAN) +SUBSYSTEM=="usb", ATTR{idVendor}=="0d46", ATTR{idProduct}=="2012", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## VASCO (DIGIPASS 920) +SUBSYSTEM=="usb", ATTR{idVendor}=="1a44", ATTR{idProduct}=="0920", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Crypto Stick +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Nitrokey +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Gnuk Token +SUBSYSTEM=="usb", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Alcor Micro Corp cardreader (in ThinkPad X250) +SUBSYSTEM=="usb", ATTR{idVendor}=="058f", ATTR{idProduct}=="9540", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Fujitsu Siemens +SUBSYSTEM=="usb", ATTR{idVendor}=="0bf8", ATTR{idProduct}=="1006", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Yubico +# Yubikey NEO OTP+CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey NEO CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0112", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey NEO U2F+CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey NEO OTP+U2F+CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0404", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 OTP+CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0405", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 U2F+CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 OTP+U2F+CCID +SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Trustica Cryptoucan +SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", ATTR{idProduct}=="81e6", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + +LABEL="gnupg_rules_end" From 7bf2729c3b943722169c2741d03bc552368c76d8ac53613d43b306c81f4421dc Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 4 Sep 2018 20:48:23 +0000 Subject: [PATCH 122/156] Accepting request 632346 from Base:System GnuPG 2.2.10 OBS-URL: https://build.opensuse.org/request/show/632346 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=131 --- gnupg-2.2.10.tar.bz2 | 3 +++ gnupg-2.2.10.tar.bz2.sig | Bin 0 -> 309 bytes gnupg-2.2.9.tar.bz2 | 3 --- gnupg-2.2.9.tar.bz2.sig | Bin 310 -> 0 bytes gpg2.changes | 9 +++++++++ gpg2.spec | 2 +- 6 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 gnupg-2.2.10.tar.bz2 create mode 100644 gnupg-2.2.10.tar.bz2.sig delete mode 100644 gnupg-2.2.9.tar.bz2 delete mode 100644 gnupg-2.2.9.tar.bz2.sig diff --git a/gnupg-2.2.10.tar.bz2 b/gnupg-2.2.10.tar.bz2 new file mode 100644 index 0000000..ad47ca8 --- /dev/null +++ b/gnupg-2.2.10.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915 +size 6659484 diff --git a/gnupg-2.2.10.tar.bz2.sig b/gnupg-2.2.10.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..b55dd1419d19e576aeeb8d6d5849e781925f8ff4004a81b3f464277ec51a88a7 GIT binary patch literal 309 zcmV-50m}Y~0Wt&t0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Ydfi2w=-5G0#9 z(oZGhwtWW&^&8I*@Cwf*1JyC<`y48Dkm521HdOsI43LefSGg8;!uzdwARln(O1Oz7 z0ZmVTV5UoB&H3sQ1iyYn1uamTpLKGG;ZA@D7#5Ag(St|_PgG8fMrk)GAo#V64&@13 zYn$oUGaI3#KicQT$^T0J)dQBcQKlOnaSo=Z|JFKml}=}dHt{-2osN;E_(6F zD=N{QHl=;=Ic^+0ui+(+>YpEqfSApn1tzJTPtX7a+!DhUio@?CF8aQ0$WE_xBvy{ECPz=|b4*URR-*RZmI~am{h>_Bu3+bdbn<)wylDPq&cgx`{@$B=r5LoEw z>BmEE+`xR8Dd9Q<@tk=#%1!=WBR%k%(eH^;`B*vLarj!Pr-_Bj69{QoM1imsnfcxY-2Yh4QW z^vHNUM83}|xNtwoAC+mNxinZs@27uvyu~yTmRmnR$Nd*-hmDraVm?};ifNon6OT4D IWGhA;V-uK*ssI20 diff --git a/gpg2.changes b/gpg2.changes index 9d92b94..6a29f91 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Aug 30 14:14:08 UTC 2018 - kbabioch@suse.com + +- Update to 2.2.10: + * Refresh expired keys originating from the WKD + * Use a 256 KiB limit for a WKD imported key + * New option --known-notation + * dirmngr: Validate SRV records in WKD queries + ------------------------------------------------------------------- Wed Jul 25 05:50:42 UTC 2018 - tchvatal@suse.com diff --git a/gpg2.spec b/gpg2.spec index 716934a..eb7a350 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.9 +Version: 2.2.10 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 0697758c1bdd12400efd0d726ba9daab9020e58fa1be31921d820a0f94cad586 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 12 Oct 2018 11:08:02 +0000 Subject: [PATCH 123/156] Accepting request 640771 from Base:System OBS-URL: https://build.opensuse.org/request/show/640771 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=132 --- gpg2.changes | 5 +++++ gpg2.spec | 1 + 2 files changed, 6 insertions(+) diff --git a/gpg2.changes b/gpg2.changes index 6a29f91..cbbb9d8 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Oct 4 04:09:12 UTC 2018 - Bernhard Wiedemann + +- Make package build reproducible (boo#1047218) + ------------------------------------------------------------------- Thu Aug 30 14:14:08 UTC 2018 - kbabioch@suse.com diff --git a/gpg2.spec b/gpg2.spec index eb7a350..ed26de8 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -86,6 +86,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) From dfe6c7c028472d9d5df0572c073b51aeed6dac62ffdadeb61c91b151c3b671c7 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 14 Nov 2018 13:29:28 +0000 Subject: [PATCH 124/156] Accepting request 648382 from Base:System - Code no longer uses libcurl, remove from buildrequires. - Update to 2.2.11: * gpgsm: Fix CRL loading when intermediate certicates are not yet trusted. * gpgsm: Fix an error message about the digest algo. * gpg: Fix a wrong warning due to new sign usage check introduced with 2.2.9. * gpg: Print the "data source" even for an unsuccessful keyserver query. * gpg: Do not store the TOFU trust model in the trustdb. * scd: Fix cases of "Bad PIN" after using "forcesig". * agent: Fix possible hang in the ssh handler. * dirmngr: Tack the unmodified mail address to a WKD request. * dirmngr: Tweak diagnostic about missing LDAP server file. * dirmngr: In verbose mode print the OCSP responder id. * dirmngr: Fix parsing of the LDAP port. * wks: Add option --directory/-C to the server. * wks: Add option --with-colons to the client. * Fix EBADF when gpg et al. are called by broken CGI scripts. * Fix some minor memory leaks and bugs. OBS-URL: https://build.opensuse.org/request/show/648382 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=133 --- gnupg-2.2.10.tar.bz2 | 3 --- gnupg-2.2.10.tar.bz2.sig | Bin 309 -> 0 bytes gnupg-2.2.11.tar.bz2 | 3 +++ gnupg-2.2.11.tar.bz2.sig | Bin 0 -> 620 bytes gpg2.changes | 25 +++++++++++++++++++++++++ gpg2.spec | 5 ++--- 6 files changed, 30 insertions(+), 6 deletions(-) delete mode 100644 gnupg-2.2.10.tar.bz2 delete mode 100644 gnupg-2.2.10.tar.bz2.sig create mode 100644 gnupg-2.2.11.tar.bz2 create mode 100644 gnupg-2.2.11.tar.bz2.sig diff --git a/gnupg-2.2.10.tar.bz2 b/gnupg-2.2.10.tar.bz2 deleted file mode 100644 index ad47ca8..0000000 --- a/gnupg-2.2.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915 -size 6659484 diff --git a/gnupg-2.2.10.tar.bz2.sig b/gnupg-2.2.10.tar.bz2.sig deleted file mode 100644 index b55dd1419d19e576aeeb8d6d5849e781925f8ff4004a81b3f464277ec51a88a7..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 309 zcmV-50m}Y~0Wt&t0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Ydfi2w=-5G0#9 z(oZGhwtWW&^&8I*@Cwf*1JyC<`y48Dkm521HdOsI43LefSGg8;!uzdwARln(O1Oz7 z0ZmVTV5UoB&H3sQ1iyYn1uamTpLKGG;ZA@D7#5Ag(St|_PgG8fMrk)GAo#V64&@13 zYn$oUGaI3#KicQT$^T0J)dQBcQKlOnaSo=Z|JFKml}=}dHt{-2osN;E_(6F zD=N{QHl=;=Ic^+0ui+(+>YpEqfSApn1tzJTPtX7a+!DhUio@?CF8aQ0$bs4xBv9y0G~#}eX(2o<5pKuFe<#d59+75?Rlwhs%!T$mmlPhaKUO|ZVA$+ zaZ|6T?$&Uih2!am5Z@l^5nKo4C<+C>txu3PC~%`Gz_vnKcBCT3bKUt*)k8fF%`xQ% zT0E5v2z8tb|J!6=tX!4WVplw9>kbcTa#2|?g4n_L*gucx`7d-usdz_@nGiVcE{}!! z0C0X0PfdLAr{OKmDRS&#l4VBvl@Wzu?$SLoFU%&Dzl$Xt2N#5=Y>e1=u{}&F1t*_F z>;TzibQ6X0G{vkLH=LHzWxZSawAUU)YXAi8({b`KP%Km<=Yjx>^seT)p*I?(tK>&U2;_{*Q;Wv3QQ)l8FEuDu5oIigI4z8{`MGufWN3sSK_hgs z`FkCAvkF7khat12n7Lo|&p826q?WWKC=l8koF*8bmp?j*j9 zIi%AbEzsG3a>^o_WC0hLcX*Wp)VZGlblDwZGJD+@&EG*2rP&2wpmm*}7i6ZeZEyNe GLd$K=Wgm?I literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index cbbb9d8..9d29002 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Thu Nov 8 15:35:27 UTC 2018 - Cristian Rodríguez + +- Code no longer uses libcurl, remove from buildrequires. + +------------------------------------------------------------------- +Tue Nov 6 12:05:35 UTC 2018 - Karol Babioch + +- Update to 2.2.11: + * gpgsm: Fix CRL loading when intermediate certicates are not yet trusted. + * gpgsm: Fix an error message about the digest algo. + * gpg: Fix a wrong warning due to new sign usage check introduced with 2.2.9. + * gpg: Print the "data source" even for an unsuccessful keyserver query. + * gpg: Do not store the TOFU trust model in the trustdb. + * scd: Fix cases of "Bad PIN" after using "forcesig". + * agent: Fix possible hang in the ssh handler. + * dirmngr: Tack the unmodified mail address to a WKD request. + * dirmngr: Tweak diagnostic about missing LDAP server file. + * dirmngr: In verbose mode print the OCSP responder id. + * dirmngr: Fix parsing of the LDAP port. + * wks: Add option --directory/-C to the server. + * wks: Add option --with-colons to the client. + * Fix EBADF when gpg et al. are called by broken CGI scripts. + * Fix some minor memory leaks and bugs. + ------------------------------------------------------------------- Thu Oct 4 04:09:12 UTC 2018 - Bernhard Wiedemann diff --git a/gpg2.spec b/gpg2.spec index ed26de8..874bc05 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: gpg2 -Version: 2.2.10 +Version: 2.2.11 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -48,7 +48,6 @@ BuildRequires: pkgconfig BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 -BuildRequires: pkgconfig(libcurl) >= 7.10 BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) From a39f5d7a799f34ce7192cbbe79f76e711f7d254f2b1958d4c8d505d16505358c Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 19 Dec 2018 12:48:14 +0000 Subject: [PATCH 125/156] Accepting request 658514 from Base:System OBS-URL: https://build.opensuse.org/request/show/658514 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=134 --- gnupg-2.2.11.tar.bz2 | 3 --- gnupg-2.2.11.tar.bz2.sig | Bin 620 -> 0 bytes gnupg-2.2.12.tar.bz2 | 3 +++ gnupg-2.2.12.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 25 +++++++++++++++++++++++++ gpg2.spec | 4 ++-- 6 files changed, 30 insertions(+), 5 deletions(-) delete mode 100644 gnupg-2.2.11.tar.bz2 delete mode 100644 gnupg-2.2.11.tar.bz2.sig create mode 100644 gnupg-2.2.12.tar.bz2 create mode 100644 gnupg-2.2.12.tar.bz2.sig diff --git a/gnupg-2.2.11.tar.bz2 b/gnupg-2.2.11.tar.bz2 deleted file mode 100644 index 30683c1..0000000 --- a/gnupg-2.2.11.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:496c3e123ef53f35436ddccca58e82acaa901ca4e21174e77386c0cea0c49cd9 -size 6652480 diff --git a/gnupg-2.2.11.tar.bz2.sig b/gnupg-2.2.11.tar.bz2.sig deleted file mode 100644 index 32bff036d4ebd05b10ea4e70b9213d27408072421e87dc0697dc202e632b9c85..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 620 zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$bs4xBv9y0G~#}eX(2o<5pKuFe<#d59+75?Rlwhs%!T$mmlPhaKUO|ZVA$+ zaZ|6T?$&Uih2!am5Z@l^5nKo4C<+C>txu3PC~%`Gz_vnKcBCT3bKUt*)k8fF%`xQ% zT0E5v2z8tb|J!6=tX!4WVplw9>kbcTa#2|?g4n_L*gucx`7d-usdz_@nGiVcE{}!! z0C0X0PfdLAr{OKmDRS&#l4VBvl@Wzu?$SLoFU%&Dzl$Xt2N#5=Y>e1=u{}&F1t*_F z>;TzibQ6X0G{vkLH=LHzWxZSawAUU)YXAi8({b`KP%Km<=Yjx>^seT)p*I?(tK>&U2;_{*Q;Wv3QQ)l8FEuDu5oIigI4z8{`MGufWN3sSK_hgs z`FkCAvkF7khat12n7Lo|&p826q?WWKC=l8koF*8bmp?j*j9 zIi%AbEzsG3a>^o_WC0hLcX*Wp)VZGlblDwZGJD+@&EG*2rP&2wpmm*}7i6ZeZEyNe GLd$K=Wgm?I diff --git a/gnupg-2.2.12.tar.bz2 b/gnupg-2.2.12.tar.bz2 new file mode 100644 index 0000000..a7e9b50 --- /dev/null +++ b/gnupg-2.2.12.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:db030f8b4c98640e91300d36d516f1f4f8fe09514a94ea9fc7411ee1a34082cb +size 6682303 diff --git a/gnupg-2.2.12.tar.bz2.sig b/gnupg-2.2.12.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..32cfacc59d144e1e230d6f9519f909150a87eb50ef432554e911bd4870f3ea3a GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$dZnfB*^!5G0#9 z(oZGhwu`<90F`I>#}`Vrz)~$Q_1XfMBNZYtB4|KRe9MZ6p~~!C*uwq<;z1#;6VVzf ze5I$igL(+Lf8nlk6v;(dOm_1mu}a+yFY48{RlM~8GE=w%z$s>WU{h~ceTx)YL(yQ) zc6%1fHUMAVNpb#tcbc<jzJV+xksn4{SO&RQ=!7Jqp zrd&!7{uAPnZR?m>bVJfyxtci%v{cp_j7hw*J|Bg$ zxeYU7HV8i=hj%l^t?u<7GjTgbxQ}n^9 diff --git a/gpg2.spec b/gpg2.spec index 874bc05..6afb1fb 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: gpg2 -Version: 2.2.11 +Version: 2.2.12 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From dedd09cfda28dde1d4200eea3d80a0616776bfe3d673fb6834802785cefa1457 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Sun, 24 Feb 2019 16:04:59 +0000 Subject: [PATCH 126/156] Accepting request 674400 from Base:System - Update to 2.2.13: * gpg: Implement key lookup via keygrip (using the & prefix). * gpg: Allow generating Ed25519 key from existing key. * gpg: Emit an ERROR status line if no key was found with -k. * gpg: Stop early when trying to create a primary Elgamal key. * gpgsm: Print the card's key algorithms along with their keygrips in interactive key generation. * agent: Clear bogus pinentry cache in the error case. * scd: Support "acknowledge button" feature. * scd: Fix for USB INTERRUPT transfer. * wks: Do no use compression for the the encrypted challenge and response. Release-info: https://dev.gnupg.org/T4290 See-also: gnupg-announce/2019q1/000434.html - Update to 2.2.12: (forwarded request 674396 from kbabioch) OBS-URL: https://build.opensuse.org/request/show/674400 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=135 --- gnupg-2.2.12.tar.bz2 | 3 --- gnupg-2.2.12.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.13.tar.bz2 | 3 +++ gnupg-2.2.13.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 20 +++++++++++++++++++- gpg2.spec | 6 +++--- 6 files changed, 25 insertions(+), 7 deletions(-) delete mode 100644 gnupg-2.2.12.tar.bz2 delete mode 100644 gnupg-2.2.12.tar.bz2.sig create mode 100644 gnupg-2.2.13.tar.bz2 create mode 100644 gnupg-2.2.13.tar.bz2.sig diff --git a/gnupg-2.2.12.tar.bz2 b/gnupg-2.2.12.tar.bz2 deleted file mode 100644 index a7e9b50..0000000 --- a/gnupg-2.2.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:db030f8b4c98640e91300d36d516f1f4f8fe09514a94ea9fc7411ee1a34082cb -size 6682303 diff --git a/gnupg-2.2.12.tar.bz2.sig b/gnupg-2.2.12.tar.bz2.sig deleted file mode 100644 index 32cfacc59d144e1e230d6f9519f909150a87eb50ef432554e911bd4870f3ea3a..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$dZnfB*^!5G0#9 z(oZGhwu`<90F`I>#}`Vrz)~$Q_1XfMBNZYtB4|KRe9MZ6p~~!C*uwq<;z1#;6VVzf ze5I$igL(+Lf8nlk6v;(dOm_1mu}a+yFY48{RlM~8GE=w%z$s>WU{h~ceTx)YL(yQ) zc6%1fHUMAVNpb#tcbc<jzJV+xksn4{SO&RQ=!7Jqp zrd&!7{uAPnZR?m>bVJfyxtci%v{cp_j7hw*J|Bg$ zxeYU7HV8i=hj%l^t?u<7GjTgbxQ}n^9o@?CF8aQ0$gJ8c>oFt5G0#9 z(oZGhw%^_e0FBPc&tMOUq-95t^r;hP1E zx(X~-DA$6;jOobBUBWb(?KN$F0lZ!-;;>)>k3>9p^V>zXsJm3%%5w^K1-g)QCC$W` z%ohnzY}Mw4V=&~~pGjRc%tDxM^-;i$(A405-@{{24dIeEY&` zd_o}GmFL2k*^yxL?{gM)Rtai9{a^zrW{tHj_)*R2H2>w Ioumu3+)~P#zyJUM literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index c0181f2..eded797 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,7 +1,25 @@ +------------------------------------------------------------------- +Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch + +- Update to 2.2.13: + * gpg: Implement key lookup via keygrip (using the & prefix). + * gpg: Allow generating Ed25519 key from existing key. + * gpg: Emit an ERROR status line if no key was found with -k. + * gpg: Stop early when trying to create a primary Elgamal key. + * gpgsm: Print the card's key algorithms along with their keygrips + in interactive key generation. + * agent: Clear bogus pinentry cache in the error case. + * scd: Support "acknowledge button" feature. + * scd: Fix for USB INTERRUPT transfer. + * wks: Do no use compression for the the encrypted challenge and response. + +Release-info: https://dev.gnupg.org/T4290 +See-also: gnupg-announce/2019q1/000434.html + ------------------------------------------------------------------- Fri Dec 14 16:11:56 UTC 2018 - atoptsoglou@suse.com --Update to 2.2.12: +- Update to 2.2.12: * tools: New commands --install-key and --remove-key for gpg-wks-client. This allows to prepare a Web Key Directory on a local file system for later upload to a web server. diff --git a/gpg2.spec b/gpg2.spec index 6afb1fb..8aa2772 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: gpg2 -Version: 2.2.12 +Version: 2.2.13 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 2de02a0a4a7a1d39de3b34a17aeddc97f27dd75662582c51a7df2f5417833f40 Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Fri, 1 Mar 2019 19:25:43 +0000 Subject: [PATCH 127/156] Accepting request 679738 from Base:System OBS-URL: https://build.opensuse.org/request/show/679738 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=136 --- ...libdns-Avoid-using-compound-literals.patch | 94 ++++++ ...bdns-Avoid-using-compound-literals-2.patch | 95 ++++++ ...bdns-Avoid-using-compound-literals-3.patch | 135 ++++++++ ...bdns-Avoid-using-compound-literals-4.patch | 68 +++++ ...bdns-Avoid-using-compound-literals-5.patch | 52 ++++ ...bdns-Avoid-using-compound-literals-6.patch | 289 ++++++++++++++++++ ...bdns-Avoid-using-compound-literals-7.patch | 130 ++++++++ ...bdns-Avoid-using-compound-literals-8.patch | 76 +++++ gnupg-gpg-agent-ulimit.patch | 35 +++ gpg2.changes | 24 ++ gpg2.spec | 28 +- 11 files changed, 1021 insertions(+), 5 deletions(-) create mode 100644 0001-libdns-Avoid-using-compound-literals.patch create mode 100644 0002-libdns-Avoid-using-compound-literals-2.patch create mode 100644 0003-libdns-Avoid-using-compound-literals-3.patch create mode 100644 0004-libdns-Avoid-using-compound-literals-4.patch create mode 100644 0005-libdns-Avoid-using-compound-literals-5.patch create mode 100644 0006-libdns-Avoid-using-compound-literals-6.patch create mode 100644 0007-libdns-Avoid-using-compound-literals-7.patch create mode 100644 0008-libdns-Avoid-using-compound-literals-8.patch create mode 100644 gnupg-gpg-agent-ulimit.patch diff --git a/0001-libdns-Avoid-using-compound-literals.patch b/0001-libdns-Avoid-using-compound-literals.patch new file mode 100644 index 0000000..7545bb0 --- /dev/null +++ b/0001-libdns-Avoid-using-compound-literals.patch @@ -0,0 +1,94 @@ +From 1c405499388fd5bed0968ab5c6c5d1b3373537b9 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 09:42:54 +0900 +Subject: [PATCH 1/8] libdns: Avoid using compound literals. + +* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic +variables. +(dns_poll, dns_send_nopipe): Likewise, adding const qualifier. + +-- + +Compound literals is a feature of C99. Because we only use C90 plus +some limited features, in the project, it's better to avoid it. + +Besides, we make sure when it's read-only. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index 210e9f49a..0645d2f55 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -944,10 +944,11 @@ static int dns_sa_cmp(void *a, void *b) { + #if _WIN32 + static int dns_inet_pton(int af, const void *src, void *dst) { + union { struct sockaddr_in sin; struct sockaddr_in6 sin6; } u; ++ int size_of_u = (int)sizeof u; + + u.sin.sin_family = af; + +- if (0 != WSAStringToAddressA((void *)src, af, (void *)0, (struct sockaddr *)&u, &(int){ sizeof u })) ++ if (0 != WSAStringToAddressA((void *)src, af, (void *)0, (struct sockaddr *)&u, &size_of_u)) + return -1; + + switch (af) { +@@ -1125,6 +1126,7 @@ static inline _Bool dns_isgraph(unsigned char c) { + + static int dns_poll(int fd, short events, int timeout) { + fd_set rset, wset; ++ struct timeval tv = { timeout, 0 }; + + if (!events) + return 0; +@@ -1141,7 +1143,7 @@ static int dns_poll(int fd, short events, int timeout) { + if (events & DNS_POLLOUT) + FD_SET(fd, &wset); + +- select(fd + 1, &rset, &wset, 0, (timeout >= 0)? &(struct timeval){ timeout, 0 } : NULL); ++ select(fd + 1, &rset, &wset, 0, (timeout >= 0)? &tv : NULL); + + return 0; + } /* dns_poll() */ +@@ -1215,9 +1217,10 @@ static size_t dns_send_nopipe(int fd, const void *src, size_t len, int flags, dn + + if (!sigismember(&pending, SIGPIPE)) { + int saved = error; ++ const struct timespec ts = { 0, 0 }; + + if (!count && error == EPIPE) { +- while (-1 == sigtimedwait(&piped, NULL, &(struct timespec){ 0, 0 }) && errno == EINTR) ++ while (-1 == sigtimedwait(&piped, NULL, &ts) && errno == EINTR) + ;; + } + +@@ -7111,7 +7114,8 @@ static int dns_socket(struct sockaddr *local, int type, int *error_) { + + #if defined SO_NOSIGPIPE + if (type != SOCK_DGRAM) { +- if (0 != setsockopt(fd, SOL_SOCKET, SO_NOSIGPIPE, &(int){ 1 }, sizeof (int))) ++ const int v = 1; ++ if (0 != setsockopt(fd, SOL_SOCKET, SO_NOSIGPIPE, &v, sizeof (int))) + goto soerr; + } + #endif +@@ -7487,11 +7491,12 @@ error: + + static _Bool dns_so_tcp_keep(struct dns_socket *so) { + struct sockaddr_storage remote; ++ socklen_t l = sizeof remote; + + if (so->tcp == -1) + return 0; + +- if (0 != getpeername(so->tcp, (struct sockaddr *)&remote, &(socklen_t){ sizeof remote })) ++ if (0 != getpeername(so->tcp, (struct sockaddr *)&remote, &l)) + return 0; + + return 0 == dns_sa_cmp(&remote, &so->remote); +-- +2.20.1 + diff --git a/0002-libdns-Avoid-using-compound-literals-2.patch b/0002-libdns-Avoid-using-compound-literals-2.patch new file mode 100644 index 0000000..685e2fd --- /dev/null +++ b/0002-libdns-Avoid-using-compound-literals-2.patch @@ -0,0 +1,95 @@ +From 455ef62d29a112de05897139716265d07e4c6ae3 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 10:04:09 +0900 +Subject: [PATCH 2/8] libdns: Avoid using compound literals (2). + +* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove. +(dns_strclass1, dns_strclass3): Remove. +(dns_strtype1, dns_strtype3): Remove. +(dns_strsection, dns_strclass, dns_strtype): Directly use the +function. +* dirmngr/dns.c (dns_strsection): Use automatic variable. +(dns_strclass, dns_strtype): Likewise. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns.c | 15 +++++++++------ + dirmngr/dns.h | 16 +++------------- + 2 files changed, 12 insertions(+), 19 deletions(-) + +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index 0645d2f55..92084d112 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -10086,8 +10086,9 @@ static const struct { + { "AR", DNS_S_ADDITIONAL }, + }; + +-const char *(dns_strsection)(enum dns_section section, void *_dst, size_t lim) { +- struct dns_buf dst = DNS_B_INTO(_dst, lim); ++const char *(dns_strsection)(enum dns_section section) { ++ char _dst[DNS_STRMAXLEN + 1] = { 0 }; ++ struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); + unsigned i; + + for (i = 0; i < lengthof(dns_sections); i++) { +@@ -10135,8 +10136,9 @@ static const struct { + { "IN", DNS_C_IN }, + }; + +-const char *(dns_strclass)(enum dns_class type, void *_dst, size_t lim) { +- struct dns_buf dst = DNS_B_INTO(_dst, lim); ++const char *(dns_strclass)(enum dns_class type) { ++ char _dst[DNS_STRMAXLEN + 1] = { 0 }; ++ struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); + unsigned i; + + for (i = 0; i < lengthof(dns_classes); i++) { +@@ -10171,8 +10173,9 @@ enum dns_class dns_iclass(const char *name) { + } /* dns_iclass() */ + + +-const char *(dns_strtype)(enum dns_type type, void *_dst, size_t lim) { +- struct dns_buf dst = DNS_B_INTO(_dst, lim); ++const char *(dns_strtype)(enum dns_type type) { ++ char _dst[DNS_STRMAXLEN + 1] = { 0 }; ++ struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); + unsigned i; + + for (i = 0; i < lengthof(dns_rrtypes); i++) { +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index 30d0b45af..6dedfbc91 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -291,25 +291,15 @@ enum dns_rcode { + */ + #define DNS_STRMAXLEN 47 /* "QUESTION|ANSWER|AUTHORITY|ADDITIONAL" */ + +-DNS_PUBLIC const char *dns_strsection(enum dns_section, void *, size_t); +-#define dns_strsection3(a, b, c) \ +- dns_strsection((a), (b), (c)) +-#define dns_strsection1(a) dns_strsection((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) +-#define dns_strsection(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strsection, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) ++DNS_PUBLIC const char *dns_strsection(enum dns_section); + + DNS_PUBLIC enum dns_section dns_isection(const char *); + +-DNS_PUBLIC const char *dns_strclass(enum dns_class, void *, size_t); +-#define dns_strclass3(a, b, c) dns_strclass((a), (b), (c)) +-#define dns_strclass1(a) dns_strclass((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) +-#define dns_strclass(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strclass, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) ++DNS_PUBLIC const char *dns_strclass(enum dns_class); + + DNS_PUBLIC enum dns_class dns_iclass(const char *); + +-DNS_PUBLIC const char *dns_strtype(enum dns_type, void *, size_t); +-#define dns_strtype3(a, b, c) dns_strtype((a), (b), (c)) +-#define dns_strtype1(a) dns_strtype((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) +-#define dns_strtype(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strtype, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) ++DNS_PUBLIC const char *dns_strtype(enum dns_type); + + DNS_PUBLIC enum dns_type dns_itype(const char *); + +-- +2.20.1 + diff --git a/0003-libdns-Avoid-using-compound-literals-3.patch b/0003-libdns-Avoid-using-compound-literals-3.patch new file mode 100644 index 0000000..a897c18 --- /dev/null +++ b/0003-libdns-Avoid-using-compound-literals-3.patch @@ -0,0 +1,135 @@ +From 72efb7840258808cd892b90d871ea1cc1c31d7f5 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 10:34:03 +0900 +Subject: [PATCH 3/8] libdns: Avoid using compound literals (3). + +* dirmngr/dns.h (dns_p_new): Remove. +* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic +variable. +(dns_hints_query, dns_res_glue, parse_packet, query_hosts) +(send_query, show_hints, echo_port): Likewise. + +-- + +Implicit automatic allocation by compound literals is confusing +for C90 code. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns.c | 27 ++++++++++++++++++--------- + dirmngr/dns.h | 3 --- + 2 files changed, 18 insertions(+), 12 deletions(-) + +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index 92084d112..6acb4faa2 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -5278,7 +5278,8 @@ error: + + + struct dns_packet *dns_hosts_query(struct dns_hosts *hosts, struct dns_packet *Q, int *error_) { +- struct dns_packet *P = dns_p_new(512); ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; ++ struct dns_packet *P = dns_p_init(&_P.p, 512); + struct dns_packet *A = 0; + struct dns_rr rr; + struct dns_hosts_entry *ent; +@@ -6839,6 +6840,7 @@ unsigned dns_hints_grep(struct sockaddr **sa, socklen_t *sa_len, unsigned lim, s + + + struct dns_packet *dns_hints_query(struct dns_hints *hints, struct dns_packet *Q, int *error_) { ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; + struct dns_packet *A, *P; + struct dns_rr rr; + char zone[DNS_D_MAXNAME + 1]; +@@ -6856,7 +6858,7 @@ struct dns_packet *dns_hints_query(struct dns_hints *hints, struct dns_packet *Q + else if (zlen >= sizeof zone) + goto toolong; + +- P = dns_p_new(512); ++ P = dns_p_init(&_P.p, 512); + dns_header(P)->qr = 1; + + if ((error = dns_rr_copy(P, &rr, Q))) +@@ -8461,7 +8463,8 @@ error: + + + static struct dns_packet *dns_res_glue(struct dns_resolver *R, struct dns_packet *Q) { +- struct dns_packet *P = dns_p_new(512); ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; ++ struct dns_packet *P = dns_p_init(&_P.p, 512); + char qname[DNS_D_MAXNAME + 1]; + size_t qlen; + enum dns_type qtype; +@@ -10586,8 +10589,10 @@ static void print_packet(struct dns_packet *P, FILE *fp) { + + + static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { +- struct dns_packet *P = dns_p_new(512); +- struct dns_packet *Q = dns_p_new(512); ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _Q = { 0 }; ++ struct dns_packet *P = dns_p_init(&_P.p, 512); ++ struct dns_packet *Q = dns_p_init(&_Q.p, 512); + enum dns_section section; + struct dns_rr rr; + int error; +@@ -10787,7 +10792,8 @@ static int show_hosts(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { + + + static int query_hosts(int argc, char *argv[]) { +- struct dns_packet *Q = dns_p_new(512); ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _Q = { 0 }; ++ struct dns_packet *Q = dns_p_init(&_Q.p, 512); + struct dns_packet *A; + char qname[DNS_D_MAXNAME + 1]; + size_t qlen; +@@ -10905,7 +10911,8 @@ static int dump_random(int argc, char *argv[]) { + + + static int send_query(int argc, char *argv[]) { +- struct dns_packet *A, *Q = dns_p_new(512); ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _Q = { 0 }; ++ struct dns_packet *A, *Q = dns_p_init(&_Q.p, 512); + char host[INET6_ADDRSTRLEN + 1]; + struct sockaddr_storage ss; + struct dns_socket *so; +@@ -10999,9 +11006,10 @@ static int show_hints(int argc, char *argv[]) { + if (0 == strcmp(how, "plain")) { + dns_hints_dump(hints, stdout); + } else { ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; + struct dns_packet *query, *answer; + +- query = dns_p_new(512); ++ query = dns_p_init(&_P.p, 512); + + if ((error = dns_p_push(query, DNS_S_QUESTION, who, strlen(who), DNS_T_A, DNS_C_IN, 0, 0))) + panic("%s: %s", who, dns_strerror(error)); +@@ -11160,7 +11168,8 @@ static int echo_port(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { + panic("127.0.0.1:5353: %s", dns_strerror(errno)); + + for (;;) { +- struct dns_packet *pkt = dns_p_new(512); ++ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; ++ struct dns_packet *pkt = dns_p_init(&_P.p, 512); + struct sockaddr_storage ss; + socklen_t slen = sizeof ss; + ssize_t count; +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index 6dedfbc91..4a9417120 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -412,9 +412,6 @@ struct dns_packet { + + #define dns_p_sizeof(P) dns_p_calcsize((P)->end) + +-/** takes size of maximum desired payload */ +-#define dns_p_new(n) (dns_p_init((struct dns_packet *)&(union { unsigned char b[dns_p_calcsize((n))]; struct dns_packet p; }){ { 0 } }, dns_p_calcsize((n)))) +- + /** takes size of entire packet structure as allocated */ + DNS_PUBLIC struct dns_packet *dns_p_init(struct dns_packet *, size_t); + +-- +2.20.1 + diff --git a/0004-libdns-Avoid-using-compound-literals-4.patch b/0004-libdns-Avoid-using-compound-literals-4.patch new file mode 100644 index 0000000..b043443 --- /dev/null +++ b/0004-libdns-Avoid-using-compound-literals-4.patch @@ -0,0 +1,68 @@ +From 7313a112f9c7ada61d24285313d2e2d069a672e8 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 10:58:16 +0900 +Subject: [PATCH 4/8] libdns: Avoid using compound literals (4). + +* dirmngr/dns.h (dns_d_new*): Remove. +* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic +variable. +(parse_domain): Likewise. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns.c | 8 ++++++-- + dirmngr/dns.h | 5 ----- + 2 files changed, 6 insertions(+), 7 deletions(-) + +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index 6acb4faa2..f6a158789 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -10632,8 +10632,11 @@ static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { + #if 0 + dns_rr_foreach(&rr, Q, .name = "ns8.yahoo.com.") { + #else ++ char _p[DNS_D_MAXNAME + 1] = { 0 }; ++ const char *dn = "ns8.yahoo.com"; ++ char *_name = dns_d_init(_p, sizeof _p, dn, strlen (dn), DNS_D_ANCHOR); + struct dns_rr rrset[32]; +- struct dns_rr_i *rri = dns_rr_i_new(Q, .name = dns_d_new("ns8.yahoo.com", DNS_D_ANCHOR), .sort = MAIN.sort); ++ struct dns_rr_i *rri = dns_rr_i_new(Q, .name = _name, .sort = MAIN.sort); + unsigned rrcount = dns_rr_grep(rrset, lengthof(rrset), rri, Q, &error); + + for (unsigned i = 0; i < rrcount; i++) { +@@ -10661,13 +10664,14 @@ static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { + + + static int parse_domain(int argc, char *argv[]) { ++ char _p[DNS_D_MAXNAME + 1] = { 0 }; + char *dn; + + dn = (argc > 1)? argv[1] : "f.l.google.com"; + + printf("[%s]\n", dn); + +- dn = dns_d_new(dn); ++ dn = dns_d_init(_p, sizeof _p, dn, strlen (dn), DNS_D_ANCHOR); + + do { + puts(dn); +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index 4a9417120..0953228f8 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -451,11 +451,6 @@ DNS_PUBLIC int dns_p_study(struct dns_packet *); + #define DNS_D_CLEAVE 2 /* cleave sub-domain */ + #define DNS_D_TRIM 4 /* remove superfluous dots */ + +-#define dns_d_new3(a, b, f) dns_d_init(&(char[DNS_D_MAXNAME + 1]){ 0 }, DNS_D_MAXNAME + 1, (a), (b), (f)) +-#define dns_d_new2(a, f) dns_d_new3((a), strlen((a)), (f)) +-#define dns_d_new1(a) dns_d_new3((a), strlen((a)), DNS_D_ANCHOR) +-#define dns_d_new(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_d_new, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) +- + DNS_PUBLIC char *dns_d_init(void *, size_t, const void *, size_t, int); + + DNS_PUBLIC size_t dns_d_anchor(void *, size_t, const void *, size_t); +-- +2.20.1 + diff --git a/0005-libdns-Avoid-using-compound-literals-5.patch b/0005-libdns-Avoid-using-compound-literals-5.patch new file mode 100644 index 0000000..59a75dd --- /dev/null +++ b/0005-libdns-Avoid-using-compound-literals-5.patch @@ -0,0 +1,52 @@ +From a1ccfe2b37847cce0db2fb94a7365c9fa501eda4 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 11:43:10 +0900 +Subject: [PATCH 5/8] libdns: Avoid using compound literals (5). + +* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new. +Call dns_rr_grep with NULL. +* dirmngr/dns.c (dns_rr_grep): Support NULL for error_. + +-- + +Here we still use C99 feature of struct member initialization in +dns_rr_foreach, for struct dns_rr_i. Note that in C99, it guarantees +non-specified member fields are initialized by zero. So, there's no +need to use dns_rr_i_new at all. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns.c | 3 ++- + dirmngr/dns.h | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index f6a158789..85fd37fb2 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -3266,7 +3266,8 @@ unsigned dns_rr_grep(struct dns_rr *rr, unsigned lim, struct dns_rr_i *i, struct + + return count; + error: +- *error_ = error; ++ if (error_) ++ *error_ = error; + + return count; + } /* dns_rr_grep() */ +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index 0953228f8..da450c611 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -542,7 +542,7 @@ DNS_PUBLIC struct dns_rr_i *dns_rr_i_init(struct dns_rr_i *, struct dns_packet * + DNS_PUBLIC unsigned dns_rr_grep(struct dns_rr *, unsigned, struct dns_rr_i *, struct dns_packet *, int *); + + #define dns_rr_foreach_(rr, P, ...) \ +- for (struct dns_rr_i DNS_PP_XPASTE(i, __LINE__) = *dns_rr_i_new((P), __VA_ARGS__); dns_rr_grep((rr), 1, &DNS_PP_XPASTE(i, __LINE__), (P), &(int){ 0 }); ) ++ for (struct dns_rr_i DNS_PP_XPASTE(i, __LINE__) = { __VA_ARGS__ }; dns_rr_grep((rr), 1, &DNS_PP_XPASTE(i, __LINE__), (P), NULL); ) + + #define dns_rr_foreach(...) dns_rr_foreach_(__VA_ARGS__) + +-- +2.20.1 + diff --git a/0006-libdns-Avoid-using-compound-literals-6.patch b/0006-libdns-Avoid-using-compound-literals-6.patch new file mode 100644 index 0000000..58e5d9c --- /dev/null +++ b/0006-libdns-Avoid-using-compound-literals-6.patch @@ -0,0 +1,289 @@ +From 6501e59d3685bb58753c9caea729a4b0eca3942a Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 11:55:32 +0900 +Subject: [PATCH 6/8] libdns: Avoid using compound literals (6). + +* dirmngr/dns.h (dns_rr_i_new): Remove. +(dns_rr_i_init): Remove unused second argument. +* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet) +(parse_packet): Use automatic variable for struct dns_rr_i. +(dns_d_cname): No need to call dns_rr_i_init after memset 0. +(dns_rr_i_init): Remove unused second argument. Return nothing. +* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns) +(getsrv_libdns): Follow the change of dns_rr_i_init. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns-stuff.c | 6 ++-- + dirmngr/dns.c | 73 +++++++++++++++++++++++++++++---------------- + dirmngr/dns.h | 5 +--- + 3 files changed, 51 insertions(+), 33 deletions(-) + +diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c +index 7aa07c716..a1aa3145e 100644 +--- a/dirmngr/dns-stuff.c ++++ b/dirmngr/dns-stuff.c +@@ -1168,7 +1168,7 @@ resolve_addr_libdns (ctrl_t ctrl, + struct dns_rr_i rri; + + memset (&rri, 0, sizeof rri); +- dns_rr_i_init (&rri, ans); ++ dns_rr_i_init (&rri); + rri.section = DNS_S_ALL & ~DNS_S_QD; + rri.name = host; + rri.type = DNS_T_PTR; +@@ -1459,7 +1459,7 @@ get_dns_cert_libdns (ctrl_t ctrl, const char *name, int want_certtype, + goto leave; + + memset (&rri, 0, sizeof rri); +- dns_rr_i_init (&rri, ans); ++ dns_rr_i_init (&rri); + rri.section = DNS_S_ALL & ~DNS_S_QD; + rri.name = host; + rri.type = qtype; +@@ -1889,7 +1889,7 @@ getsrv_libdns (ctrl_t ctrl, + goto leave; + + memset (&rri, 0, sizeof rri); +- dns_rr_i_init (&rri, ans); ++ dns_rr_i_init (&rri); + rri.section = DNS_S_ALL & ~DNS_S_QD; + rri.name = host; + rri.type = DNS_T_SRV; +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index 85fd37fb2..9da44cd77 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -2217,7 +2217,8 @@ static void dns_p_dump3(struct dns_packet *P, struct dns_rr_i *I, FILE *fp) { + + + void dns_p_dump(struct dns_packet *P, FILE *fp) { +- dns_p_dump3(P, dns_rr_i_new(P, .section = 0), fp); ++ struct dns_rr_i _I = { 0 }; ++ dns_p_dump3(P, &_I, fp); + } /* dns_p_dump() */ + + +@@ -2796,8 +2797,7 @@ size_t dns_d_cname(void *dst, size_t lim, const void *dn, size_t len, struct dns + { error = ENAMETOOLONG; goto error; } + + for (depth = 0; depth < 7; depth++) { +- dns_rr_i_init(memset(&i, 0, sizeof i), P); +- ++ memset(&i, 0, sizeof i); + i.section = DNS_S_ALL & ~DNS_S_QD; + i.name = host; + i.type = DNS_T_CNAME; +@@ -3222,15 +3222,11 @@ int dns_rr_i_shuffle(struct dns_rr *a, struct dns_rr *b, struct dns_rr_i *i, str + } /* dns_rr_i_shuffle() */ + + +-struct dns_rr_i *dns_rr_i_init(struct dns_rr_i *i, struct dns_packet *P) { ++void dns_rr_i_init(struct dns_rr_i *i) { + static const struct dns_rr_i i_initializer; + +- (void)P; +- + i->state = i_initializer.state; + i->saved = i->state; +- +- return i; + } /* dns_rr_i_init() */ + + +@@ -6850,8 +6846,11 @@ struct dns_packet *dns_hints_query(struct dns_hints *hints, struct dns_packet *Q + struct sockaddr *sa; + socklen_t slen; + int error; ++ struct dns_rr_i _I = { 0 }; + +- if (!dns_rr_grep(&rr, 1, dns_rr_i_new(Q, .section = DNS_S_QUESTION), Q, &error)) ++ _I.section = DNS_S_QUESTION; ++ ++ if (!dns_rr_grep(&rr, 1, &_I, Q, &error)) + goto error; + + if (!(zlen = dns_d_expand(zone, sizeof zone, rr.dn.p, Q, &error))) +@@ -8537,12 +8536,22 @@ static int dns_res_nameserv_cmp(struct dns_rr *a, struct dns_rr *b, struct dns_r + struct dns_ns ns; + int cmp, error; + +- if (!(error = dns_ns_parse(&ns, a, P))) +- glued[0] = !!dns_rr_grep(&x, 1, dns_rr_i_new(P, .section = (DNS_S_ALL & ~DNS_S_QD), .name = ns.host, .type = DNS_T_A), P, &error); ++ if (!(error = dns_ns_parse(&ns, a, P))) { ++ struct dns_rr_i _I = { 0 }; + +- if (!(error = dns_ns_parse(&ns, b, P))) +- glued[1] = !!dns_rr_grep(&y, 1, dns_rr_i_new(P, .section = (DNS_S_ALL & ~DNS_S_QD), .name = ns.host, .type = DNS_T_A), P, &error); ++ _I.section = (DNS_S_ALL & ~DNS_S_QD); ++ _I.name = ns.host; ++ _I.type = DNS_T_A; ++ glued[0] = !!dns_rr_grep(&x, 1, &_I, P, &error); ++ } ++ if (!(error = dns_ns_parse(&ns, b, P))) { ++ struct dns_rr_i _I = { 0 }; + ++ _I.section = (DNS_S_ALL & ~DNS_S_QD); ++ _I.name = ns.host; ++ _I.type = DNS_T_A; ++ glued[1] = !!dns_rr_grep(&y, 1, &_I, P, &error); ++ } + if ((cmp = glued[1] - glued[0])) { + return cmp; + } else if ((cmp = (dns_rr_offset(&y) < i->args[0]) - (dns_rr_offset(&x) < i->args[0]))) { +@@ -8743,7 +8752,7 @@ exec: + + F->state++; /* FALL THROUGH */ + case DNS_R_ITERATE: +- dns_rr_i_init(&F->hints_i, F->hints); ++ dns_rr_i_init(&F->hints_i); + + F->hints_i.section = DNS_S_AUTHORITY; + F->hints_i.type = DNS_T_NS; +@@ -8762,7 +8771,7 @@ exec: + dgoto(R->sp, DNS_R_SWITCH); + } + +- dns_rr_i_init(&F->hints_j, F->hints); ++ dns_rr_i_init(&F->hints_j); + + /* Assume there are glue records */ + dgoto(R->sp, DNS_R_FOREACH_A); +@@ -8815,14 +8824,14 @@ exec: + if (!dns_rr_i_count(&F->hints_j)) { + /* Check if we have in fact servers + with an IPv6 address. */ +- dns_rr_i_init(&F->hints_j, F->hints); ++ dns_rr_i_init(&F->hints_j); + F->hints_j.name = u.ns.host; + F->hints_j.type = DNS_T_AAAA; + F->hints_j.section = DNS_S_ALL & ~DNS_S_QD; + if (dns_rr_grep(&rr, 1, &F->hints_j, F->hints, &error)) { + /* We do. Reinitialize + iterator and handle it. */ +- dns_rr_i_init(&F->hints_j, F->hints); ++ dns_rr_i_init(&F->hints_j); + dgoto(R->sp, DNS_R_FOREACH_AAAA); + } + +@@ -8951,14 +8960,14 @@ exec: + if (!dns_rr_i_count(&F->hints_j)) { + /* Check if we have in fact servers + with an IPv4 address. */ +- dns_rr_i_init(&F->hints_j, F->hints); ++ dns_rr_i_init(&F->hints_j); + F->hints_j.name = u.ns.host; + F->hints_j.type = DNS_T_A; + F->hints_j.section = DNS_S_ALL & ~DNS_S_QD; + if (dns_rr_grep(&rr, 1, &F->hints_j, F->hints, &error)) { + /* We do. Reinitialize + iterator and handle it. */ +- dns_rr_i_init(&F->hints_j, F->hints); ++ dns_rr_i_init(&F->hints_j); + dgoto(R->sp, DNS_R_FOREACH_A); + } + +@@ -9096,7 +9105,7 @@ exec: + R->smart.section = DNS_S_AN; + R->smart.type = R->qtype; + +- dns_rr_i_init(&R->smart, F->answer); ++ dns_rr_i_init(&R->smart); + + F->state++; /* FALL THROUGH */ + case DNS_R_SMART0_A: +@@ -9840,7 +9849,7 @@ exec: + return error; + + dns_strlcpy(ai->i_cname, ai->cname, sizeof ai->i_cname); +- dns_rr_i_init(&ai->i, ai->answer); ++ dns_rr_i_init(&ai->i); + ai->i.section = DNS_S_AN; + ai->i.name = ai->i_cname; + ai->i.type = dns_ai_qtype(ai); +@@ -9887,7 +9896,7 @@ exec: + ai->state++; /* FALL THROUGH */ + case DNS_AI_S_ITERATE_G: + dns_strlcpy(ai->g_cname, ai->cname, sizeof ai->g_cname); +- dns_rr_i_init(&ai->g, ai->glue); ++ dns_rr_i_init(&ai->g); + ai->g.section = DNS_S_ALL & ~DNS_S_QD; + ai->g.name = ai->g_cname; + ai->g.type = ai->af.qtype; +@@ -9906,8 +9915,14 @@ exec: + + return dns_ai_setent(ent, &any, rr.type, ai); + case DNS_AI_S_SUBMIT_G: ++ { ++ struct dns_rr_i _I = { 0 }; ++ ++ _I.section = DNS_S_QD; ++ _I.name = ai->g.name; ++ _I.type = ai->g.type; + /* skip if already queried */ +- if (dns_rr_grep(&rr, 1, dns_rr_i_new(ai->glue, .section = DNS_S_QD, .name = ai->g.name, .type = ai->g.type), ai->glue, &error)) ++ if (dns_rr_grep(&rr, 1, &_I, ai->glue, &error)) + dns_ai_goto(DNS_AI_S_FOREACH_I); + /* skip if we recursed (CNAME chains should have been handled in the resolver) */ + if (++ai->g_depth > 1) +@@ -9916,7 +9931,8 @@ exec: + if ((error = dns_res_submit(ai->res, ai->g.name, ai->g.type, DNS_C_IN))) + return error; + +- ai->state++; /* FALL THROUGH */ ++ ai->state++; ++ } /* FALL THROUGH */ + case DNS_AI_S_CHECK_G: + if ((error = dns_res_check(ai->res))) + return error; +@@ -10582,7 +10598,9 @@ static struct dns_trace *trace(const char *mode) { + + + static void print_packet(struct dns_packet *P, FILE *fp) { +- dns_p_dump3(P, dns_rr_i_new(P, .sort = MAIN.sort), fp); ++ struct dns_rr_i _I = { 0 }; ++ I.sort = MAIN.sort; ++ dns_p_dump3(P, &I, fp); + + if (MAIN.verbose > 2) + hexdump(P->data, P->end, fp); +@@ -10637,9 +10655,12 @@ static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { + const char *dn = "ns8.yahoo.com"; + char *_name = dns_d_init(_p, sizeof _p, dn, strlen (dn), DNS_D_ANCHOR); + struct dns_rr rrset[32]; +- struct dns_rr_i *rri = dns_rr_i_new(Q, .name = _name, .sort = MAIN.sort); ++ struct dns_rr_i _I = { 0 }; ++ struct dns_rr_i *rri = &I; + unsigned rrcount = dns_rr_grep(rrset, lengthof(rrset), rri, Q, &error); + ++ I.name = _name; ++ I.sort = MAIN.sort; + for (unsigned i = 0; i < rrcount; i++) { + rr = rrset[i]; + #endif +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index da450c611..49b1c78bb 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -503,9 +503,6 @@ DNS_PUBLIC int dns_rr_cmp(struct dns_rr *, struct dns_packet *, struct dns_rr *, + DNS_PUBLIC size_t dns_rr_print(void *, size_t, struct dns_rr *, struct dns_packet *, int *); + + +-#define dns_rr_i_new(P, ...) \ +- dns_rr_i_init(&dns_quietinit((struct dns_rr_i){ 0, __VA_ARGS__ }), (P)) +- + struct dns_rr_i { + enum dns_section section; + const void *name; +@@ -533,7 +530,7 @@ DNS_PUBLIC int dns_rr_i_order(struct dns_rr *, struct dns_rr *, struct dns_rr_i + + DNS_PUBLIC int dns_rr_i_shuffle(struct dns_rr *, struct dns_rr *, struct dns_rr_i *, struct dns_packet *); + +-DNS_PUBLIC struct dns_rr_i *dns_rr_i_init(struct dns_rr_i *, struct dns_packet *); ++DNS_PUBLIC void dns_rr_i_init(struct dns_rr_i *); + + #define dns_rr_i_save(i) ((i)->saved = (i)->state) + #define dns_rr_i_rewind(i) ((i)->state = (i)->saved) +-- +2.20.1 + diff --git a/0007-libdns-Avoid-using-compound-literals-7.patch b/0007-libdns-Avoid-using-compound-literals-7.patch new file mode 100644 index 0000000..6910183 --- /dev/null +++ b/0007-libdns-Avoid-using-compound-literals-7.patch @@ -0,0 +1,130 @@ +From d661acd483236d34720a4959fc816d05f89c2cb7 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 12:13:35 +0900 +Subject: [PATCH 7/8] libdns: Avoid using compound literals (7). + +* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove. +* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized +automatic variable for opts. +* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo): +Likewise. + +-- + +In fact, DNS_OPTS_INIT was only needed when args are none. With +partially specified initialization, C99 guarantees zero-ed other +members just like static object. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns-stuff.c | 10 ++++++---- + dirmngr/dns.c | 15 ++++++++++----- + dirmngr/dns.h | 3 --- + 3 files changed, 16 insertions(+), 12 deletions(-) + +diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c +index a1aa3145e..e48aca730 100644 +--- a/dirmngr/dns-stuff.c ++++ b/dirmngr/dns-stuff.c +@@ -701,6 +701,11 @@ libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res) + gpg_error_t err; + struct dns_resolver *res; + int derr; ++ struct dns_options opts = { 0 }; ++ ++ opts.socks_host = &libdns.socks_host; ++ opts.socks_user = tor_socks_user; ++ opts.socks_password = tor_socks_password; + + *r_res = NULL; + +@@ -726,10 +731,7 @@ libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res) + set_dns_timeout (0); + + res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL, +- dns_opts (.socks_host = &libdns.socks_host, +- .socks_user = tor_socks_user, +- .socks_password = tor_socks_password ), +- &derr); ++ &opts, &derr); + if (!res) + return libdns_error_to_gpg_error (derr); + +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index 9da44cd77..fa5e5283d 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -10943,6 +10943,7 @@ static int send_query(int argc, char *argv[]) { + struct sockaddr_storage ss; + struct dns_socket *so; + int error, type; ++ struct dns_options opts = { 0 }; + + memset(&ss, 0, sizeof ss); + if (argc > 1) { +@@ -10977,7 +10978,7 @@ static int send_query(int argc, char *argv[]) { + + fprintf(stderr, "querying %s for %s IN %s\n", host, MAIN.qname, dns_strtype(MAIN.qtype)); + +- if (!(so = dns_so_open((struct sockaddr *)&resconf()->iface, type, dns_opts(), &error))) ++ if (!(so = dns_so_open((struct sockaddr *)&resconf()->iface, type, &opts, &error))) + panic("dns_so_open: %s", dns_strerror(error)); + + while (!(A = dns_so_query(so, Q, (struct sockaddr *)&ss, &error))) { +@@ -11061,6 +11062,11 @@ static int resolve_query(int argc DNS_NOTUSED, char *argv[]) { + struct dns_packet *ans; + const struct dns_stat *st; + int error; ++ struct dns_options opts = { 0 }; ++ ++ opts.socks_host = &MAIN.socks_host; ++ opts.socks_user = MAIN.socks_user; ++ opts.socks_password = MAIN.socks_password; + + if (!MAIN.qname) + MAIN.qname = "www.google.com"; +@@ -11070,9 +11076,7 @@ static int resolve_query(int argc DNS_NOTUSED, char *argv[]) { + resconf()->options.recurse = recurse; + + if (!(R = dns_res_open(resconf(), hosts(), dns_hints_mortal(hints(resconf(), &error)), cache(), +- dns_opts(.socks_host=&MAIN.socks_host, +- .socks_user=MAIN.socks_user, +- .socks_password=MAIN.socks_password), &error))) ++ &opts, &error))) + panic("%s: %s", MAIN.qname, dns_strerror(error)); + + dns_res_settrace(R, trace("w+b")); +@@ -11116,6 +11120,7 @@ static int resolve_addrinfo(int argc DNS_NOTUSED, char *argv[]) { + struct addrinfo *ent; + char pretty[512]; + int error; ++ struct dns_options opts = { 0 }; + + if (!MAIN.qname) + MAIN.qname = "www.google.com"; +@@ -11123,7 +11128,7 @@ static int resolve_addrinfo(int argc DNS_NOTUSED, char *argv[]) { + + resconf()->options.recurse = recurse; + +- if (!(res = dns_res_open(resconf(), hosts(), dns_hints_mortal(hints(resconf(), &error)), cache(), dns_opts(), &error))) ++ if (!(res = dns_res_open(resconf(), hosts(), dns_hints_mortal(hints(resconf(), &error)), cache(), &opts, &error))) + panic("%s: %s", MAIN.qname, dns_strerror(error)); + + if (!(ai = dns_ai_open(MAIN.qname, "80", MAIN.qtype, &ai_hints, res, &error))) +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index 49b1c78bb..afc19a19a 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -1032,9 +1032,6 @@ DNS_PUBLIC void dns_cache_close(struct dns_cache *); + + #define DNS_OPTS_INITIALIZER_ { 0, 0 }, 0, 0 + #define DNS_OPTS_INITIALIZER { DNS_OPTS_INITIALIZER_ } +-#define DNS_OPTS_INIT(...) { DNS_OPTS_INITIALIZER_, __VA_ARGS__ } +- +-#define dns_opts(...) (&dns_quietinit((struct dns_options)DNS_OPTS_INIT(__VA_ARGS__))) + + struct dns_options { + /* +-- +2.20.1 + diff --git a/0008-libdns-Avoid-using-compound-literals-8.patch b/0008-libdns-Avoid-using-compound-literals-8.patch new file mode 100644 index 0000000..c2f821c --- /dev/null +++ b/0008-libdns-Avoid-using-compound-literals-8.patch @@ -0,0 +1,76 @@ +From 371ae25f8f6f2d1ac030bf984bca479393a5ed43 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Tue, 26 Feb 2019 12:26:02 +0900 +Subject: [PATCH 8/8] libdns: Avoid using compound literals (8). + +* dirmngr/dns.h (dns_quietinit): Remove. +(dns_hints_i_new): Remove. + +-- + +Even before our change, dns_quietinit was questionable macro; There +was no place in dns.c which requires overrides in initializer list. +Only redundant zero were. + +Signed-off-by: NIIBE Yutaka +--- + dirmngr/dns.h | 20 -------------------- + 1 file changed, 20 deletions(-) + +diff --git a/dirmngr/dns.h b/dirmngr/dns.h +index afc19a19a..024d6dcc8 100644 +--- a/dirmngr/dns.h ++++ b/dirmngr/dns.h +@@ -132,19 +132,6 @@ DNS_PUBLIC int *dns_debug_p(void); + /* + * C O M P I L E R A N N O T A T I O N S + * +- * GCC with -Wextra, and clang by default, complain about overrides in +- * initializer lists. Overriding previous member initializers is well +- * defined behavior in C. dns.c relies on this behavior to define default, +- * overrideable member values when instantiating configuration objects. +- * +- * dns_quietinit() guards a compound literal expression with pragmas to +- * silence these shrill warnings. This alleviates the burden of requiring +- * third-party projects to adjust their compiler flags. +- * +- * NOTE: If you take the address of the compound literal, take the address +- * of the transformed expression, otherwise the compound literal lifetime is +- * tied to the scope of the GCC statement expression. +- * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + + #if defined __clang__ +@@ -152,21 +139,15 @@ DNS_PUBLIC int *dns_debug_p(void); + #define DNS_PRAGMA_QUIET _Pragma("clang diagnostic ignored \"-Winitializer-overrides\"") + #define DNS_PRAGMA_POP _Pragma("clang diagnostic pop") + +-#define dns_quietinit(...) \ +- DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP + #elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4 + #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push") + #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"") + #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop") + +-/* GCC parses the _Pragma operator less elegantly than clang. */ +-#define dns_quietinit(...) \ +- __extension__ ({ DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__; DNS_PRAGMA_POP }) + #else + #define DNS_PRAGMA_PUSH + #define DNS_PRAGMA_QUIET + #define DNS_PRAGMA_POP +-#define dns_quietinit(...) __VA_ARGS__ + #endif + + #if defined __GNUC__ +@@ -980,7 +961,6 @@ struct dns_hints_i { + } state; + }; /* struct dns_hints_i */ + +-#define dns_hints_i_new(...) (&(struct dns_hints_i){ __VA_ARGS__ }) + + DNS_PUBLIC unsigned dns_hints_grep(struct sockaddr **, socklen_t *, unsigned, struct dns_hints_i *, struct dns_hints *); + +-- +2.20.1 + diff --git a/gnupg-gpg-agent-ulimit.patch b/gnupg-gpg-agent-ulimit.patch new file mode 100644 index 0000000..735bbdb --- /dev/null +++ b/gnupg-gpg-agent-ulimit.patch @@ -0,0 +1,35 @@ +gpg-agent is in the chain of commands in xinitrc. +It receives a list of commands via argv[] which it is supposed to launch via exec. +In this mode all what matters is a bunch of setenv() of gpg related variables. +At no point it must fiddle with ulimit that was provided by its callers. +In case of xinitrc it was most likely pam_limits which, for example, configured the coredump settings for this session. + +Every code path before the fork() call does no sensitive things, so coredumps do not matter. + +gpg-agent does fork a child in this mode. +That child has the liberty to tweak ulimit in every way it wants. +This is what this patch does. + +Without this patch, all applications launched after gpg-agent are unable to coredump, because systemd-coredump check the ulimit of the crashed process. +As a result, crashes of desktop applications can not be debugged. + +References: bsc#1124847 + +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -1049,7 +1049,6 @@ main (int argc, char **argv ) + gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); + gcry_set_progress_handler (agent_libgcrypt_progress_cb, NULL); + +- disable_core_dumps (); + + /* Set default options. */ + parse_rereadable_options (NULL, 0); /* Reset them to default values. */ +@@ -1738,6 +1737,7 @@ main (int argc, char **argv ) + /* + This is the child + */ ++ disable_core_dumps (); + + initialize_modules (); + diff --git a/gpg2.changes b/gpg2.changes index eded797..4638389 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Tue Feb 26 11:35:29 UTC 2019 - Pedro Monreal Gonzalez + +- Fix build with gcc9 [bsc#1121223] + * Avoid using compound literals + - Upstream bug: https://dev.gnupg.org/T4367 + * Added upstream patches: + - 0001-libdns-Avoid-using-compound-literals.patch + - 0002-libdns-Avoid-using-compound-literals-2.patch + - 0003-libdns-Avoid-using-compound-literals-3.patch + - 0004-libdns-Avoid-using-compound-literals-4.patch + - 0005-libdns-Avoid-using-compound-literals-5.patch + - 0006-libdns-Avoid-using-compound-literals-6.patch + - 0007-libdns-Avoid-using-compound-literals-7.patch + - 0008-libdns-Avoid-using-compound-literals-8.patch + +------------------------------------------------------------------- +Fri Feb 22 19:30:29 UTC 2019 - olaf@aepfle.de + +- Allow coredumps in X11 desktop sessions (bsc#1124847) + gpg-agent unconditionally disables coredumps, which is not + supposed to happen in the code path that does just exec(argv[]) + gnupg-gpg-agent-ulimit.patch + ------------------------------------------------------------------- Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch diff --git a/gpg2.spec b/gpg2.spec index 8aa2772..301113a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -29,12 +29,21 @@ Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes +Patch1124847: gnupg-gpg-agent-ulimit.patch Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.2.8-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: 0001-libdns-Avoid-using-compound-literals.patch +Patch13: 0002-libdns-Avoid-using-compound-literals-2.patch +Patch14: 0003-libdns-Avoid-using-compound-literals-3.patch +Patch15: 0004-libdns-Avoid-using-compound-literals-4.patch +Patch16: 0005-libdns-Avoid-using-compound-literals-5.patch +Patch17: 0006-libdns-Avoid-using-compound-literals-6.patch +Patch18: 0007-libdns-Avoid-using-compound-literals-7.patch +Patch19: 0008-libdns-Avoid-using-compound-literals-8.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -79,12 +88,21 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %prep %setup -q -n gnupg-%{version} +%patch1124847 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build @@ -126,23 +144,23 @@ ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot -# install scdaemon to %{_bindir} (bnc#863645) +# install scdaemon to %%{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules # install legacy tools install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} -# install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} +# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir} %find_lang gnupg2 %fdupes -s %{buildroot} %check # Run only localy, fails in OBS -#%if ! 0%{?qemu_user_space_build} -#make %{?_smp_mflags} check -#%endif +#%%if ! 0%%{?qemu_user_space_build} +#make %%{?_smp_mflags} check +#%%endif %post %udev_rules_update From 3ef4f8ebb3b927e01571835a459d0a89f2465cd58c74bfe9c74cb0952d779d58 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 24 Mar 2019 13:56:19 +0000 Subject: [PATCH 128/156] Accepting request 686408 from Base:System OBS-URL: https://build.opensuse.org/request/show/686408 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=137 --- ...libdns-Avoid-using-compound-literals.patch | 94 ------ ...bdns-Avoid-using-compound-literals-2.patch | 95 ------ ...bdns-Avoid-using-compound-literals-3.patch | 135 -------- ...bdns-Avoid-using-compound-literals-4.patch | 68 ----- ...bdns-Avoid-using-compound-literals-5.patch | 52 ---- ...bdns-Avoid-using-compound-literals-6.patch | 289 ------------------ ...bdns-Avoid-using-compound-literals-7.patch | 130 -------- ...bdns-Avoid-using-compound-literals-8.patch | 76 ----- gnupg-2.2.13.tar.bz2 | 3 - gnupg-2.2.13.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.14.tar.bz2 | 3 + gnupg-2.2.14.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 31 ++ gpg2.spec | 18 +- 14 files changed, 35 insertions(+), 959 deletions(-) delete mode 100644 0001-libdns-Avoid-using-compound-literals.patch delete mode 100644 0002-libdns-Avoid-using-compound-literals-2.patch delete mode 100644 0003-libdns-Avoid-using-compound-literals-3.patch delete mode 100644 0004-libdns-Avoid-using-compound-literals-4.patch delete mode 100644 0005-libdns-Avoid-using-compound-literals-5.patch delete mode 100644 0006-libdns-Avoid-using-compound-literals-6.patch delete mode 100644 0007-libdns-Avoid-using-compound-literals-7.patch delete mode 100644 0008-libdns-Avoid-using-compound-literals-8.patch delete mode 100644 gnupg-2.2.13.tar.bz2 delete mode 100644 gnupg-2.2.13.tar.bz2.sig create mode 100644 gnupg-2.2.14.tar.bz2 create mode 100644 gnupg-2.2.14.tar.bz2.sig diff --git a/0001-libdns-Avoid-using-compound-literals.patch b/0001-libdns-Avoid-using-compound-literals.patch deleted file mode 100644 index 7545bb0..0000000 --- a/0001-libdns-Avoid-using-compound-literals.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 1c405499388fd5bed0968ab5c6c5d1b3373537b9 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 09:42:54 +0900 -Subject: [PATCH 1/8] libdns: Avoid using compound literals. - -* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic -variables. -(dns_poll, dns_send_nopipe): Likewise, adding const qualifier. - --- - -Compound literals is a feature of C99. Because we only use C90 plus -some limited features, in the project, it's better to avoid it. - -Besides, we make sure when it's read-only. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/dirmngr/dns.c b/dirmngr/dns.c -index 210e9f49a..0645d2f55 100644 ---- a/dirmngr/dns.c -+++ b/dirmngr/dns.c -@@ -944,10 +944,11 @@ static int dns_sa_cmp(void *a, void *b) { - #if _WIN32 - static int dns_inet_pton(int af, const void *src, void *dst) { - union { struct sockaddr_in sin; struct sockaddr_in6 sin6; } u; -+ int size_of_u = (int)sizeof u; - - u.sin.sin_family = af; - -- if (0 != WSAStringToAddressA((void *)src, af, (void *)0, (struct sockaddr *)&u, &(int){ sizeof u })) -+ if (0 != WSAStringToAddressA((void *)src, af, (void *)0, (struct sockaddr *)&u, &size_of_u)) - return -1; - - switch (af) { -@@ -1125,6 +1126,7 @@ static inline _Bool dns_isgraph(unsigned char c) { - - static int dns_poll(int fd, short events, int timeout) { - fd_set rset, wset; -+ struct timeval tv = { timeout, 0 }; - - if (!events) - return 0; -@@ -1141,7 +1143,7 @@ static int dns_poll(int fd, short events, int timeout) { - if (events & DNS_POLLOUT) - FD_SET(fd, &wset); - -- select(fd + 1, &rset, &wset, 0, (timeout >= 0)? &(struct timeval){ timeout, 0 } : NULL); -+ select(fd + 1, &rset, &wset, 0, (timeout >= 0)? &tv : NULL); - - return 0; - } /* dns_poll() */ -@@ -1215,9 +1217,10 @@ static size_t dns_send_nopipe(int fd, const void *src, size_t len, int flags, dn - - if (!sigismember(&pending, SIGPIPE)) { - int saved = error; -+ const struct timespec ts = { 0, 0 }; - - if (!count && error == EPIPE) { -- while (-1 == sigtimedwait(&piped, NULL, &(struct timespec){ 0, 0 }) && errno == EINTR) -+ while (-1 == sigtimedwait(&piped, NULL, &ts) && errno == EINTR) - ;; - } - -@@ -7111,7 +7114,8 @@ static int dns_socket(struct sockaddr *local, int type, int *error_) { - - #if defined SO_NOSIGPIPE - if (type != SOCK_DGRAM) { -- if (0 != setsockopt(fd, SOL_SOCKET, SO_NOSIGPIPE, &(int){ 1 }, sizeof (int))) -+ const int v = 1; -+ if (0 != setsockopt(fd, SOL_SOCKET, SO_NOSIGPIPE, &v, sizeof (int))) - goto soerr; - } - #endif -@@ -7487,11 +7491,12 @@ error: - - static _Bool dns_so_tcp_keep(struct dns_socket *so) { - struct sockaddr_storage remote; -+ socklen_t l = sizeof remote; - - if (so->tcp == -1) - return 0; - -- if (0 != getpeername(so->tcp, (struct sockaddr *)&remote, &(socklen_t){ sizeof remote })) -+ if (0 != getpeername(so->tcp, (struct sockaddr *)&remote, &l)) - return 0; - - return 0 == dns_sa_cmp(&remote, &so->remote); --- -2.20.1 - diff --git a/0002-libdns-Avoid-using-compound-literals-2.patch b/0002-libdns-Avoid-using-compound-literals-2.patch deleted file mode 100644 index 685e2fd..0000000 --- a/0002-libdns-Avoid-using-compound-literals-2.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 455ef62d29a112de05897139716265d07e4c6ae3 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 10:04:09 +0900 -Subject: [PATCH 2/8] libdns: Avoid using compound literals (2). - -* dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove. -(dns_strclass1, dns_strclass3): Remove. -(dns_strtype1, dns_strtype3): Remove. -(dns_strsection, dns_strclass, dns_strtype): Directly use the -function. -* dirmngr/dns.c (dns_strsection): Use automatic variable. -(dns_strclass, dns_strtype): Likewise. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns.c | 15 +++++++++------ - dirmngr/dns.h | 16 +++------------- - 2 files changed, 12 insertions(+), 19 deletions(-) - -diff --git a/dirmngr/dns.c b/dirmngr/dns.c -index 0645d2f55..92084d112 100644 ---- a/dirmngr/dns.c -+++ b/dirmngr/dns.c -@@ -10086,8 +10086,9 @@ static const struct { - { "AR", DNS_S_ADDITIONAL }, - }; - --const char *(dns_strsection)(enum dns_section section, void *_dst, size_t lim) { -- struct dns_buf dst = DNS_B_INTO(_dst, lim); -+const char *(dns_strsection)(enum dns_section section) { -+ char _dst[DNS_STRMAXLEN + 1] = { 0 }; -+ struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); - unsigned i; - - for (i = 0; i < lengthof(dns_sections); i++) { -@@ -10135,8 +10136,9 @@ static const struct { - { "IN", DNS_C_IN }, - }; - --const char *(dns_strclass)(enum dns_class type, void *_dst, size_t lim) { -- struct dns_buf dst = DNS_B_INTO(_dst, lim); -+const char *(dns_strclass)(enum dns_class type) { -+ char _dst[DNS_STRMAXLEN + 1] = { 0 }; -+ struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); - unsigned i; - - for (i = 0; i < lengthof(dns_classes); i++) { -@@ -10171,8 +10173,9 @@ enum dns_class dns_iclass(const char *name) { - } /* dns_iclass() */ - - --const char *(dns_strtype)(enum dns_type type, void *_dst, size_t lim) { -- struct dns_buf dst = DNS_B_INTO(_dst, lim); -+const char *(dns_strtype)(enum dns_type type) { -+ char _dst[DNS_STRMAXLEN + 1] = { 0 }; -+ struct dns_buf dst = DNS_B_INTO(_dst, sizeof _dst); - unsigned i; - - for (i = 0; i < lengthof(dns_rrtypes); i++) { -diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 30d0b45af..6dedfbc91 100644 ---- a/dirmngr/dns.h -+++ b/dirmngr/dns.h -@@ -291,25 +291,15 @@ enum dns_rcode { - */ - #define DNS_STRMAXLEN 47 /* "QUESTION|ANSWER|AUTHORITY|ADDITIONAL" */ - --DNS_PUBLIC const char *dns_strsection(enum dns_section, void *, size_t); --#define dns_strsection3(a, b, c) \ -- dns_strsection((a), (b), (c)) --#define dns_strsection1(a) dns_strsection((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) --#define dns_strsection(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strsection, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) -+DNS_PUBLIC const char *dns_strsection(enum dns_section); - - DNS_PUBLIC enum dns_section dns_isection(const char *); - --DNS_PUBLIC const char *dns_strclass(enum dns_class, void *, size_t); --#define dns_strclass3(a, b, c) dns_strclass((a), (b), (c)) --#define dns_strclass1(a) dns_strclass((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) --#define dns_strclass(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strclass, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) -+DNS_PUBLIC const char *dns_strclass(enum dns_class); - - DNS_PUBLIC enum dns_class dns_iclass(const char *); - --DNS_PUBLIC const char *dns_strtype(enum dns_type, void *, size_t); --#define dns_strtype3(a, b, c) dns_strtype((a), (b), (c)) --#define dns_strtype1(a) dns_strtype((a), (char [DNS_STRMAXLEN + 1]){ 0 }, DNS_STRMAXLEN + 1) --#define dns_strtype(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_strtype, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) -+DNS_PUBLIC const char *dns_strtype(enum dns_type); - - DNS_PUBLIC enum dns_type dns_itype(const char *); - --- -2.20.1 - diff --git a/0003-libdns-Avoid-using-compound-literals-3.patch b/0003-libdns-Avoid-using-compound-literals-3.patch deleted file mode 100644 index a897c18..0000000 --- a/0003-libdns-Avoid-using-compound-literals-3.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 72efb7840258808cd892b90d871ea1cc1c31d7f5 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 10:34:03 +0900 -Subject: [PATCH 3/8] libdns: Avoid using compound literals (3). - -* dirmngr/dns.h (dns_p_new): Remove. -* dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic -variable. -(dns_hints_query, dns_res_glue, parse_packet, query_hosts) -(send_query, show_hints, echo_port): Likewise. - --- - -Implicit automatic allocation by compound literals is confusing -for C90 code. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns.c | 27 ++++++++++++++++++--------- - dirmngr/dns.h | 3 --- - 2 files changed, 18 insertions(+), 12 deletions(-) - -diff --git a/dirmngr/dns.c b/dirmngr/dns.c -index 92084d112..6acb4faa2 100644 ---- a/dirmngr/dns.c -+++ b/dirmngr/dns.c -@@ -5278,7 +5278,8 @@ error: - - - struct dns_packet *dns_hosts_query(struct dns_hosts *hosts, struct dns_packet *Q, int *error_) { -- struct dns_packet *P = dns_p_new(512); -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; -+ struct dns_packet *P = dns_p_init(&_P.p, 512); - struct dns_packet *A = 0; - struct dns_rr rr; - struct dns_hosts_entry *ent; -@@ -6839,6 +6840,7 @@ unsigned dns_hints_grep(struct sockaddr **sa, socklen_t *sa_len, unsigned lim, s - - - struct dns_packet *dns_hints_query(struct dns_hints *hints, struct dns_packet *Q, int *error_) { -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; - struct dns_packet *A, *P; - struct dns_rr rr; - char zone[DNS_D_MAXNAME + 1]; -@@ -6856,7 +6858,7 @@ struct dns_packet *dns_hints_query(struct dns_hints *hints, struct dns_packet *Q - else if (zlen >= sizeof zone) - goto toolong; - -- P = dns_p_new(512); -+ P = dns_p_init(&_P.p, 512); - dns_header(P)->qr = 1; - - if ((error = dns_rr_copy(P, &rr, Q))) -@@ -8461,7 +8463,8 @@ error: - - - static struct dns_packet *dns_res_glue(struct dns_resolver *R, struct dns_packet *Q) { -- struct dns_packet *P = dns_p_new(512); -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; -+ struct dns_packet *P = dns_p_init(&_P.p, 512); - char qname[DNS_D_MAXNAME + 1]; - size_t qlen; - enum dns_type qtype; -@@ -10586,8 +10589,10 @@ static void print_packet(struct dns_packet *P, FILE *fp) { - - - static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { -- struct dns_packet *P = dns_p_new(512); -- struct dns_packet *Q = dns_p_new(512); -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _Q = { 0 }; -+ struct dns_packet *P = dns_p_init(&_P.p, 512); -+ struct dns_packet *Q = dns_p_init(&_Q.p, 512); - enum dns_section section; - struct dns_rr rr; - int error; -@@ -10787,7 +10792,8 @@ static int show_hosts(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { - - - static int query_hosts(int argc, char *argv[]) { -- struct dns_packet *Q = dns_p_new(512); -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _Q = { 0 }; -+ struct dns_packet *Q = dns_p_init(&_Q.p, 512); - struct dns_packet *A; - char qname[DNS_D_MAXNAME + 1]; - size_t qlen; -@@ -10905,7 +10911,8 @@ static int dump_random(int argc, char *argv[]) { - - - static int send_query(int argc, char *argv[]) { -- struct dns_packet *A, *Q = dns_p_new(512); -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _Q = { 0 }; -+ struct dns_packet *A, *Q = dns_p_init(&_Q.p, 512); - char host[INET6_ADDRSTRLEN + 1]; - struct sockaddr_storage ss; - struct dns_socket *so; -@@ -10999,9 +11006,10 @@ static int show_hints(int argc, char *argv[]) { - if (0 == strcmp(how, "plain")) { - dns_hints_dump(hints, stdout); - } else { -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; - struct dns_packet *query, *answer; - -- query = dns_p_new(512); -+ query = dns_p_init(&_P.p, 512); - - if ((error = dns_p_push(query, DNS_S_QUESTION, who, strlen(who), DNS_T_A, DNS_C_IN, 0, 0))) - panic("%s: %s", who, dns_strerror(error)); -@@ -11160,7 +11168,8 @@ static int echo_port(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { - panic("127.0.0.1:5353: %s", dns_strerror(errno)); - - for (;;) { -- struct dns_packet *pkt = dns_p_new(512); -+ union { unsigned char b[dns_p_calcsize((512))]; struct dns_packet p; } _P = { 0 }; -+ struct dns_packet *pkt = dns_p_init(&_P.p, 512); - struct sockaddr_storage ss; - socklen_t slen = sizeof ss; - ssize_t count; -diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 6dedfbc91..4a9417120 100644 ---- a/dirmngr/dns.h -+++ b/dirmngr/dns.h -@@ -412,9 +412,6 @@ struct dns_packet { - - #define dns_p_sizeof(P) dns_p_calcsize((P)->end) - --/** takes size of maximum desired payload */ --#define dns_p_new(n) (dns_p_init((struct dns_packet *)&(union { unsigned char b[dns_p_calcsize((n))]; struct dns_packet p; }){ { 0 } }, dns_p_calcsize((n)))) -- - /** takes size of entire packet structure as allocated */ - DNS_PUBLIC struct dns_packet *dns_p_init(struct dns_packet *, size_t); - --- -2.20.1 - diff --git a/0004-libdns-Avoid-using-compound-literals-4.patch b/0004-libdns-Avoid-using-compound-literals-4.patch deleted file mode 100644 index b043443..0000000 --- a/0004-libdns-Avoid-using-compound-literals-4.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 7313a112f9c7ada61d24285313d2e2d069a672e8 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 10:58:16 +0900 -Subject: [PATCH 4/8] libdns: Avoid using compound literals (4). - -* dirmngr/dns.h (dns_d_new*): Remove. -* dirmngr/dns.c (parse_packet): Use dns_d_init with automatic -variable. -(parse_domain): Likewise. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns.c | 8 ++++++-- - dirmngr/dns.h | 5 ----- - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/dirmngr/dns.c b/dirmngr/dns.c -index 6acb4faa2..f6a158789 100644 ---- a/dirmngr/dns.c -+++ b/dirmngr/dns.c -@@ -10632,8 +10632,11 @@ static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { - #if 0 - dns_rr_foreach(&rr, Q, .name = "ns8.yahoo.com.") { - #else -+ char _p[DNS_D_MAXNAME + 1] = { 0 }; -+ const char *dn = "ns8.yahoo.com"; -+ char *_name = dns_d_init(_p, sizeof _p, dn, strlen (dn), DNS_D_ANCHOR); - struct dns_rr rrset[32]; -- struct dns_rr_i *rri = dns_rr_i_new(Q, .name = dns_d_new("ns8.yahoo.com", DNS_D_ANCHOR), .sort = MAIN.sort); -+ struct dns_rr_i *rri = dns_rr_i_new(Q, .name = _name, .sort = MAIN.sort); - unsigned rrcount = dns_rr_grep(rrset, lengthof(rrset), rri, Q, &error); - - for (unsigned i = 0; i < rrcount; i++) { -@@ -10661,13 +10664,14 @@ static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { - - - static int parse_domain(int argc, char *argv[]) { -+ char _p[DNS_D_MAXNAME + 1] = { 0 }; - char *dn; - - dn = (argc > 1)? argv[1] : "f.l.google.com"; - - printf("[%s]\n", dn); - -- dn = dns_d_new(dn); -+ dn = dns_d_init(_p, sizeof _p, dn, strlen (dn), DNS_D_ANCHOR); - - do { - puts(dn); -diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 4a9417120..0953228f8 100644 ---- a/dirmngr/dns.h -+++ b/dirmngr/dns.h -@@ -451,11 +451,6 @@ DNS_PUBLIC int dns_p_study(struct dns_packet *); - #define DNS_D_CLEAVE 2 /* cleave sub-domain */ - #define DNS_D_TRIM 4 /* remove superfluous dots */ - --#define dns_d_new3(a, b, f) dns_d_init(&(char[DNS_D_MAXNAME + 1]){ 0 }, DNS_D_MAXNAME + 1, (a), (b), (f)) --#define dns_d_new2(a, f) dns_d_new3((a), strlen((a)), (f)) --#define dns_d_new1(a) dns_d_new3((a), strlen((a)), DNS_D_ANCHOR) --#define dns_d_new(...) DNS_PP_CALL(DNS_PP_XPASTE(dns_d_new, DNS_PP_NARG(__VA_ARGS__)), __VA_ARGS__) -- - DNS_PUBLIC char *dns_d_init(void *, size_t, const void *, size_t, int); - - DNS_PUBLIC size_t dns_d_anchor(void *, size_t, const void *, size_t); --- -2.20.1 - diff --git a/0005-libdns-Avoid-using-compound-literals-5.patch b/0005-libdns-Avoid-using-compound-literals-5.patch deleted file mode 100644 index 59a75dd..0000000 --- a/0005-libdns-Avoid-using-compound-literals-5.patch +++ /dev/null @@ -1,52 +0,0 @@ -From a1ccfe2b37847cce0db2fb94a7365c9fa501eda4 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 11:43:10 +0900 -Subject: [PATCH 5/8] libdns: Avoid using compound literals (5). - -* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new. -Call dns_rr_grep with NULL. -* dirmngr/dns.c (dns_rr_grep): Support NULL for error_. - --- - -Here we still use C99 feature of struct member initialization in -dns_rr_foreach, for struct dns_rr_i. Note that in C99, it guarantees -non-specified member fields are initialized by zero. So, there's no -need to use dns_rr_i_new at all. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns.c | 3 ++- - dirmngr/dns.h | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/dirmngr/dns.c b/dirmngr/dns.c -index f6a158789..85fd37fb2 100644 ---- a/dirmngr/dns.c -+++ b/dirmngr/dns.c -@@ -3266,7 +3266,8 @@ unsigned dns_rr_grep(struct dns_rr *rr, unsigned lim, struct dns_rr_i *i, struct - - return count; - error: -- *error_ = error; -+ if (error_) -+ *error_ = error; - - return count; - } /* dns_rr_grep() */ -diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 0953228f8..da450c611 100644 ---- a/dirmngr/dns.h -+++ b/dirmngr/dns.h -@@ -542,7 +542,7 @@ DNS_PUBLIC struct dns_rr_i *dns_rr_i_init(struct dns_rr_i *, struct dns_packet * - DNS_PUBLIC unsigned dns_rr_grep(struct dns_rr *, unsigned, struct dns_rr_i *, struct dns_packet *, int *); - - #define dns_rr_foreach_(rr, P, ...) \ -- for (struct dns_rr_i DNS_PP_XPASTE(i, __LINE__) = *dns_rr_i_new((P), __VA_ARGS__); dns_rr_grep((rr), 1, &DNS_PP_XPASTE(i, __LINE__), (P), &(int){ 0 }); ) -+ for (struct dns_rr_i DNS_PP_XPASTE(i, __LINE__) = { __VA_ARGS__ }; dns_rr_grep((rr), 1, &DNS_PP_XPASTE(i, __LINE__), (P), NULL); ) - - #define dns_rr_foreach(...) dns_rr_foreach_(__VA_ARGS__) - --- -2.20.1 - diff --git a/0006-libdns-Avoid-using-compound-literals-6.patch b/0006-libdns-Avoid-using-compound-literals-6.patch deleted file mode 100644 index 58e5d9c..0000000 --- a/0006-libdns-Avoid-using-compound-literals-6.patch +++ /dev/null @@ -1,289 +0,0 @@ -From 6501e59d3685bb58753c9caea729a4b0eca3942a Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 11:55:32 +0900 -Subject: [PATCH 6/8] libdns: Avoid using compound literals (6). - -* dirmngr/dns.h (dns_rr_i_new): Remove. -(dns_rr_i_init): Remove unused second argument. -* dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet) -(parse_packet): Use automatic variable for struct dns_rr_i. -(dns_d_cname): No need to call dns_rr_i_init after memset 0. -(dns_rr_i_init): Remove unused second argument. Return nothing. -* dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns) -(getsrv_libdns): Follow the change of dns_rr_i_init. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns-stuff.c | 6 ++-- - dirmngr/dns.c | 73 +++++++++++++++++++++++++++++---------------- - dirmngr/dns.h | 5 +--- - 3 files changed, 51 insertions(+), 33 deletions(-) - -diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c -index 7aa07c716..a1aa3145e 100644 ---- a/dirmngr/dns-stuff.c -+++ b/dirmngr/dns-stuff.c -@@ -1168,7 +1168,7 @@ resolve_addr_libdns (ctrl_t ctrl, - struct dns_rr_i rri; - - memset (&rri, 0, sizeof rri); -- dns_rr_i_init (&rri, ans); -+ dns_rr_i_init (&rri); - rri.section = DNS_S_ALL & ~DNS_S_QD; - rri.name = host; - rri.type = DNS_T_PTR; -@@ -1459,7 +1459,7 @@ get_dns_cert_libdns (ctrl_t ctrl, const char *name, int want_certtype, - goto leave; - - memset (&rri, 0, sizeof rri); -- dns_rr_i_init (&rri, ans); -+ dns_rr_i_init (&rri); - rri.section = DNS_S_ALL & ~DNS_S_QD; - rri.name = host; - rri.type = qtype; -@@ -1889,7 +1889,7 @@ getsrv_libdns (ctrl_t ctrl, - goto leave; - - memset (&rri, 0, sizeof rri); -- dns_rr_i_init (&rri, ans); -+ dns_rr_i_init (&rri); - rri.section = DNS_S_ALL & ~DNS_S_QD; - rri.name = host; - rri.type = DNS_T_SRV; -diff --git a/dirmngr/dns.c b/dirmngr/dns.c -index 85fd37fb2..9da44cd77 100644 ---- a/dirmngr/dns.c -+++ b/dirmngr/dns.c -@@ -2217,7 +2217,8 @@ static void dns_p_dump3(struct dns_packet *P, struct dns_rr_i *I, FILE *fp) { - - - void dns_p_dump(struct dns_packet *P, FILE *fp) { -- dns_p_dump3(P, dns_rr_i_new(P, .section = 0), fp); -+ struct dns_rr_i _I = { 0 }; -+ dns_p_dump3(P, &_I, fp); - } /* dns_p_dump() */ - - -@@ -2796,8 +2797,7 @@ size_t dns_d_cname(void *dst, size_t lim, const void *dn, size_t len, struct dns - { error = ENAMETOOLONG; goto error; } - - for (depth = 0; depth < 7; depth++) { -- dns_rr_i_init(memset(&i, 0, sizeof i), P); -- -+ memset(&i, 0, sizeof i); - i.section = DNS_S_ALL & ~DNS_S_QD; - i.name = host; - i.type = DNS_T_CNAME; -@@ -3222,15 +3222,11 @@ int dns_rr_i_shuffle(struct dns_rr *a, struct dns_rr *b, struct dns_rr_i *i, str - } /* dns_rr_i_shuffle() */ - - --struct dns_rr_i *dns_rr_i_init(struct dns_rr_i *i, struct dns_packet *P) { -+void dns_rr_i_init(struct dns_rr_i *i) { - static const struct dns_rr_i i_initializer; - -- (void)P; -- - i->state = i_initializer.state; - i->saved = i->state; -- -- return i; - } /* dns_rr_i_init() */ - - -@@ -6850,8 +6846,11 @@ struct dns_packet *dns_hints_query(struct dns_hints *hints, struct dns_packet *Q - struct sockaddr *sa; - socklen_t slen; - int error; -+ struct dns_rr_i _I = { 0 }; - -- if (!dns_rr_grep(&rr, 1, dns_rr_i_new(Q, .section = DNS_S_QUESTION), Q, &error)) -+ _I.section = DNS_S_QUESTION; -+ -+ if (!dns_rr_grep(&rr, 1, &_I, Q, &error)) - goto error; - - if (!(zlen = dns_d_expand(zone, sizeof zone, rr.dn.p, Q, &error))) -@@ -8537,12 +8536,22 @@ static int dns_res_nameserv_cmp(struct dns_rr *a, struct dns_rr *b, struct dns_r - struct dns_ns ns; - int cmp, error; - -- if (!(error = dns_ns_parse(&ns, a, P))) -- glued[0] = !!dns_rr_grep(&x, 1, dns_rr_i_new(P, .section = (DNS_S_ALL & ~DNS_S_QD), .name = ns.host, .type = DNS_T_A), P, &error); -+ if (!(error = dns_ns_parse(&ns, a, P))) { -+ struct dns_rr_i _I = { 0 }; - -- if (!(error = dns_ns_parse(&ns, b, P))) -- glued[1] = !!dns_rr_grep(&y, 1, dns_rr_i_new(P, .section = (DNS_S_ALL & ~DNS_S_QD), .name = ns.host, .type = DNS_T_A), P, &error); -+ _I.section = (DNS_S_ALL & ~DNS_S_QD); -+ _I.name = ns.host; -+ _I.type = DNS_T_A; -+ glued[0] = !!dns_rr_grep(&x, 1, &_I, P, &error); -+ } -+ if (!(error = dns_ns_parse(&ns, b, P))) { -+ struct dns_rr_i _I = { 0 }; - -+ _I.section = (DNS_S_ALL & ~DNS_S_QD); -+ _I.name = ns.host; -+ _I.type = DNS_T_A; -+ glued[1] = !!dns_rr_grep(&y, 1, &_I, P, &error); -+ } - if ((cmp = glued[1] - glued[0])) { - return cmp; - } else if ((cmp = (dns_rr_offset(&y) < i->args[0]) - (dns_rr_offset(&x) < i->args[0]))) { -@@ -8743,7 +8752,7 @@ exec: - - F->state++; /* FALL THROUGH */ - case DNS_R_ITERATE: -- dns_rr_i_init(&F->hints_i, F->hints); -+ dns_rr_i_init(&F->hints_i); - - F->hints_i.section = DNS_S_AUTHORITY; - F->hints_i.type = DNS_T_NS; -@@ -8762,7 +8771,7 @@ exec: - dgoto(R->sp, DNS_R_SWITCH); - } - -- dns_rr_i_init(&F->hints_j, F->hints); -+ dns_rr_i_init(&F->hints_j); - - /* Assume there are glue records */ - dgoto(R->sp, DNS_R_FOREACH_A); -@@ -8815,14 +8824,14 @@ exec: - if (!dns_rr_i_count(&F->hints_j)) { - /* Check if we have in fact servers - with an IPv6 address. */ -- dns_rr_i_init(&F->hints_j, F->hints); -+ dns_rr_i_init(&F->hints_j); - F->hints_j.name = u.ns.host; - F->hints_j.type = DNS_T_AAAA; - F->hints_j.section = DNS_S_ALL & ~DNS_S_QD; - if (dns_rr_grep(&rr, 1, &F->hints_j, F->hints, &error)) { - /* We do. Reinitialize - iterator and handle it. */ -- dns_rr_i_init(&F->hints_j, F->hints); -+ dns_rr_i_init(&F->hints_j); - dgoto(R->sp, DNS_R_FOREACH_AAAA); - } - -@@ -8951,14 +8960,14 @@ exec: - if (!dns_rr_i_count(&F->hints_j)) { - /* Check if we have in fact servers - with an IPv4 address. */ -- dns_rr_i_init(&F->hints_j, F->hints); -+ dns_rr_i_init(&F->hints_j); - F->hints_j.name = u.ns.host; - F->hints_j.type = DNS_T_A; - F->hints_j.section = DNS_S_ALL & ~DNS_S_QD; - if (dns_rr_grep(&rr, 1, &F->hints_j, F->hints, &error)) { - /* We do. Reinitialize - iterator and handle it. */ -- dns_rr_i_init(&F->hints_j, F->hints); -+ dns_rr_i_init(&F->hints_j); - dgoto(R->sp, DNS_R_FOREACH_A); - } - -@@ -9096,7 +9105,7 @@ exec: - R->smart.section = DNS_S_AN; - R->smart.type = R->qtype; - -- dns_rr_i_init(&R->smart, F->answer); -+ dns_rr_i_init(&R->smart); - - F->state++; /* FALL THROUGH */ - case DNS_R_SMART0_A: -@@ -9840,7 +9849,7 @@ exec: - return error; - - dns_strlcpy(ai->i_cname, ai->cname, sizeof ai->i_cname); -- dns_rr_i_init(&ai->i, ai->answer); -+ dns_rr_i_init(&ai->i); - ai->i.section = DNS_S_AN; - ai->i.name = ai->i_cname; - ai->i.type = dns_ai_qtype(ai); -@@ -9887,7 +9896,7 @@ exec: - ai->state++; /* FALL THROUGH */ - case DNS_AI_S_ITERATE_G: - dns_strlcpy(ai->g_cname, ai->cname, sizeof ai->g_cname); -- dns_rr_i_init(&ai->g, ai->glue); -+ dns_rr_i_init(&ai->g); - ai->g.section = DNS_S_ALL & ~DNS_S_QD; - ai->g.name = ai->g_cname; - ai->g.type = ai->af.qtype; -@@ -9906,8 +9915,14 @@ exec: - - return dns_ai_setent(ent, &any, rr.type, ai); - case DNS_AI_S_SUBMIT_G: -+ { -+ struct dns_rr_i _I = { 0 }; -+ -+ _I.section = DNS_S_QD; -+ _I.name = ai->g.name; -+ _I.type = ai->g.type; - /* skip if already queried */ -- if (dns_rr_grep(&rr, 1, dns_rr_i_new(ai->glue, .section = DNS_S_QD, .name = ai->g.name, .type = ai->g.type), ai->glue, &error)) -+ if (dns_rr_grep(&rr, 1, &_I, ai->glue, &error)) - dns_ai_goto(DNS_AI_S_FOREACH_I); - /* skip if we recursed (CNAME chains should have been handled in the resolver) */ - if (++ai->g_depth > 1) -@@ -9916,7 +9931,8 @@ exec: - if ((error = dns_res_submit(ai->res, ai->g.name, ai->g.type, DNS_C_IN))) - return error; - -- ai->state++; /* FALL THROUGH */ -+ ai->state++; -+ } /* FALL THROUGH */ - case DNS_AI_S_CHECK_G: - if ((error = dns_res_check(ai->res))) - return error; -@@ -10582,7 +10598,9 @@ static struct dns_trace *trace(const char *mode) { - - - static void print_packet(struct dns_packet *P, FILE *fp) { -- dns_p_dump3(P, dns_rr_i_new(P, .sort = MAIN.sort), fp); -+ struct dns_rr_i _I = { 0 }; -+ I.sort = MAIN.sort; -+ dns_p_dump3(P, &I, fp); - - if (MAIN.verbose > 2) - hexdump(P->data, P->end, fp); -@@ -10637,9 +10655,12 @@ static int parse_packet(int argc DNS_NOTUSED, char *argv[] DNS_NOTUSED) { - const char *dn = "ns8.yahoo.com"; - char *_name = dns_d_init(_p, sizeof _p, dn, strlen (dn), DNS_D_ANCHOR); - struct dns_rr rrset[32]; -- struct dns_rr_i *rri = dns_rr_i_new(Q, .name = _name, .sort = MAIN.sort); -+ struct dns_rr_i _I = { 0 }; -+ struct dns_rr_i *rri = &I; - unsigned rrcount = dns_rr_grep(rrset, lengthof(rrset), rri, Q, &error); - -+ I.name = _name; -+ I.sort = MAIN.sort; - for (unsigned i = 0; i < rrcount; i++) { - rr = rrset[i]; - #endif -diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index da450c611..49b1c78bb 100644 ---- a/dirmngr/dns.h -+++ b/dirmngr/dns.h -@@ -503,9 +503,6 @@ DNS_PUBLIC int dns_rr_cmp(struct dns_rr *, struct dns_packet *, struct dns_rr *, - DNS_PUBLIC size_t dns_rr_print(void *, size_t, struct dns_rr *, struct dns_packet *, int *); - - --#define dns_rr_i_new(P, ...) \ -- dns_rr_i_init(&dns_quietinit((struct dns_rr_i){ 0, __VA_ARGS__ }), (P)) -- - struct dns_rr_i { - enum dns_section section; - const void *name; -@@ -533,7 +530,7 @@ DNS_PUBLIC int dns_rr_i_order(struct dns_rr *, struct dns_rr *, struct dns_rr_i - - DNS_PUBLIC int dns_rr_i_shuffle(struct dns_rr *, struct dns_rr *, struct dns_rr_i *, struct dns_packet *); - --DNS_PUBLIC struct dns_rr_i *dns_rr_i_init(struct dns_rr_i *, struct dns_packet *); -+DNS_PUBLIC void dns_rr_i_init(struct dns_rr_i *); - - #define dns_rr_i_save(i) ((i)->saved = (i)->state) - #define dns_rr_i_rewind(i) ((i)->state = (i)->saved) --- -2.20.1 - diff --git a/0007-libdns-Avoid-using-compound-literals-7.patch b/0007-libdns-Avoid-using-compound-literals-7.patch deleted file mode 100644 index 6910183..0000000 --- a/0007-libdns-Avoid-using-compound-literals-7.patch +++ /dev/null @@ -1,130 +0,0 @@ -From d661acd483236d34720a4959fc816d05f89c2cb7 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 12:13:35 +0900 -Subject: [PATCH 7/8] libdns: Avoid using compound literals (7). - -* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove. -* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized -automatic variable for opts. -* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo): -Likewise. - --- - -In fact, DNS_OPTS_INIT was only needed when args are none. With -partially specified initialization, C99 guarantees zero-ed other -members just like static object. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns-stuff.c | 10 ++++++---- - dirmngr/dns.c | 15 ++++++++++----- - dirmngr/dns.h | 3 --- - 3 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c -index a1aa3145e..e48aca730 100644 ---- a/dirmngr/dns-stuff.c -+++ b/dirmngr/dns-stuff.c -@@ -701,6 +701,11 @@ libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res) - gpg_error_t err; - struct dns_resolver *res; - int derr; -+ struct dns_options opts = { 0 }; -+ -+ opts.socks_host = &libdns.socks_host; -+ opts.socks_user = tor_socks_user; -+ opts.socks_password = tor_socks_password; - - *r_res = NULL; - -@@ -726,10 +731,7 @@ libdns_res_open (ctrl_t ctrl, struct dns_resolver **r_res) - set_dns_timeout (0); - - res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL, -- dns_opts (.socks_host = &libdns.socks_host, -- .socks_user = tor_socks_user, -- .socks_password = tor_socks_password ), -- &derr); -+ &opts, &derr); - if (!res) - return libdns_error_to_gpg_error (derr); - -diff --git a/dirmngr/dns.c b/dirmngr/dns.c -index 9da44cd77..fa5e5283d 100644 ---- a/dirmngr/dns.c -+++ b/dirmngr/dns.c -@@ -10943,6 +10943,7 @@ static int send_query(int argc, char *argv[]) { - struct sockaddr_storage ss; - struct dns_socket *so; - int error, type; -+ struct dns_options opts = { 0 }; - - memset(&ss, 0, sizeof ss); - if (argc > 1) { -@@ -10977,7 +10978,7 @@ static int send_query(int argc, char *argv[]) { - - fprintf(stderr, "querying %s for %s IN %s\n", host, MAIN.qname, dns_strtype(MAIN.qtype)); - -- if (!(so = dns_so_open((struct sockaddr *)&resconf()->iface, type, dns_opts(), &error))) -+ if (!(so = dns_so_open((struct sockaddr *)&resconf()->iface, type, &opts, &error))) - panic("dns_so_open: %s", dns_strerror(error)); - - while (!(A = dns_so_query(so, Q, (struct sockaddr *)&ss, &error))) { -@@ -11061,6 +11062,11 @@ static int resolve_query(int argc DNS_NOTUSED, char *argv[]) { - struct dns_packet *ans; - const struct dns_stat *st; - int error; -+ struct dns_options opts = { 0 }; -+ -+ opts.socks_host = &MAIN.socks_host; -+ opts.socks_user = MAIN.socks_user; -+ opts.socks_password = MAIN.socks_password; - - if (!MAIN.qname) - MAIN.qname = "www.google.com"; -@@ -11070,9 +11076,7 @@ static int resolve_query(int argc DNS_NOTUSED, char *argv[]) { - resconf()->options.recurse = recurse; - - if (!(R = dns_res_open(resconf(), hosts(), dns_hints_mortal(hints(resconf(), &error)), cache(), -- dns_opts(.socks_host=&MAIN.socks_host, -- .socks_user=MAIN.socks_user, -- .socks_password=MAIN.socks_password), &error))) -+ &opts, &error))) - panic("%s: %s", MAIN.qname, dns_strerror(error)); - - dns_res_settrace(R, trace("w+b")); -@@ -11116,6 +11120,7 @@ static int resolve_addrinfo(int argc DNS_NOTUSED, char *argv[]) { - struct addrinfo *ent; - char pretty[512]; - int error; -+ struct dns_options opts = { 0 }; - - if (!MAIN.qname) - MAIN.qname = "www.google.com"; -@@ -11123,7 +11128,7 @@ static int resolve_addrinfo(int argc DNS_NOTUSED, char *argv[]) { - - resconf()->options.recurse = recurse; - -- if (!(res = dns_res_open(resconf(), hosts(), dns_hints_mortal(hints(resconf(), &error)), cache(), dns_opts(), &error))) -+ if (!(res = dns_res_open(resconf(), hosts(), dns_hints_mortal(hints(resconf(), &error)), cache(), &opts, &error))) - panic("%s: %s", MAIN.qname, dns_strerror(error)); - - if (!(ai = dns_ai_open(MAIN.qname, "80", MAIN.qtype, &ai_hints, res, &error))) -diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index 49b1c78bb..afc19a19a 100644 ---- a/dirmngr/dns.h -+++ b/dirmngr/dns.h -@@ -1032,9 +1032,6 @@ DNS_PUBLIC void dns_cache_close(struct dns_cache *); - - #define DNS_OPTS_INITIALIZER_ { 0, 0 }, 0, 0 - #define DNS_OPTS_INITIALIZER { DNS_OPTS_INITIALIZER_ } --#define DNS_OPTS_INIT(...) { DNS_OPTS_INITIALIZER_, __VA_ARGS__ } -- --#define dns_opts(...) (&dns_quietinit((struct dns_options)DNS_OPTS_INIT(__VA_ARGS__))) - - struct dns_options { - /* --- -2.20.1 - diff --git a/0008-libdns-Avoid-using-compound-literals-8.patch b/0008-libdns-Avoid-using-compound-literals-8.patch deleted file mode 100644 index c2f821c..0000000 --- a/0008-libdns-Avoid-using-compound-literals-8.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 371ae25f8f6f2d1ac030bf984bca479393a5ed43 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Tue, 26 Feb 2019 12:26:02 +0900 -Subject: [PATCH 8/8] libdns: Avoid using compound literals (8). - -* dirmngr/dns.h (dns_quietinit): Remove. -(dns_hints_i_new): Remove. - --- - -Even before our change, dns_quietinit was questionable macro; There -was no place in dns.c which requires overrides in initializer list. -Only redundant zero were. - -Signed-off-by: NIIBE Yutaka ---- - dirmngr/dns.h | 20 -------------------- - 1 file changed, 20 deletions(-) - -diff --git a/dirmngr/dns.h b/dirmngr/dns.h -index afc19a19a..024d6dcc8 100644 ---- a/dirmngr/dns.h -+++ b/dirmngr/dns.h -@@ -132,19 +132,6 @@ DNS_PUBLIC int *dns_debug_p(void); - /* - * C O M P I L E R A N N O T A T I O N S - * -- * GCC with -Wextra, and clang by default, complain about overrides in -- * initializer lists. Overriding previous member initializers is well -- * defined behavior in C. dns.c relies on this behavior to define default, -- * overrideable member values when instantiating configuration objects. -- * -- * dns_quietinit() guards a compound literal expression with pragmas to -- * silence these shrill warnings. This alleviates the burden of requiring -- * third-party projects to adjust their compiler flags. -- * -- * NOTE: If you take the address of the compound literal, take the address -- * of the transformed expression, otherwise the compound literal lifetime is -- * tied to the scope of the GCC statement expression. -- * - * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ - - #if defined __clang__ -@@ -152,21 +139,15 @@ DNS_PUBLIC int *dns_debug_p(void); - #define DNS_PRAGMA_QUIET _Pragma("clang diagnostic ignored \"-Winitializer-overrides\"") - #define DNS_PRAGMA_POP _Pragma("clang diagnostic pop") - --#define dns_quietinit(...) \ -- DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__ DNS_PRAGMA_POP - #elif (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) || __GNUC__ > 4 - #define DNS_PRAGMA_PUSH _Pragma("GCC diagnostic push") - #define DNS_PRAGMA_QUIET _Pragma("GCC diagnostic ignored \"-Woverride-init\"") - #define DNS_PRAGMA_POP _Pragma("GCC diagnostic pop") - --/* GCC parses the _Pragma operator less elegantly than clang. */ --#define dns_quietinit(...) \ -- __extension__ ({ DNS_PRAGMA_PUSH DNS_PRAGMA_QUIET __VA_ARGS__; DNS_PRAGMA_POP }) - #else - #define DNS_PRAGMA_PUSH - #define DNS_PRAGMA_QUIET - #define DNS_PRAGMA_POP --#define dns_quietinit(...) __VA_ARGS__ - #endif - - #if defined __GNUC__ -@@ -980,7 +961,6 @@ struct dns_hints_i { - } state; - }; /* struct dns_hints_i */ - --#define dns_hints_i_new(...) (&(struct dns_hints_i){ __VA_ARGS__ }) - - DNS_PUBLIC unsigned dns_hints_grep(struct sockaddr **, socklen_t *, unsigned, struct dns_hints_i *, struct dns_hints *); - --- -2.20.1 - diff --git a/gnupg-2.2.13.tar.bz2 b/gnupg-2.2.13.tar.bz2 deleted file mode 100644 index a3bf899..0000000 --- a/gnupg-2.2.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:76c787a955f9e6e0ead47c9be700bfb9d454f955a7b7c7e697aa719bac7b11d8 -size 6702712 diff --git a/gnupg-2.2.13.tar.bz2.sig b/gnupg-2.2.13.tar.bz2.sig deleted file mode 100644 index e7f36d25729498eeaaeed5e9cec15bdb6f0297115b062edeede743e26432dedf..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$gJ8c>oFt5G0#9 z(oZGhw%^_e0FBPc&tMOUq-95t^r;hP1E zx(X~-DA$6;jOobBUBWb(?KN$F0lZ!-;;>)>k3>9p^V>zXsJm3%%5w^K1-g)QCC$W` z%ohnzY}Mw4V=&~~pGjRc%tDxM^-;i$(A405-@{{24dIeEY&` zd_o}GmFL2k*^yxL?{gM)Rtai9{a^zrW{tHj_)*R2H2>w Ioumu3+)~P#zyJUM diff --git a/gnupg-2.2.14.tar.bz2 b/gnupg-2.2.14.tar.bz2 new file mode 100644 index 0000000..a2f783b --- /dev/null +++ b/gnupg-2.2.14.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1bf9ed46dc1ec5d8cfa13ba1ad47f94981f3b6a7ec16ad9123cc2549c4cbf87b +size 6707735 diff --git a/gnupg-2.2.14.tar.bz2.sig b/gnupg-2.2.14.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..ac112686a2b0187f177ff8a79d17191dea64927a1b6d6e753d44484cf3d2f611 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$h;G`~V6G5G0#9 z(oZGhwsnXH{vxk&%c3fBJf?uk9mFhogXtV%g+wfeY*PyM8z8OM+5G ze^D7s9&fyZG#+Se94UVgq@PD<|NgpG{R$l(hR<)spl@Iw9}GH%HN38OKMHa=iDeos zcX&=OR&R(mxPj=FsGPxrB}gg+xIB#ia-(o&Kh;O_A2ZRB;-MXbMv>K2`D<5?(zkxw IKJm2TRgT|_u>b%7 literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 4638389..55c2c64 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue Mar 19 12:11:23 UTC 2019 - Karol Babioch + +- Update to 2.2.14: + * gpg: Allow import of PGP desktop exported secret keys. Also avoid + importing secret keys if the secret keyblock is not valid. + * gpg: Do not error out on version 5 keys in the local keyring. + * gpg: Make invalid primary key algo obvious in key listings. + * sm: Do not mark a certificate in a key listing as de-vs compliant + if its use for a signature will not be possible. + * sm: Fix certificate creation with key on card. + * sm: Create rsa3072 bit certificates by default. + * sm: Print Yubikey attestation extensions with --dump-cert. + * agent: Fix cancellation handling for scdaemon. + * agent: Support --mode=ssh option for CLEAR_PASSPHRASE. + * scd: Fix flushing of the CA-FPR DOs in app-openpgp. + * scd: Avoid a conflict error with the "undefined" app. + * dirmngr: Add CSRF protection exception for protonmail. + * dirmngr: Fix build problems with gcc 9 in libdns. + * gpgconf: New option --show-socket for use wity --launch. + * gpgtar: Make option -C work for archive creation. +- Removed patches that are included upstream by now: + - 0001-libdns-Avoid-using-compound-literals.patch + - 0002-libdns-Avoid-using-compound-literals-2.patch + - 0003-libdns-Avoid-using-compound-literals-3.patch + - 0004-libdns-Avoid-using-compound-literals-4.patch + - 0005-libdns-Avoid-using-compound-literals-5.patch + - 0006-libdns-Avoid-using-compound-literals-6.patch + - 0007-libdns-Avoid-using-compound-literals-7.patch + - 0008-libdns-Avoid-using-compound-literals-8.patch + ------------------------------------------------------------------- Tue Feb 26 11:35:29 UTC 2019 - Pedro Monreal Gonzalez diff --git a/gpg2.spec b/gpg2.spec index 301113a..732c38b 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.13 +Version: 2.2.14 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -36,14 +36,6 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: 0001-libdns-Avoid-using-compound-literals.patch -Patch13: 0002-libdns-Avoid-using-compound-literals-2.patch -Patch14: 0003-libdns-Avoid-using-compound-literals-3.patch -Patch15: 0004-libdns-Avoid-using-compound-literals-4.patch -Patch16: 0005-libdns-Avoid-using-compound-literals-5.patch -Patch17: 0006-libdns-Avoid-using-compound-literals-6.patch -Patch18: 0007-libdns-Avoid-using-compound-literals-7.patch -Patch19: 0008-libdns-Avoid-using-compound-literals-8.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -95,14 +87,6 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build From ed6f0b9044e86f8c104b1b6a986b4f5b60069685c6cdba6ae617d9974c066bc4 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 29 Mar 2019 19:33:03 +0000 Subject: [PATCH 129/156] Accepting request 689296 from Base:System OBS-URL: https://build.opensuse.org/request/show/689296 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=138 --- gnupg-2.2.14.tar.bz2 | 3 --- gnupg-2.2.14.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.15.tar.bz2 | 3 +++ gnupg-2.2.15.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 12 ++++++++++++ gpg2.spec | 2 +- 6 files changed, 16 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.14.tar.bz2 delete mode 100644 gnupg-2.2.14.tar.bz2.sig create mode 100644 gnupg-2.2.15.tar.bz2 create mode 100644 gnupg-2.2.15.tar.bz2.sig diff --git a/gnupg-2.2.14.tar.bz2 b/gnupg-2.2.14.tar.bz2 deleted file mode 100644 index a2f783b..0000000 --- a/gnupg-2.2.14.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1bf9ed46dc1ec5d8cfa13ba1ad47f94981f3b6a7ec16ad9123cc2549c4cbf87b -size 6707735 diff --git a/gnupg-2.2.14.tar.bz2.sig b/gnupg-2.2.14.tar.bz2.sig deleted file mode 100644 index ac112686a2b0187f177ff8a79d17191dea64927a1b6d6e753d44484cf3d2f611..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$h;G`~V6G5G0#9 z(oZGhwsnXH{vxk&%c3fBJf?uk9mFhogXtV%g+wfeY*PyM8z8OM+5G ze^D7s9&fyZG#+Se94UVgq@PD<|NgpG{R$l(hR<)spl@Iw9}GH%HN38OKMHa=iDeos zcX&=OR&R(mxPj=FsGPxrB}gg+xIB#ia-(o&Kh;O_A2ZRB;-MXbMv>K2`D<5?(zkxw IKJm2TRgT|_u>b%7 diff --git a/gnupg-2.2.15.tar.bz2 b/gnupg-2.2.15.tar.bz2 new file mode 100644 index 0000000..eabca8c --- /dev/null +++ b/gnupg-2.2.15.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cb8ce298d7b36558ffc48aec961b14c830ff1783eef7a623411188b5e0f5d454 +size 6705912 diff --git a/gnupg-2.2.15.tar.bz2.sig b/gnupg-2.2.15.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..6a63f63dd95e76ef55fad1fdfecb2cc851716a5ca280b5445f16bdacac637828 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$iFgcmN6s5G0#9 z(oZGhw(Us=|3<{%-uW@ zfaZAr!dFE<5*lABm`sN(_9(kX6ah9ExE8J=93G$(vaB(;^ShFf)xyD&ahCIo$2#=u zJbg_mnXrzdZ+1Z*h~!4Q3u9q+pC*1ziN1v2QZYB<6Cp|~bFcILH7=2w4*q`HMu#{z z9K&XzF!8^1T)&3EOIsm + +- Update to 2.2.15 + * sm: Allow decryption even if expired keys are configured. + * agent: Change command KEYINFO to print ssh fingerprints with other + hash algos. + * dirmngr: Fix build problems on Solaris due to the use of reserved + symbol names. + * wkd: New commands --print-wkd-hash and --print-wkd-url for + gpg-wks-client. + ------------------------------------------------------------------- Tue Mar 19 12:11:23 UTC 2019 - Karol Babioch diff --git a/gpg2.spec b/gpg2.spec index 732c38b..3bbb94f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.14 +Version: 2.2.15 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 6cee522ee4d61f0581befcb9218d99cede3b2129f9c4e30771aa77178a707da8 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 2 Jun 2019 13:15:31 +0000 Subject: [PATCH 130/156] Accepting request 706484 from Base:System OBS-URL: https://build.opensuse.org/request/show/706484 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=139 --- gnupg-2.2.15.tar.bz2 | 3 --- gnupg-2.2.15.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.16.tar.bz2 | 3 +++ gnupg-2.2.16.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 36 ++++++++++++++++++++++++++++++++++++ gpg2.spec | 2 +- 6 files changed, 40 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.15.tar.bz2 delete mode 100644 gnupg-2.2.15.tar.bz2.sig create mode 100644 gnupg-2.2.16.tar.bz2 create mode 100644 gnupg-2.2.16.tar.bz2.sig diff --git a/gnupg-2.2.15.tar.bz2 b/gnupg-2.2.15.tar.bz2 deleted file mode 100644 index eabca8c..0000000 --- a/gnupg-2.2.15.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cb8ce298d7b36558ffc48aec961b14c830ff1783eef7a623411188b5e0f5d454 -size 6705912 diff --git a/gnupg-2.2.15.tar.bz2.sig b/gnupg-2.2.15.tar.bz2.sig deleted file mode 100644 index 6a63f63dd95e76ef55fad1fdfecb2cc851716a5ca280b5445f16bdacac637828..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$iFgcmN6s5G0#9 z(oZGhw(Us=|3<{%-uW@ zfaZAr!dFE<5*lABm`sN(_9(kX6ah9ExE8J=93G$(vaB(;^ShFf)xyD&ahCIo$2#=u zJbg_mnXrzdZ+1Z*h~!4Q3u9q+pC*1ziN1v2QZYB<6Cp|~bFcILH7=2w4*q`HMu#{z z9K&XzF!8^1T)&3EOIsmo@?CF8aQ0$lA=82}0i5G0#9 z(oZGhwxD(g|56ycpg_wNkOOsfXL9eiLy>9CC}o!z)Jv^8s_ONQlbC#9f9nK789wHi z+jf|wEt;|5tTJYTuPdfRx`CV-%fw>5nM?9N^UD5#85YMn zjBco3bj0eGfk>E(1A|X5u_e&f2}oN^vKZVT*g#q?u`FWA@|glq;&CZ~4}840oPNh~ IS)6sbbua#x(f|Me literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index c530315..af0295a 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Thu May 30 08:00:37 UTC 2019 - Pedro Monreal Gonzalez + +- Update to 2.2.16 + * gpg: Fixed i18n markup of some strings. + * gpg: Allow deletion of subkeys with --delete-[secret-]key. + * gpg: Do not bail on an invalid packet in the local keyring. + * gpg: Do not allow creation of user ids larger than our parser allows. + * gpg: Do not delete any keys if --dry-run is passed. + * gpg: Fix using --decrypt along with --use-embedded-filename. + * gpg: Improve the photo image viewer selection. + * gpg: enable OpenPGP export of cleartext keys with comments. + * gpg: Do not print a hint to use the deprecated --keyserver option. + * gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. + * gpg: Use just the addrspec from the Signer's UID. + * gpg: Accept also armored data from the WKD. + * gpg: Set a limit of 5 to the number of keys imported from the WKD. + * gpg: Don't use EdDSA algo ID for ECDSA curves. + * agent: Stop scdaemon after reload when disable_scdaemon. + * agent: For SSH key, don't put NUL-byte at the end. + * agent: correct length for uri and comment on 64-bit big-endian platforms + * dirmngr: Allow for other hash algorithms than SHA-1 in OCSP. + * dirmngr: Improve domaininfo cache update algorithm. + * dirmngr: Better error code for http status 413. + * g10: Fix possible null dereference. + * g10: Fix double free when locating by mbox. + * g10: Fix symmetric cipher algo constant for ECDH. + * sm: Avoid confusing diagnostic for the default key. + * sm: Fix a warning in an es_fopencooie function. + * gpgconf: Before --launch check that the config file is fine. + * gpgconf: Support --homedir for --launch. + * build: Update m4/iconv.m4. + * doc: correct documentation for gpgconf --kill. + * scd: Add dummy option --application-priority. + * common: Fix AWK portability. + ------------------------------------------------------------------- Thu Mar 28 08:48:36 UTC 2019 - Karol Babioch diff --git a/gpg2.spec b/gpg2.spec index 3bbb94f..6130623 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.15 +Version: 2.2.16 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 3fe760ae39a16936efe37defc68ff9257a588ee1e06cb4505a0d1c7ccbe069ad Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 27 Jun 2019 13:53:26 +0000 Subject: [PATCH 131/156] Accepting request 710989 from Base:System OBS-URL: https://build.opensuse.org/request/show/710989 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=140 --- gnupg-2.2.16-secmem.patch | 35 +++++++++++++++++++++++++++++++++++ gpg2.changes | 6 ++++++ gpg2.spec | 2 ++ 3 files changed, 43 insertions(+) create mode 100644 gnupg-2.2.16-secmem.patch diff --git a/gnupg-2.2.16-secmem.patch b/gnupg-2.2.16-secmem.patch new file mode 100644 index 0000000..22ac5c2 --- /dev/null +++ b/gnupg-2.2.16-secmem.patch @@ -0,0 +1,35 @@ +Index: gnupg-2.2.16/g10/gpg.c +=================================================================== +--- gnupg-2.2.16.orig/g10/gpg.c ++++ gnupg-2.2.16/g10/gpg.c +@@ -973,7 +973,7 @@ make_libversion (const char *libname, co + + if (maybe_setuid) + { +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); +@@ -1125,7 +1125,7 @@ build_list (const char *text, char lette + char *string; + + if (maybe_setuid) +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + + indent = utf8_charcount (text, -1); + len = 0; +Index: gnupg-2.2.16/sm/gpgsm.c +=================================================================== +--- gnupg-2.2.16.orig/sm/gpgsm.c ++++ gnupg-2.2.16/sm/gpgsm.c +@@ -533,7 +533,7 @@ make_libversion (const char *libname, co + + if (maybe_setuid) + { +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); diff --git a/gpg2.changes b/gpg2.changes index af0295a..670548f 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 19 21:02:05 UTC 2019 - Jason Sikes + +- Fix secure memory being disabled before fips checks in libgcrypt [boo#1137307] + * Added gnupg-2.2.16-secmem.patch + ------------------------------------------------------------------- Thu May 30 08:00:37 UTC 2019 - Pedro Monreal Gonzalez diff --git a/gpg2.spec b/gpg2.spec index 6130623..0a1b0ae 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -36,6 +36,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-2.2.16-secmem.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -87,6 +88,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build From 19acfa1f118dc81be3b5695d29e95c874d413700bccd10d766d7791a296b4e6f Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 16 Jul 2019 06:37:45 +0000 Subject: [PATCH 132/156] Accepting request 714631 from Base:System OBS-URL: https://build.opensuse.org/request/show/714631 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=141 --- gnupg-2.2.16.tar.bz2 | 3 --- gnupg-2.2.16.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.17.tar.bz2 | 3 +++ gnupg-2.2.17.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 23 +++++++++++++++++++++++ gpg2.spec | 2 +- 6 files changed, 27 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.16.tar.bz2 delete mode 100644 gnupg-2.2.16.tar.bz2.sig create mode 100644 gnupg-2.2.17.tar.bz2 create mode 100644 gnupg-2.2.17.tar.bz2.sig diff --git a/gnupg-2.2.16.tar.bz2 b/gnupg-2.2.16.tar.bz2 deleted file mode 100644 index f14b996..0000000 --- a/gnupg-2.2.16.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6cbe8d454bf5dc204621eed3016d721b66298fa95363395bb8eeceb1d2fd14cb -size 6699113 diff --git a/gnupg-2.2.16.tar.bz2.sig b/gnupg-2.2.16.tar.bz2.sig deleted file mode 100644 index 01a77f01e114e25c1e0eb120d6a445369eea31d32bbb0da6a2dd0f0c257f2bdc..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$lA=82}0i5G0#9 z(oZGhwxD(g|56ycpg_wNkOOsfXL9eiLy>9CC}o!z)Jv^8s_ONQlbC#9f9nK789wHi z+jf|wEt;|5tTJYTuPdfRx`CV-%fw>5nM?9N^UD5#85YMn zjBco3bj0eGfk>E(1A|X5u_e&f2}oN^vKZVT*g#q?u`FWA@|glq;&CZ~4}840oPNh~ IS)6sbbua#x(f|Me diff --git a/gnupg-2.2.17.tar.bz2 b/gnupg-2.2.17.tar.bz2 new file mode 100644 index 0000000..a2bd98e --- /dev/null +++ b/gnupg-2.2.17.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514 +size 6717554 diff --git a/gnupg-2.2.17.tar.bz2.sig b/gnupg-2.2.17.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..cb5b7fe8dc9d9bd58d3a8079228a1ce53e76e78cbbb3121ded1f45b1a05e0abe GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$n7g)&L3#5G0#9 z(oZGhwqDT({xQ;nm$8B{pIQIqzkm7Ka-bw=d`7g>i;HB`h!gmJOVB=`! + +- Update to 2.2.17 [bsc#1141093] + * gpg: Do not try the import fallback if the options are already used. + * gpg: Fix regression in option "self-sigs-only". + * gpg: With --auto-key-retrieve prefer WKD over keyservers. + * gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. + * gpg: Avoid printing false AKL error message. + * gpg: New command --locate-external-key. + * gpg: Make the get_pubkey_byname interface easier to understand. + * gpg: Fallback to import with self-sigs-only on too large keyblocks. + * gpg: New import and keyserver option "self-sigs-only" + * gpg: Make read_block in import.c more flexible. + * dirmngr: fix handling of HTTPS redirections during HKP. + * dirmngr: Avoid endless loop in case of HTTP error 503. + * dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain. + * dirmngr: Support the new WKD draft with the openpgpkey subdomain. + * wkd: Change client/server limit back to 64 KiB. + * tools: gpgconf: Killing order is children-first. + * Return better error code for some getinfo IPC commands. + * po: Update Russian translation. + ------------------------------------------------------------------- Wed Jun 19 21:02:05 UTC 2019 - Jason Sikes diff --git a/gpg2.spec b/gpg2.spec index 0a1b0ae..d89e09a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.16 +Version: 2.2.17 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 3919b9adf3b1c5cd1b1c2b0e946a8422e98e897e579279a49dbd9891558d70d0 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 22 Oct 2019 13:43:14 +0000 Subject: [PATCH 133/156] Accepting request 741459 from Base:System OBS-URL: https://build.opensuse.org/request/show/741459 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=142 --- gpg2.changes | 6 ++++++ gpg2.spec | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 113b099..14c8e3e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Sep 19 12:05:13 UTC 2019 - Ludwig Nussel + +- Do not recommend lang package. The lang package already has a + supplements. + ------------------------------------------------------------------- Thu Jul 11 09:51:49 UTC 2019 - Pedro Monreal Gonzalez diff --git a/gpg2.spec b/gpg2.spec index d89e09a..ab707ce 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -60,7 +60,6 @@ Requires: libgcrypt20 >= 1.7.0 Requires: libksba >= 1.3.4 Requires: pinentry Requires(post): %{install_info_prereq} -Recommends: %{name}-lang = %{version} Obsoletes: dirmngr < 2.1.0 Provides: dirmngr = %{version} Provides: gnupg = %{version} From 9cd89e12e5981925f666d740bcbd804e8bca3fbfe885b22fce50c823fd26ae4c Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 7 Dec 2019 14:17:14 +0000 Subject: [PATCH 134/156] Accepting request 751577 from Base:System OBS-URL: https://build.opensuse.org/request/show/751577 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=143 --- gnupg-2.2.17.tar.bz2 | 3 -- gnupg-2.2.17.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.18.tar.bz2 | 3 ++ gnupg-2.2.18.tar.bz2.sig | Bin 0 -> 310 bytes gnupg-2.2.8-files-are-digests.patch | 46 +++++++++++----------- gnupg-add_legacy_FIPS_mode_option.patch | 22 +++++------ gpg2.changes | 50 ++++++++++++++++++++++++ gpg2.spec | 4 +- 8 files changed, 89 insertions(+), 39 deletions(-) delete mode 100644 gnupg-2.2.17.tar.bz2 delete mode 100644 gnupg-2.2.17.tar.bz2.sig create mode 100644 gnupg-2.2.18.tar.bz2 create mode 100644 gnupg-2.2.18.tar.bz2.sig diff --git a/gnupg-2.2.17.tar.bz2 b/gnupg-2.2.17.tar.bz2 deleted file mode 100644 index a2bd98e..0000000 --- a/gnupg-2.2.17.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514 -size 6717554 diff --git a/gnupg-2.2.17.tar.bz2.sig b/gnupg-2.2.17.tar.bz2.sig deleted file mode 100644 index cb5b7fe8dc9d9bd58d3a8079228a1ce53e76e78cbbb3121ded1f45b1a05e0abe..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$n7g)&L3#5G0#9 z(oZGhwqDT({xQ;nm$8B{pIQIqzkm7Ka-bw=d`7g>i;HB`h!gmJOVB=`!o@?CF8aQ0$toY@Bj)45G0#9 z(oZGhw#T6d|6ZDxW+zfM44*2;zS4GkpgR%gO<>}{|pIPb}TYM@cwrsN9J0# z#bI=`yd0$1=@xn3*uD0$(oTaWLG@OJVBxk!$YuQ=AeF*(9Z!v%8au8zpnFH#tsD60 IK!^*Dq2W@R1ONa4 literal 0 HcmV?d00001 diff --git a/gnupg-2.2.8-files-are-digests.patch b/gnupg-2.2.8-files-are-digests.patch index 6de374e..110ad63 100644 --- a/gnupg-2.2.8-files-are-digests.patch +++ b/gnupg-2.2.8-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.2.8/g10/gpg.c +Index: gnupg-2.2.18/g10/gpg.c =================================================================== ---- gnupg-2.2.8.orig/g10/gpg.c 2018-06-06 11:59:06.000000000 +0200 -+++ gnupg-2.2.8/g10/gpg.c 2018-06-08 16:34:33.287514003 +0200 -@@ -376,6 +376,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.18.orig/g10/gpg.c ++++ gnupg-2.2.18/g10/gpg.c +@@ -378,6 +378,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.2.8/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -824,6 +825,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -830,6 +831,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.2.8/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2392,6 +2394,7 @@ main (int argc, char **argv) +@@ -2412,6 +2414,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; @@ -32,7 +32,7 @@ Index: gnupg-2.2.8/g10/gpg.c opt.emit_version = 0; opt.weak_digests = NULL; -@@ -2963,6 +2966,7 @@ main (int argc, char **argv) +@@ -2988,6 +2991,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,10 +40,10 @@ Index: gnupg-2.2.8/g10/gpg.c case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; -Index: gnupg-2.2.8/g10/options.h +Index: gnupg-2.2.18/g10/options.h =================================================================== ---- gnupg-2.2.8.orig/g10/options.h 2018-05-31 12:03:06.000000000 +0200 -+++ gnupg-2.2.8/g10/options.h 2018-06-08 16:34:33.287514003 +0200 +--- gnupg-2.2.18.orig/g10/options.h ++++ gnupg-2.2.18/g10/options.h @@ -210,6 +210,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; @@ -52,10 +52,10 @@ Index: gnupg-2.2.8/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.2.8/g10/sign.c +Index: gnupg-2.2.18/g10/sign.c =================================================================== ---- gnupg-2.2.8.orig/g10/sign.c 2017-08-28 12:22:54.000000000 +0200 -+++ gnupg-2.2.8/g10/sign.c 2018-06-08 16:34:33.287514003 +0200 +--- gnupg-2.2.18.orig/g10/sign.c ++++ gnupg-2.2.18/g10/sign.c @@ -43,6 +43,8 @@ #include "../common/mbox-util.h" #include "../common/compliance.h" @@ -65,7 +65,7 @@ Index: gnupg-2.2.8/g10/sign.c #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" #else -@@ -727,6 +729,8 @@ write_signature_packets (ctrl_t ctrl, +@@ -749,6 +751,8 @@ write_signature_packets (ctrl_t ctrl, if (duration || opt.sig_policy_url || opt.sig_notations || opt.sig_keyserver_url) sig->version = 4; @@ -74,7 +74,7 @@ Index: gnupg-2.2.8/g10/sign.c else sig->version = pk->version; -@@ -750,8 +754,12 @@ write_signature_packets (ctrl_t ctrl, +@@ -772,8 +776,12 @@ write_signature_packets (ctrl_t ctrl, mk_notation_policy_etc (sig, NULL, pk); } @@ -85,9 +85,9 @@ Index: gnupg-2.2.8/g10/sign.c + log_bug("files-are-digests doesn't work with v4 sigs\n"); + } - rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); + rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); gcry_md_close (md); -@@ -813,6 +821,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -835,6 +843,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -96,7 +96,7 @@ Index: gnupg-2.2.8/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -830,7 +840,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -852,7 +862,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -114,7 +114,7 @@ Index: gnupg-2.2.8/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -851,7 +870,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -873,7 +892,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -123,7 +123,7 @@ Index: gnupg-2.2.8/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -989,7 +1008,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1011,7 +1030,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -132,7 +132,7 @@ Index: gnupg-2.2.8/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1044,6 +1063,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1066,6 +1085,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -141,7 +141,7 @@ Index: gnupg-2.2.8/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1084,6 +1105,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1106,6 +1127,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -187,7 +187,7 @@ Index: gnupg-2.2.8/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1102,8 +1162,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1124,8 +1184,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (ctrl, sk_list, out, mfx.md, diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 0a89bec..6fe53e2 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.7/doc/gpg.texi +Index: gnupg-2.2.18/doc/gpg.texi =================================================================== ---- gnupg-2.2.7.orig/doc/gpg.texi 2018-05-04 16:14:30.949580264 +0200 -+++ gnupg-2.2.7/doc/gpg.texi 2018-05-04 16:14:34.025609243 +0200 -@@ -2097,6 +2097,24 @@ implies, this option is for experts only +--- gnupg-2.2.18.orig/doc/gpg.texi ++++ gnupg-2.2.18/doc/gpg.texi +@@ -2115,6 +2115,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.2.7/doc/gpg.texi @end table -Index: gnupg-2.2.7/g10/gpg.c +Index: gnupg-2.2.18/g10/gpg.c =================================================================== ---- gnupg-2.2.7.orig/g10/gpg.c 2018-05-04 16:14:30.949580264 +0200 -+++ gnupg-2.2.7/g10/gpg.c 2018-05-04 16:15:00.441858109 +0200 +--- gnupg-2.2.18.orig/g10/gpg.c ++++ gnupg-2.2.18/g10/gpg.c @@ -425,6 +425,7 @@ enum cmd_and_opt_values - oKeyOrigin, oRequestOrigin, oNoSymkeyCache, + oUseOnlyOpenPGPCard, + oSetLegacyFips, oNoop }; -@@ -872,6 +873,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -870,6 +871,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,8 +52,8 @@ Index: gnupg-2.2.7/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3568,6 +3570,13 @@ main (int argc, char **argv) - opt.def_new_key_algo = pargs.r.ret_str; +@@ -3600,6 +3602,13 @@ main (int argc, char **argv) + opt.flags.use_only_openpgp_card = 1; break; + case oSetLegacyFips: diff --git a/gpg2.changes b/gpg2.changes index 14c8e3e..e0d0aee 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,53 @@ +------------------------------------------------------------------- +Wed Nov 27 15:42:22 UTC 2019 - Pedro Monreal Gonzalez + +- Update to 2.2.18 [bsc#1157900, CVE-2019-14855] + * gpg: Changed the way keys are detected on a smartcards; this + allows the use of non-OpenPGP cards. In the case of a not very + likely regression the new option --use-only-openpgp-card is + available. [#4681] + * gpg: The commands --full-gen-key and --quick-gen-key now allow + direct key generation from supported cards. [#4681] + * gpg: Prepare against chosen-prefix SHA-1 collisions in key + signatures. This change removes all SHA-1 based key signature + newer than 2019-01-19 from the web-of-trust. Note that this + includes all key signature created with dsa1024 keys. The new + option --allow-weak-key-signatues can be used to override the new + and safer behaviour. [#4755,CVE-2019-14855] + * gpg: Improve performance for import of large keyblocks. [#4592] + * gpg: Implement a keybox compression run. [#4644] + * gpg: Show warnings from dirmngr about redirect and certificate + problems (details require --verbose as usual). + * gpg: Allow to pass the empty string for the passphrase if the + '--passphase=' syntax is used. [#4633] + * gpg: Fix printing of the KDF object attributes. + * gpg: Avoid surprises with --locate-external-key and certain + --auto-key-locate settings. [#4662] + * gpg: Improve selection of best matching key. [#4713] + * gpg: Delete key binding signature when deletring a subkey. + [#4665,#4457] + * gpg: Fix a potential loss of key sigantures during import with + self-sigs-only active. [#4628] + * gpg: Silence "marked as ultimately trusted" diagnostics if + option --quiet is used. [#4634] + * gpg: Silence some diagnostics during in key listsing even with + option --verbose. [#4627] + * gpg, gpgsm: Change parsing of agent's pkdecrypt results. [#4652] + * gpgsm: Support AES-256 keys. + * gpgsm: Fix a bug in triggering a keybox compression run if + --faked-system-time is used. + * dirmngr: System CA certificates are no longer used for the SKS + pool if GNUTLS instead of NTBTLS is used as TLS library. [#4594] + * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces + to avoid long timeouts. [#4165] + * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio + Shield and Trustica Cryptoucan work. [#4654,#4566] + * wkd: gpg-wks-client --install-key now installs the required policy + file. +- Rebase patches: + * gnupg-2.2.8-files-are-digests.patch + * gnupg-add_legacy_FIPS_mode_option.patch + ------------------------------------------------------------------- Thu Sep 19 12:05:13 UTC 2019 - Ludwig Nussel diff --git a/gpg2.spec b/gpg2.spec index ab707ce..54f76da 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.17 +Version: 2.2.18 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From b301325c2e10312c649e6681f70feef806a9474dba3c58fca0bcad23e0de16b9 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 23 Dec 2019 21:33:57 +0000 Subject: [PATCH 135/156] Accepting request 755139 from Base:System OBS-URL: https://build.opensuse.org/request/show/755139 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=144 --- gnupg-2.2.18.tar.bz2 | 3 --- gnupg-2.2.18.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.19.tar.bz2 | 3 +++ gnupg-2.2.19.tar.bz2.sig | Bin 0 -> 310 bytes gpg2.changes | 10 ++++++++++ gpg2.spec | 2 +- 6 files changed, 14 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.18.tar.bz2 delete mode 100644 gnupg-2.2.18.tar.bz2.sig create mode 100644 gnupg-2.2.19.tar.bz2 create mode 100644 gnupg-2.2.19.tar.bz2.sig diff --git a/gnupg-2.2.18.tar.bz2 b/gnupg-2.2.18.tar.bz2 deleted file mode 100644 index 51e24db..0000000 --- a/gnupg-2.2.18.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30d37ce2ca55b2b9b61480b2a175a3b22066ab41cd3f84688448919b566dec0a -size 6740621 diff --git a/gnupg-2.2.18.tar.bz2.sig b/gnupg-2.2.18.tar.bz2.sig deleted file mode 100644 index 6e5bc38329f46fa69b1c96330476f30a1242f4ba151a27a9b39ca4ef7c92ac58..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$toY@Bj)45G0#9 z(oZGhw#T6d|6ZDxW+zfM44*2;zS4GkpgR%gO<>}{|pIPb}TYM@cwrsN9J0# z#bI=`yd0$1=@xn3*uD0$(oTaWLG@OJVBxk!$YuQ=AeF*(9Z!v%8au8zpnFH#tsD60 IK!^*Dq2W@R1ONa4 diff --git a/gnupg-2.2.19.tar.bz2 b/gnupg-2.2.19.tar.bz2 new file mode 100644 index 0000000..45b0b77 --- /dev/null +++ b/gnupg-2.2.19.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:242554c0e06f3a83c420b052f750b65ead711cc3fddddb5e7274fcdbb4e9dec0 +size 6754972 diff --git a/gnupg-2.2.19.tar.bz2.sig b/gnupg-2.2.19.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..e3c98450dff47b52becdca88a530b2c198f268244321d15fc0119ebe9c09c229 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$uBlK>!K~5G0#9 z(oZGhwsCm}|7!Zdzev*~I>e=CC_9WenFsbi0k=Bxy{_PG>>cG?0QARQw+vfo= zq+J4d^uZ34hHWuI_yxM^*dbaPHMKS0q80F{|A6B(2Mf4Ds+U(h%HT83oe1Zd!i*xRrgGSiJ2T)O^Y)MfYZeqd+^Ag(j#UCGZ{D(m+)U+ zmAl$dWL&8Eq|WKd@}qv;IM`Cn)A^5?i><%&eMma71shA!tVOopFK+D}H^yJBY|@{6 IPgO(gOI&)EBLDyZ literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index e0d0aee..90fce50 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Dec 7 15:20:41 UTC 2019 - Andreas Stieger + +- update to 2.2.19: + * gpg: Fix double free when decrypting for hidden recipients + * gpg: Use auto-key-locate for encryption even for mail addressed + given with angle brackets + * gpgsm: Add special case for certain expired intermediate + certificates + ------------------------------------------------------------------- Wed Nov 27 15:42:22 UTC 2019 - Pedro Monreal Gonzalez diff --git a/gpg2.spec b/gpg2.spec index 54f76da..993d06d 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.18 +Version: 2.2.19 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 5c994d31788761a85390ac87d9ae483c754b07603f7afde9ac1ebe72390968a3 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 16 Jan 2020 17:17:49 +0000 Subject: [PATCH 136/156] Accepting request 763816 from Base:System OBS-URL: https://build.opensuse.org/request/show/763816 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=145 --- ...cation_but_no_self-sig_during_import.patch | 33 +++ ...dd-test-cases-for-import-without-uid.patch | 202 ++++++++++++++++++ ...viously-known-keys-even-without-UIDs.patch | 107 ++++++++++ gpg2.changes | 9 + gpg2.spec | 8 +- 5 files changed, 358 insertions(+), 1 deletion(-) create mode 100644 gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch create mode 100644 gnupg-add-test-cases-for-import-without-uid.patch create mode 100644 gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch diff --git a/gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch b/gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch new file mode 100644 index 0000000..539e39d --- /dev/null +++ b/gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch @@ -0,0 +1,33 @@ +From f361141a44365ff7db2d2cfbf118d5b54b52c3d5 Mon Sep 17 00:00:00 2001 +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:43 +0200 +Subject: [PATCH] gpg: accept subkeys with a good revocation but no self-sig + during import + +* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we +encounter a valid revocation signature. This allows import of subkey +revocation signatures, even in the absence of a corresponding subkey +binding signature. + +-- + +This fixes the remaining test in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/import.c b/g10/import.c +index 2be214e63..ae2453803 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -3536,6 +3536,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) + /* It's valid, so is it newer? */ + if (sig->timestamp >= rsdate) + { ++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ + if (rsnode) + { + /* Delete the last revocation sig since diff --git a/gnupg-add-test-cases-for-import-without-uid.patch b/gnupg-add-test-cases-for-import-without-uid.patch new file mode 100644 index 0000000..78983e5 --- /dev/null +++ b/gnupg-add-test-cases-for-import-without-uid.patch @@ -0,0 +1,202 @@ +From 4c40bfa90bda748e5dada0bb1cc8fae14d744f07 Mon Sep 17 00:00:00 2001 +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:41 +0200 +Subject: [PATCH] tests: add test cases for import without uid + +This commit adds a test case that does the following, in order: +- Import of a primary key plus user id +- Check that import of a subkey works, without a user id present in the +imported key +- Check that import of a subkey revocation works, without a user id or +subkey binding signature present in the imported key +- Check that import of a primary key revocation works, without a user id +present in the imported key + +-- + +Note that this test currently fails. The following changesets will +fix gpg so that the tests pass. + +GnuPG-Bug-id: 4393 +Signed-Off-By: Daniel Kahn Gillmor +--- + tests/openpgp/Makefile.am | 1 + + tests/openpgp/import-incomplete.scm | 68 +++++++++++++++++++ + .../import-incomplete/primary+revocation.asc | 9 +++ + .../primary+subkey+sub-revocation.asc | 10 +++ + .../primary+subkey+sub-sig.asc | 10 +++ + .../import-incomplete/primary+uid-sig.asc | 10 +++ + .../openpgp/import-incomplete/primary+uid.asc | 10 +++ + 7 files changed, 118 insertions(+) + create mode 100755 tests/openpgp/import-incomplete.scm + create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc + +diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am +index e5be42b41..d886bc8f7 100644 +--- a/tests/openpgp/Makefile.am ++++ b/tests/openpgp/Makefile.am +@@ -78,6 +78,7 @@ XTESTS = \ + gpgv-forged-keyring.scm \ + armor.scm \ + import.scm \ ++ import-incomplete.scm \ + import-revocation-certificate.scm \ + ecc.scm \ + 4gb-packet.scm \ +diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm +new file mode 100755 +index 000000000..727a027c6 +--- /dev/null ++++ b/tests/openpgp/import-incomplete.scm +@@ -0,0 +1,68 @@ ++#!/usr/bin/env gpgscm ++ ++;; Copyright (C) 2016 g10 Code GmbH ++;; ++;; This file is part of GnuPG. ++;; ++;; GnuPG is free software; you can redistribute it and/or modify ++;; it under the terms of the GNU General Public License as published by ++;; the Free Software Foundation; either version 3 of the License, or ++;; (at your option) any later version. ++;; ++;; GnuPG is distributed in the hope that it will be useful, ++;; but WITHOUT ANY WARRANTY; without even the implied warranty of ++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++;; GNU General Public License for more details. ++;; ++;; You should have received a copy of the GNU General Public License ++;; along with this program; if not, see . ++ ++(load (in-srcdir "tests" "openpgp" "defs.scm")) ++(setup-environment) ++ ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) ++ ++(info "Test import of new subkey, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of a subkey revocation, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:r:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of revocation, from a certificate without uid") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "pub:r:") ++ (string-contains? line "0843DA969AA8DAFB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ +diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc +new file mode 100644 +index 000000000..6b7b60802 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+revocation.asc +@@ -0,0 +1,9 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [E] primary key, revocation signature over primary (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ ++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 ++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== ++=tM90 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +new file mode 100644 +index 000000000..83a51a549 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [D] primary key, subkey, subkey revocation (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ ++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= ++=dwx2 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +new file mode 100644 +index 000000000..dc47a02d8 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [B] primary key, subkey, subkey binding sig (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR ++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= ++=xuDu ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc +new file mode 100644 +index 000000000..134607d0e +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 ++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu ++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN ++9ohXOEBWvdJgVv2YAg== ++=KWIK ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc +new file mode 100644 +index 000000000..055f30086 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [A] primary key, user ID, and self-sig expiring in 2021 ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja +++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI ++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= ++=1eII ++-----END PGP PUBLIC KEY BLOCK----- diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch new file mode 100644 index 0000000..3c80a48 --- /dev/null +++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch @@ -0,0 +1,107 @@ +From a1db83d8a3308277f01b96833c13693bd7e13ff9 Mon Sep 17 00:00:00 2001 +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: [PATCH] gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 49 +++++++++++-------------------------------------- + 1 file changed, 11 insertions(+), 38 deletions(-) + +Index: gnupg-2.2.19/g10/import.c +=================================================================== +--- gnupg-2.2.19.orig/g10/import.c ++++ gnupg-2.2.19/g10/import.c +@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, + log_printf ("\n"); + } + +- +- if (!uidnode ) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- { +- if (!silent) +- { +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/gpg2.changes b/gpg2.changes index 90fce50..822214b 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Jan 10 17:47:24 UTC 2020 - Pedro Monreal Gonzalez + +- Accept key updates even without UIDs [bsc#1143158] +- Add patches: + * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + * gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch + * gnupg-add-test-cases-for-import-without-uid.patch + ------------------------------------------------------------------- Sat Dec 7 15:20:41 UTC 2019 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 993d06d..5074298 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,6 +37,9 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-2.2.16-secmem.patch +Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch +Patch14: gnupg-add-test-cases-for-import-without-uid.patch +Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -88,6 +91,9 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch9 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build From cabc9804da3e001f07e103ec10cf8f92c082ceaece46b22ece307b4c4fb19231 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 22 Feb 2020 18:03:23 +0000 Subject: [PATCH 137/156] Accepting request 776240 from Base:System OBS-URL: https://build.opensuse.org/request/show/776240 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=146 --- gpg2-gcc10-build-fno-common.patch | 527 ++++++++++++++++++++++++++++++ gpg2.changes | 8 + gpg2.spec | 3 + 3 files changed, 538 insertions(+) create mode 100644 gpg2-gcc10-build-fno-common.patch diff --git a/gpg2-gcc10-build-fno-common.patch b/gpg2-gcc10-build-fno-common.patch new file mode 100644 index 0000000..871edb8 --- /dev/null +++ b/gpg2-gcc10-build-fno-common.patch @@ -0,0 +1,527 @@ +From 6aff8a132815a84bab69401c1e7de96ec549fbf2 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 10 Feb 2020 16:37:34 +0100 +Subject: [PATCH] build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only +here but now without the Norcroft-C. Change all other places where it +gets defined. +* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as +extern. +* common/iobuf.c (iobuf_debug_mode): Define it here. +* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in +all main modules of all other programs. + +* g10/main.h: Put util.h before the local header files. +-- + +This change is required for use with gcc/ld's LTO feature which does +not allow common blocks. Further gcc 10 will make -fno-common the +default and thus this chnage is always needed. What a pitty. + +Co-authored-by: Tomáš Mráz +GnuPG-bug-id: 4831 +Signed-off-by: Werner Koch +(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7) + +- Applied respective chnages also to gpg-card and keyboxd. + +Signed-off-by: Werner Koch +--- + agent/agent.h | 1 + + agent/gpg-agent.c | 1 + + agent/preset-passphrase.c | 1 + + agent/protect-tool.c | 1 + + agent/t-protect.c | 1 + + common/iobuf.c | 1 + + common/iobuf.h | 9 +-------- + common/util.h | 8 ++++++++ + dirmngr/dirmngr.c | 1 + + dirmngr/dirmngr.h | 1 + + g10/gpgcompose.c | 1 + + g10/main.h | 2 +- + g10/options.h | 8 -------- + g10/test.c | 1 + + g13/g13-common.h | 2 +- + g13/g13-syshelp.c | 1 + + g13/g13.c | 1 + + kbx/keyboxd.c | 1 + + kbx/keyboxd.h | 1 + + scd/scdaemon.c | 1 + + scd/scdaemon.h | 1 + + sm/gpgsm.c | 2 ++ + sm/gpgsm.h | 1 + + tools/gpg-card.c | 2 ++ + tools/gpg-card.h | 1 + + tools/gpg-wks-client.c | 1 + + tools/gpg-wks-server.c | 1 + + tools/gpg-wks.h | 1 + + tools/gpgconf.c | 1 + + tools/gpgconf.h | 1 + + tools/gpgtar.c | 1 + + tools/gpgtar.h | 2 ++ + 32 files changed, 41 insertions(+), 18 deletions(-) + +Index: gnupg-2.2.19/agent/agent.h +=================================================================== +--- gnupg-2.2.19.orig/agent/agent.h ++++ gnupg-2.2.19/agent/agent.h +@@ -37,6 +37,14 @@ + #include "../common/session-env.h" + #include "../common/shareddefs.h" + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif ++ + /* To convey some special hash algorithms we use algorithm numbers + reserved for application use. */ + #ifndef GCRY_MODULE_ID_USER +@@ -55,6 +63,7 @@ + + + /* A large struct name "opt" to keep global flags */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + unsigned int debug; /* Debug flags (DBG_foo_VALUE) */ +Index: gnupg-2.2.19/agent/gpg-agent.c +=================================================================== +--- gnupg-2.2.19.orig/agent/gpg-agent.c ++++ gnupg-2.2.19/agent/gpg-agent.c +@@ -49,6 +49,7 @@ + #endif + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #define GNUPG_COMMON_NEED_AFLOCAL + #include "agent.h" + #include /* Malloc hooks and socket wrappers. */ +Index: gnupg-2.2.19/agent/preset-passphrase.c +=================================================================== +--- gnupg-2.2.19.orig/agent/preset-passphrase.c ++++ gnupg-2.2.19/agent/preset-passphrase.c +@@ -44,6 +44,7 @@ + # include /* To initialize the sockets. fixme */ + #endif + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "agent.h" + #include "../common/simple-pwquery.h" + #include "../common/i18n.h" +Index: gnupg-2.2.19/agent/protect-tool.c +=================================================================== +--- gnupg-2.2.19.orig/agent/protect-tool.c ++++ gnupg-2.2.19/agent/protect-tool.c +@@ -38,6 +38,7 @@ + #include /* for setmode() */ + #endif + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "agent.h" + #include "../common/i18n.h" + #include "../common/get-passphrase.h" +Index: gnupg-2.2.19/agent/t-protect.c +=================================================================== +--- gnupg-2.2.19.orig/agent/t-protect.c ++++ gnupg-2.2.19/agent/t-protect.c +@@ -23,6 +23,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "agent.h" + + +Index: gnupg-2.2.19/common/iobuf.c +=================================================================== +--- gnupg-2.2.19.orig/common/iobuf.c ++++ gnupg-2.2.19/common/iobuf.c +@@ -118,6 +118,7 @@ struct close_cache_s + typedef struct close_cache_s *close_cache_t; + static close_cache_t close_cache; + ++int iobuf_debug_mode; + + + #ifdef HAVE_W32_SYSTEM +Index: gnupg-2.2.19/common/iobuf.h +=================================================================== +--- gnupg-2.2.19.orig/common/iobuf.h ++++ gnupg-2.2.19/common/iobuf.h +@@ -249,14 +249,7 @@ struct iobuf_struct + int subno; + }; + +-#ifndef EXTERN_UNLESS_MAIN_MODULE +-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) +-#define EXTERN_UNLESS_MAIN_MODULE extern +-#else +-#define EXTERN_UNLESS_MAIN_MODULE +-#endif +-#endif +-EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode; ++extern int iobuf_debug_mode; + + + /* Returns whether the specified filename corresponds to a pipe. In +Index: gnupg-2.2.19/common/util.h +=================================================================== +--- gnupg-2.2.19.orig/common/util.h ++++ gnupg-2.2.19/common/util.h +@@ -56,6 +56,14 @@ + #endif + + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif ++ + /* Hash function used with libksba. */ + #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) + +Index: gnupg-2.2.19/dirmngr/dirmngr.c +=================================================================== +--- gnupg-2.2.19.orig/dirmngr/dirmngr.c ++++ gnupg-2.2.19/dirmngr/dirmngr.c +@@ -55,6 +55,7 @@ + #endif /*HTTP_USE_GNUTLS*/ + + ++#define INCLUDED_BY_MAIN_MODULE 1 + #define GNUPG_COMMON_NEED_AFLOCAL + #include "dirmngr.h" + +Index: gnupg-2.2.19/dirmngr/dirmngr.h +=================================================================== +--- gnupg-2.2.19.orig/dirmngr/dirmngr.h ++++ gnupg-2.2.19/dirmngr/dirmngr.h +@@ -39,6 +39,14 @@ + #include "dirmngr-status.h" + #include "http.h" /* (parsed_uri_t) */ + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif ++ + /* This objects keeps information about a particular LDAP server and + is used as item of a single linked list of servers. */ + struct ldap_server_s +@@ -76,6 +84,7 @@ struct fingerprint_list_s + + + /* A large struct named "opt" to keep global flags. */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + unsigned int debug; /* debug flags (DBG_foo_VALUE) */ +Index: gnupg-2.2.19/g10/gpgcompose.c +=================================================================== +--- gnupg-2.2.19.orig/g10/gpgcompose.c ++++ gnupg-2.2.19/g10/gpgcompose.c +@@ -20,6 +20,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "gpg.h" + #include "packet.h" + #include "keydb.h" +Index: gnupg-2.2.19/g10/main.h +=================================================================== +--- gnupg-2.2.19.orig/g10/main.h ++++ gnupg-2.2.19/g10/main.h +@@ -22,9 +22,9 @@ + + #include "../common/types.h" + #include "../common/iobuf.h" ++#include "../common/util.h" + #include "keydb.h" + #include "keyedit.h" +-#include "../common/util.h" + + /* It could be argued that the default cipher should be 3DES rather + than AES128, and the default compression should be 0 +Index: gnupg-2.2.19/g10/options.h +=================================================================== +--- gnupg-2.2.19.orig/g10/options.h ++++ gnupg-2.2.19/g10/options.h +@@ -32,7 +32,7 @@ + + #ifndef EXTERN_UNLESS_MAIN_MODULE + /* Norcraft can't cope with common symbols */ +-#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) ++#if !defined (INCLUDED_BY_MAIN_MODULE) + #define EXTERN_UNLESS_MAIN_MODULE extern + #else + #define EXTERN_UNLESS_MAIN_MODULE +Index: gnupg-2.2.19/g10/test.c +=================================================================== +--- gnupg-2.2.19.orig/g10/test.c ++++ gnupg-2.2.19/g10/test.c +@@ -22,6 +22,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "gpg.h" + + /* A unit test consists of one or more tests. Tests can be broken +Index: gnupg-2.2.19/g13/g13-common.h +=================================================================== +--- gnupg-2.2.19.orig/g13/g13-common.h ++++ gnupg-2.2.19/g13/g13-common.h +@@ -32,6 +32,13 @@ + #include "../common/session-env.h" + #include "../common/strlist.h" + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif + + /* Debug values and macros. */ + #define DBG_MOUNT_VALUE 1 /* Debug mount or device stuff. */ +@@ -48,6 +55,7 @@ + /* A large struct named "opt" to keep global flags. Note that this + struct is used by g13 and g13-syshelp and thus some fields may only + make sense for one of them. */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + unsigned int debug; /* Debug flags (DBG_foo_VALUE). */ +Index: gnupg-2.2.19/g13/g13-syshelp.c +=================================================================== +--- gnupg-2.2.19.orig/g13/g13-syshelp.c ++++ gnupg-2.2.19/g13/g13-syshelp.c +@@ -31,6 +31,7 @@ + #endif + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "g13-syshelp.h" + + #include +Index: gnupg-2.2.19/g13/g13.c +=================================================================== +--- gnupg-2.2.19.orig/g13/g13.c ++++ gnupg-2.2.19/g13/g13.c +@@ -27,6 +27,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "g13.h" + + #include +Index: gnupg-2.2.19/scd/scdaemon.c +=================================================================== +--- gnupg-2.2.19.orig/scd/scdaemon.c ++++ gnupg-2.2.19/scd/scdaemon.c +@@ -37,6 +37,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #define GNUPG_COMMON_NEED_AFLOCAL + #include "scdaemon.h" + #include +Index: gnupg-2.2.19/scd/scdaemon.h +=================================================================== +--- gnupg-2.2.19.orig/scd/scdaemon.h ++++ gnupg-2.2.19/scd/scdaemon.h +@@ -31,6 +31,14 @@ + #include "../common/util.h" + #include "../common/sysutils.h" + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif ++ + /* To convey some special hash algorithms we use algorithm numbers + reserved for application use. */ + #ifndef GCRY_MODULE_ID_USER +@@ -44,6 +52,7 @@ + + + /* A large struct name "opt" to keep global flags. */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + unsigned int debug; /* Debug flags (DBG_foo_VALUE). */ +Index: gnupg-2.2.19/sm/gpgsm.c +=================================================================== +--- gnupg-2.2.19.orig/sm/gpgsm.c ++++ gnupg-2.2.19/sm/gpgsm.c +@@ -28,6 +28,8 @@ + #include + /*#include */ + ++#define INCLUDED_BY_MAIN_MODULE 1 ++ + #include "gpgsm.h" + #include + #include /* malloc hooks */ +Index: gnupg-2.2.19/sm/gpgsm.h +=================================================================== +--- gnupg-2.2.19.orig/sm/gpgsm.h ++++ gnupg-2.2.19/sm/gpgsm.h +@@ -36,6 +36,13 @@ + #include "../common/ksba-io-support.h" + #include "../common/compliance.h" + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif + + #define MAX_DIGEST_LEN 64 + +@@ -52,6 +59,7 @@ struct keyserver_spec + + + /* A large struct named "opt" to keep global flags. */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + unsigned int debug; /* debug flags (DBG_foo_VALUE) */ +Index: gnupg-2.2.19/tools/gpg-wks-client.c +=================================================================== +--- gnupg-2.2.19.orig/tools/gpg-wks-client.c ++++ gnupg-2.2.19/tools/gpg-wks-client.c +@@ -25,6 +25,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "../common/util.h" + #include "../common/status.h" + #include "../common/i18n.h" +Index: gnupg-2.2.19/tools/gpg-wks-server.c +=================================================================== +--- gnupg-2.2.19.orig/tools/gpg-wks-server.c ++++ gnupg-2.2.19/tools/gpg-wks-server.c +@@ -32,6 +32,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "../common/util.h" + #include "../common/init.h" + #include "../common/sysutils.h" +Index: gnupg-2.2.19/tools/gpg-wks.h +=================================================================== +--- gnupg-2.2.19.orig/tools/gpg-wks.h ++++ gnupg-2.2.19/tools/gpg-wks.h +@@ -25,11 +25,20 @@ + #include "../common/strlist.h" + #include "mime-maker.h" + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif ++ + /* The draft version we implement. */ + #define WKS_DRAFT_VERSION 3 + + + /* We keep all global options in the structure OPT. */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + int verbose; +Index: gnupg-2.2.19/tools/gpgconf.c +=================================================================== +--- gnupg-2.2.19.orig/tools/gpgconf.c ++++ gnupg-2.2.19/tools/gpgconf.c +@@ -25,6 +25,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "gpgconf.h" + #include "../common/i18n.h" + #include "../common/sysutils.h" +Index: gnupg-2.2.19/tools/gpgconf.h +=================================================================== +--- gnupg-2.2.19.orig/tools/gpgconf.h ++++ gnupg-2.2.19/tools/gpgconf.h +@@ -22,7 +22,16 @@ + + #include "../common/util.h" + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif ++ + /* We keep all global options in the structure OPT. */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + int verbose; /* Verbosity level. */ +Index: gnupg-2.2.19/tools/gpgtar.c +=================================================================== +--- gnupg-2.2.19.orig/tools/gpgtar.c ++++ gnupg-2.2.19/tools/gpgtar.c +@@ -34,6 +34,7 @@ + #include + #include + ++#define INCLUDED_BY_MAIN_MODULE 1 + #include "../common/util.h" + #include "../common/i18n.h" + #include "../common/sysutils.h" +Index: gnupg-2.2.19/tools/gpgtar.h +=================================================================== +--- gnupg-2.2.19.orig/tools/gpgtar.h ++++ gnupg-2.2.19/tools/gpgtar.h +@@ -23,7 +23,16 @@ + #include "../common/util.h" + #include "../common/strlist.h" + ++#ifndef EXTERN_UNLESS_MAIN_MODULE ++# if !defined (INCLUDED_BY_MAIN_MODULE) ++# define EXTERN_UNLESS_MAIN_MODULE extern ++# else ++# define EXTERN_UNLESS_MAIN_MODULE ++# endif ++#endif ++ + /* We keep all global options in the structure OPT. */ ++EXTERN_UNLESS_MAIN_MODULE + struct + { + int verbose; diff --git a/gpg2.changes b/gpg2.changes index 822214b..cd940c4 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Feb 19 08:48:34 UTC 2020 - Pedro Monreal Gonzalez + +- Fix build with GCC-10: [bsc#1160394] + * Always use EXTERN_UNLESS_MAIN_MODULE pattern + * In GCC-10, the default option -fcommon will change to -fno-common +- Add gpg2-gcc10-build-fno-common.patch + ------------------------------------------------------------------- Fri Jan 10 17:47:24 UTC 2020 - Pedro Monreal Gonzalez diff --git a/gpg2.spec b/gpg2.spec index 5074298..06afaa7 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -40,6 +40,8 @@ Patch12: gnupg-2.2.16-secmem.patch Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch14: gnupg-add-test-cases-for-import-without-uid.patch Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +# PATCH-FIX-UPSTREAM bsc#1160394 Fix gcc10 build +Patch16: gpg2-gcc10-build-fno-common.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -94,6 +96,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build From 0dfd85574cbaac84bb53ee43f2d08a89c96cfcadb5207e53022a0352250bc26e Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 16 Mar 2020 09:16:15 +0000 Subject: [PATCH 138/156] Accepting request 784634 from Base:System OBS-URL: https://build.opensuse.org/request/show/784634 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=147 --- gpg2.changes | 6 ++++++ gpg2.spec | 24 ++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index cd940c4..503cec7 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Mar 13 10:39:09 UTC 2020 - Fabian Vogt + +- Split dirmngr into a subpackage to avoid a hard dependency of + gpg2 on libgnutls + ------------------------------------------------------------------- Wed Feb 19 08:48:34 UTC 2020 - Pedro Monreal Gonzalez diff --git a/gpg2.spec b/gpg2.spec index 06afaa7..ff32740 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -65,8 +65,7 @@ Requires: libgcrypt20 >= 1.7.0 Requires: libksba >= 1.3.4 Requires: pinentry Requires(post): %{install_info_prereq} -Obsoletes: dirmngr < 2.1.0 -Provides: dirmngr = %{version} +Recommends: dirmngr = %{version} Provides: gnupg = %{version} Provides: gpg = 1.4.9 Provides: newpg @@ -81,6 +80,18 @@ messages and/or to sign and verify them. gpg2 provides GPGSM, gpg-agent, and a keybox library. +%package -n dirmngr +Summary: Keyserver, CRL, and OCSP access for GnuPG +Group: Productivity/Networking/Security + +%description -n dirmngr +Since version 2.1 of GnuPG, dirmngr takes care of accessing the OpenPGP +keyservers. As with previous versions it is also used as a server for managing +and downloading certificate +revocation lists (CRLs) for X.509 certificates, downloading X.509 certificates, +and providing access to OCSP providers. Dirmngr is invoked internally by gpg, +gpgsm, or via the gpg-connect-agent tool. + %lang_package %prep @@ -167,10 +178,13 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %files %{_infodir}/gnupg* +%exclude %{_mandir}/*/dirmngr*%{ext_man} %{_mandir}/*/*%{ext_man} %license COPYING* %doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ +%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.* %doc %{_docdir}/%{name} +%exclude %{_bindir}/dirmngr* %{_bindir}/* %{_libdir}/[^d]* %{_sbindir}/addgnupghome @@ -181,4 +195,10 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %dir %{_sysconfdir}/gnupg %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf +%files -n dirmngr +%license COPYING* +%{_mandir}/*/dirmngr*%{ext_man} +%{_docdir}/%{name}/examples/systemd-user/dirmngr.* +%{_bindir}/dirmngr* + %changelog From bdad6016341441292df154b922ca514404de35efda5fa502364498631528f3bf Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 2 May 2020 20:15:35 +0000 Subject: [PATCH 139/156] Accepting request 799268 from Base:System OBS-URL: https://build.opensuse.org/request/show/799268 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=148 --- gnupg-2.2.19.tar.bz2 | 3 - gnupg-2.2.19.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.20.tar.bz2 | 3 + gnupg-2.2.20.tar.bz2.sig | Bin 0 -> 954 bytes gnupg-2.2.8-files-are-digests.patch | 56 +-- gnupg-add_legacy_FIPS_mode_option.patch | 24 +- gpg2-gcc10-build-fno-common.patch | 527 ------------------------ gpg2.changes | 29 ++ gpg2.spec | 9 +- 9 files changed, 75 insertions(+), 576 deletions(-) delete mode 100644 gnupg-2.2.19.tar.bz2 delete mode 100644 gnupg-2.2.19.tar.bz2.sig create mode 100644 gnupg-2.2.20.tar.bz2 create mode 100644 gnupg-2.2.20.tar.bz2.sig delete mode 100644 gpg2-gcc10-build-fno-common.patch diff --git a/gnupg-2.2.19.tar.bz2 b/gnupg-2.2.19.tar.bz2 deleted file mode 100644 index 45b0b77..0000000 --- a/gnupg-2.2.19.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:242554c0e06f3a83c420b052f750b65ead711cc3fddddb5e7274fcdbb4e9dec0 -size 6754972 diff --git a/gnupg-2.2.19.tar.bz2.sig b/gnupg-2.2.19.tar.bz2.sig deleted file mode 100644 index e3c98450dff47b52becdca88a530b2c198f268244321d15fc0119ebe9c09c229..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$uBlK>!K~5G0#9 z(oZGhwsCm}|7!Zdzev*~I>e=CC_9WenFsbi0k=Bxy{_PG>>cG?0QARQw+vfo= zq+J4d^uZ34hHWuI_yxM^*dbaPHMKS0q80F{|A6B(2Mf4Ds+U(h%HT83oe1Zd!i*xRrgGSiJ2T)O^Y)MfYZeqd+^Ag(j#UCGZ{D(m+)U+ zmAl$dWL&8Eq|WKd@}qv;IM`Cn)A^5?i><%&eMma71shA!tVOopFK+D}H^yJBY|@{6 IPgO(gOI&)EBLDyZ diff --git a/gnupg-2.2.20.tar.bz2 b/gnupg-2.2.20.tar.bz2 new file mode 100644 index 0000000..a1c9c43 --- /dev/null +++ b/gnupg-2.2.20.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30 +size 6786913 diff --git a/gnupg-2.2.20.tar.bz2.sig b/gnupg-2.2.20.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..2f2868c0e1679846bc8e6b06ebb810c3acdd901abc3fae7a340382097c228ae5 GIT binary patch literal 954 zcmV;r14aCa1GfYK0SE%279j-KX(1!T23_i24?49Zn>o@?CF8aQ0$z0OcfrCY0GR;| z1WhfAfdL2rsv6RzU)ad~>EVIp;JOl$WiYTxH`s9 zzBXK0+#A#AFc--ULuIss;3!%A6WdrqpbnOlfZLYNZ+#pCU;~o4;EwRXAIBN_`3P$z ztvR&u!lK_kE8`at4FB>SN)bg>2>w8MmtYcLfoy~#DSQSuyD1zx2b-L;ijvNrRUd$= z4!=(ha>MdaMjlNu@;Y#bg@4FHgCw96V?|@rPW{}!E~pLpW-Oe|OYbEj*uDPJOz(Ky zYcP`+Kz^)OZHS+Ut)Prg`$!3a`)I|+$|q1Wfz%Kf=FP<_s^n`HYupfHdf|qkE22q% z++7kO01*KI0kjrZWpZw1av)1@V`v~KWNCABAaiMFDTx791QP)W06zj70|pBT2nPcK z1{DYb2?`4Y76JnS0v-VZ7l0Na1lVaIBg6(>>Rt~zwIrK4(oZGhwgm!S48$1)2^67M zHUJ6<5G0#9(oZGhwg{OA{T-@@T8jQ@DVh@mCujq7%@(+j_P|>vwex0)w!w2Pl3(Z+ z($T6SG8`>LLw^j*!H+yZM5n3!!3${5rgORjD~W`{q?i8gffK;{6{A4*%dPPLxW+nY zEcHH9G7B;dy|-H4nmm*CyE?JEyaubEBO9Iqxg(-376{~#iB#Rg<^y-nFQQZAUQ^#o z$YAvsEy1585J2+5uZ^!5i^u5$fHPAy**83wUvhV>f5f$G;)_u;QFhLL#AMjdLQ+G} zS?v#N;Z#2~zImGD8H<&>m0Vq?aq&P^4UByA1@Wztl(@#GX(sbyTb&k%m15-<87-a6 z)JupRapp!QICg5PasUbm5G0#9(oZGhwodd20GZ`5*oif^TEZhh85B%u;2Itcx95Id zt-}YUZ;eVn_ z!Tt=K3#_MzYYvY=S@h#=+ZhmJ>yk)}^t?L;>0S2t#QrXToex^8^bvo-Slo`Ei>L?i z7pMs~zF0LMDH~R&Ppovy3z>m$V1^&{c(Wjc2Hn5l)Y-^zLZJ<+-@ctQFo(`?2N*$o z&wTkMrKCLvypU6D4;p<)^k)O+1G!_@olrdQSpJ|Qp`+IJdK0!w-;0m1Gx~ZbT&LwJ ct(KnlwK{@hKi%s`?_$vVD(bPMdnYK|O&Zv)!Tversion = 4; @@ -74,10 +74,10 @@ Index: gnupg-2.2.18/g10/sign.c else sig->version = pk->version; -@@ -772,8 +776,12 @@ write_signature_packets (ctrl_t ctrl, - mk_notation_policy_etc (sig, NULL, pk); +@@ -860,8 +864,12 @@ write_signature_packets (ctrl_t ctrl, + else + err = 0; } - + if (!opt.files_are_digests) { hash_sigversion_to_magic (md, sig); gcry_md_final (md); @@ -85,9 +85,9 @@ Index: gnupg-2.2.18/g10/sign.c + log_bug("files-are-digests doesn't work with v4 sigs\n"); + } - rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); - gcry_md_close (md); -@@ -835,6 +843,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + if (!err) + err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); +@@ -924,6 +932,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -96,7 +96,7 @@ Index: gnupg-2.2.18/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -852,7 +862,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -941,7 +951,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -114,7 +114,7 @@ Index: gnupg-2.2.18/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -873,7 +892,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -962,7 +981,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -123,7 +123,7 @@ Index: gnupg-2.2.18/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -1011,7 +1030,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1100,7 +1119,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -132,7 +132,7 @@ Index: gnupg-2.2.18/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1066,6 +1085,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1155,6 +1174,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -141,7 +141,7 @@ Index: gnupg-2.2.18/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1106,6 +1127,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1195,6 +1216,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -187,7 +187,7 @@ Index: gnupg-2.2.18/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1124,8 +1184,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1213,8 +1273,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (ctrl, sk_list, out, mfx.md, diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 6fe53e2..258c800 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.18/doc/gpg.texi +Index: gnupg-2.2.20/doc/gpg.texi =================================================================== ---- gnupg-2.2.18.orig/doc/gpg.texi -+++ gnupg-2.2.18/doc/gpg.texi -@@ -2115,6 +2115,24 @@ implies, this option is for experts only +--- gnupg-2.2.20.orig/doc/gpg.texi ++++ gnupg-2.2.20/doc/gpg.texi +@@ -2133,6 +2133,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.2.18/doc/gpg.texi @end table -Index: gnupg-2.2.18/g10/gpg.c +Index: gnupg-2.2.20/g10/gpg.c =================================================================== ---- gnupg-2.2.18.orig/g10/gpg.c -+++ gnupg-2.2.18/g10/gpg.c -@@ -425,6 +425,7 @@ enum cmd_and_opt_values - oRequestOrigin, - oNoSymkeyCache, +--- gnupg-2.2.20.orig/g10/gpg.c ++++ gnupg-2.2.20/g10/gpg.c +@@ -429,6 +429,7 @@ enum cmd_and_opt_values oUseOnlyOpenPGPCard, + oIncludeKeyBlock, + oNoIncludeKeyBlock, + oSetLegacyFips, oNoop }; -@@ -870,6 +871,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.2.18/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3600,6 +3602,13 @@ main (int argc, char **argv) +@@ -3614,6 +3616,13 @@ main (int argc, char **argv) opt.flags.use_only_openpgp_card = 1; break; diff --git a/gpg2-gcc10-build-fno-common.patch b/gpg2-gcc10-build-fno-common.patch deleted file mode 100644 index 871edb8..0000000 --- a/gpg2-gcc10-build-fno-common.patch +++ /dev/null @@ -1,527 +0,0 @@ -From 6aff8a132815a84bab69401c1e7de96ec549fbf2 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Mon, 10 Feb 2020 16:37:34 +0100 -Subject: [PATCH] build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only -here but now without the Norcroft-C. Change all other places where it -gets defined. -* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as -extern. -* common/iobuf.c (iobuf_debug_mode): Define it here. -* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in -all main modules of all other programs. - -* g10/main.h: Put util.h before the local header files. --- - -This change is required for use with gcc/ld's LTO feature which does -not allow common blocks. Further gcc 10 will make -fno-common the -default and thus this chnage is always needed. What a pitty. - -Co-authored-by: Tomáš Mráz -GnuPG-bug-id: 4831 -Signed-off-by: Werner Koch -(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7) - -- Applied respective chnages also to gpg-card and keyboxd. - -Signed-off-by: Werner Koch ---- - agent/agent.h | 1 + - agent/gpg-agent.c | 1 + - agent/preset-passphrase.c | 1 + - agent/protect-tool.c | 1 + - agent/t-protect.c | 1 + - common/iobuf.c | 1 + - common/iobuf.h | 9 +-------- - common/util.h | 8 ++++++++ - dirmngr/dirmngr.c | 1 + - dirmngr/dirmngr.h | 1 + - g10/gpgcompose.c | 1 + - g10/main.h | 2 +- - g10/options.h | 8 -------- - g10/test.c | 1 + - g13/g13-common.h | 2 +- - g13/g13-syshelp.c | 1 + - g13/g13.c | 1 + - kbx/keyboxd.c | 1 + - kbx/keyboxd.h | 1 + - scd/scdaemon.c | 1 + - scd/scdaemon.h | 1 + - sm/gpgsm.c | 2 ++ - sm/gpgsm.h | 1 + - tools/gpg-card.c | 2 ++ - tools/gpg-card.h | 1 + - tools/gpg-wks-client.c | 1 + - tools/gpg-wks-server.c | 1 + - tools/gpg-wks.h | 1 + - tools/gpgconf.c | 1 + - tools/gpgconf.h | 1 + - tools/gpgtar.c | 1 + - tools/gpgtar.h | 2 ++ - 32 files changed, 41 insertions(+), 18 deletions(-) - -Index: gnupg-2.2.19/agent/agent.h -=================================================================== ---- gnupg-2.2.19.orig/agent/agent.h -+++ gnupg-2.2.19/agent/agent.h -@@ -37,6 +37,14 @@ - #include "../common/session-env.h" - #include "../common/shareddefs.h" - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif -+ - /* To convey some special hash algorithms we use algorithm numbers - reserved for application use. */ - #ifndef GCRY_MODULE_ID_USER -@@ -55,6 +63,7 @@ - - - /* A large struct name "opt" to keep global flags */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - unsigned int debug; /* Debug flags (DBG_foo_VALUE) */ -Index: gnupg-2.2.19/agent/gpg-agent.c -=================================================================== ---- gnupg-2.2.19.orig/agent/gpg-agent.c -+++ gnupg-2.2.19/agent/gpg-agent.c -@@ -49,6 +49,7 @@ - #endif - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #define GNUPG_COMMON_NEED_AFLOCAL - #include "agent.h" - #include /* Malloc hooks and socket wrappers. */ -Index: gnupg-2.2.19/agent/preset-passphrase.c -=================================================================== ---- gnupg-2.2.19.orig/agent/preset-passphrase.c -+++ gnupg-2.2.19/agent/preset-passphrase.c -@@ -44,6 +44,7 @@ - # include /* To initialize the sockets. fixme */ - #endif - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "agent.h" - #include "../common/simple-pwquery.h" - #include "../common/i18n.h" -Index: gnupg-2.2.19/agent/protect-tool.c -=================================================================== ---- gnupg-2.2.19.orig/agent/protect-tool.c -+++ gnupg-2.2.19/agent/protect-tool.c -@@ -38,6 +38,7 @@ - #include /* for setmode() */ - #endif - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "agent.h" - #include "../common/i18n.h" - #include "../common/get-passphrase.h" -Index: gnupg-2.2.19/agent/t-protect.c -=================================================================== ---- gnupg-2.2.19.orig/agent/t-protect.c -+++ gnupg-2.2.19/agent/t-protect.c -@@ -23,6 +23,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "agent.h" - - -Index: gnupg-2.2.19/common/iobuf.c -=================================================================== ---- gnupg-2.2.19.orig/common/iobuf.c -+++ gnupg-2.2.19/common/iobuf.c -@@ -118,6 +118,7 @@ struct close_cache_s - typedef struct close_cache_s *close_cache_t; - static close_cache_t close_cache; - -+int iobuf_debug_mode; - - - #ifdef HAVE_W32_SYSTEM -Index: gnupg-2.2.19/common/iobuf.h -=================================================================== ---- gnupg-2.2.19.orig/common/iobuf.h -+++ gnupg-2.2.19/common/iobuf.h -@@ -249,14 +249,7 @@ struct iobuf_struct - int subno; - }; - --#ifndef EXTERN_UNLESS_MAIN_MODULE --#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) --#define EXTERN_UNLESS_MAIN_MODULE extern --#else --#define EXTERN_UNLESS_MAIN_MODULE --#endif --#endif --EXTERN_UNLESS_MAIN_MODULE int iobuf_debug_mode; -+extern int iobuf_debug_mode; - - - /* Returns whether the specified filename corresponds to a pipe. In -Index: gnupg-2.2.19/common/util.h -=================================================================== ---- gnupg-2.2.19.orig/common/util.h -+++ gnupg-2.2.19/common/util.h -@@ -56,6 +56,14 @@ - #endif - - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif -+ - /* Hash function used with libksba. */ - #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) - -Index: gnupg-2.2.19/dirmngr/dirmngr.c -=================================================================== ---- gnupg-2.2.19.orig/dirmngr/dirmngr.c -+++ gnupg-2.2.19/dirmngr/dirmngr.c -@@ -55,6 +55,7 @@ - #endif /*HTTP_USE_GNUTLS*/ - - -+#define INCLUDED_BY_MAIN_MODULE 1 - #define GNUPG_COMMON_NEED_AFLOCAL - #include "dirmngr.h" - -Index: gnupg-2.2.19/dirmngr/dirmngr.h -=================================================================== ---- gnupg-2.2.19.orig/dirmngr/dirmngr.h -+++ gnupg-2.2.19/dirmngr/dirmngr.h -@@ -39,6 +39,14 @@ - #include "dirmngr-status.h" - #include "http.h" /* (parsed_uri_t) */ - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif -+ - /* This objects keeps information about a particular LDAP server and - is used as item of a single linked list of servers. */ - struct ldap_server_s -@@ -76,6 +84,7 @@ struct fingerprint_list_s - - - /* A large struct named "opt" to keep global flags. */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - unsigned int debug; /* debug flags (DBG_foo_VALUE) */ -Index: gnupg-2.2.19/g10/gpgcompose.c -=================================================================== ---- gnupg-2.2.19.orig/g10/gpgcompose.c -+++ gnupg-2.2.19/g10/gpgcompose.c -@@ -20,6 +20,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "gpg.h" - #include "packet.h" - #include "keydb.h" -Index: gnupg-2.2.19/g10/main.h -=================================================================== ---- gnupg-2.2.19.orig/g10/main.h -+++ gnupg-2.2.19/g10/main.h -@@ -22,9 +22,9 @@ - - #include "../common/types.h" - #include "../common/iobuf.h" -+#include "../common/util.h" - #include "keydb.h" - #include "keyedit.h" --#include "../common/util.h" - - /* It could be argued that the default cipher should be 3DES rather - than AES128, and the default compression should be 0 -Index: gnupg-2.2.19/g10/options.h -=================================================================== ---- gnupg-2.2.19.orig/g10/options.h -+++ gnupg-2.2.19/g10/options.h -@@ -32,7 +32,7 @@ - - #ifndef EXTERN_UNLESS_MAIN_MODULE - /* Norcraft can't cope with common symbols */ --#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) -+#if !defined (INCLUDED_BY_MAIN_MODULE) - #define EXTERN_UNLESS_MAIN_MODULE extern - #else - #define EXTERN_UNLESS_MAIN_MODULE -Index: gnupg-2.2.19/g10/test.c -=================================================================== ---- gnupg-2.2.19.orig/g10/test.c -+++ gnupg-2.2.19/g10/test.c -@@ -22,6 +22,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "gpg.h" - - /* A unit test consists of one or more tests. Tests can be broken -Index: gnupg-2.2.19/g13/g13-common.h -=================================================================== ---- gnupg-2.2.19.orig/g13/g13-common.h -+++ gnupg-2.2.19/g13/g13-common.h -@@ -32,6 +32,13 @@ - #include "../common/session-env.h" - #include "../common/strlist.h" - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif - - /* Debug values and macros. */ - #define DBG_MOUNT_VALUE 1 /* Debug mount or device stuff. */ -@@ -48,6 +55,7 @@ - /* A large struct named "opt" to keep global flags. Note that this - struct is used by g13 and g13-syshelp and thus some fields may only - make sense for one of them. */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - unsigned int debug; /* Debug flags (DBG_foo_VALUE). */ -Index: gnupg-2.2.19/g13/g13-syshelp.c -=================================================================== ---- gnupg-2.2.19.orig/g13/g13-syshelp.c -+++ gnupg-2.2.19/g13/g13-syshelp.c -@@ -31,6 +31,7 @@ - #endif - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "g13-syshelp.h" - - #include -Index: gnupg-2.2.19/g13/g13.c -=================================================================== ---- gnupg-2.2.19.orig/g13/g13.c -+++ gnupg-2.2.19/g13/g13.c -@@ -27,6 +27,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "g13.h" - - #include -Index: gnupg-2.2.19/scd/scdaemon.c -=================================================================== ---- gnupg-2.2.19.orig/scd/scdaemon.c -+++ gnupg-2.2.19/scd/scdaemon.c -@@ -37,6 +37,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #define GNUPG_COMMON_NEED_AFLOCAL - #include "scdaemon.h" - #include -Index: gnupg-2.2.19/scd/scdaemon.h -=================================================================== ---- gnupg-2.2.19.orig/scd/scdaemon.h -+++ gnupg-2.2.19/scd/scdaemon.h -@@ -31,6 +31,14 @@ - #include "../common/util.h" - #include "../common/sysutils.h" - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif -+ - /* To convey some special hash algorithms we use algorithm numbers - reserved for application use. */ - #ifndef GCRY_MODULE_ID_USER -@@ -44,6 +52,7 @@ - - - /* A large struct name "opt" to keep global flags. */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - unsigned int debug; /* Debug flags (DBG_foo_VALUE). */ -Index: gnupg-2.2.19/sm/gpgsm.c -=================================================================== ---- gnupg-2.2.19.orig/sm/gpgsm.c -+++ gnupg-2.2.19/sm/gpgsm.c -@@ -28,6 +28,8 @@ - #include - /*#include */ - -+#define INCLUDED_BY_MAIN_MODULE 1 -+ - #include "gpgsm.h" - #include - #include /* malloc hooks */ -Index: gnupg-2.2.19/sm/gpgsm.h -=================================================================== ---- gnupg-2.2.19.orig/sm/gpgsm.h -+++ gnupg-2.2.19/sm/gpgsm.h -@@ -36,6 +36,13 @@ - #include "../common/ksba-io-support.h" - #include "../common/compliance.h" - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif - - #define MAX_DIGEST_LEN 64 - -@@ -52,6 +59,7 @@ struct keyserver_spec - - - /* A large struct named "opt" to keep global flags. */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - unsigned int debug; /* debug flags (DBG_foo_VALUE) */ -Index: gnupg-2.2.19/tools/gpg-wks-client.c -=================================================================== ---- gnupg-2.2.19.orig/tools/gpg-wks-client.c -+++ gnupg-2.2.19/tools/gpg-wks-client.c -@@ -25,6 +25,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "../common/util.h" - #include "../common/status.h" - #include "../common/i18n.h" -Index: gnupg-2.2.19/tools/gpg-wks-server.c -=================================================================== ---- gnupg-2.2.19.orig/tools/gpg-wks-server.c -+++ gnupg-2.2.19/tools/gpg-wks-server.c -@@ -32,6 +32,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "../common/util.h" - #include "../common/init.h" - #include "../common/sysutils.h" -Index: gnupg-2.2.19/tools/gpg-wks.h -=================================================================== ---- gnupg-2.2.19.orig/tools/gpg-wks.h -+++ gnupg-2.2.19/tools/gpg-wks.h -@@ -25,11 +25,20 @@ - #include "../common/strlist.h" - #include "mime-maker.h" - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif -+ - /* The draft version we implement. */ - #define WKS_DRAFT_VERSION 3 - - - /* We keep all global options in the structure OPT. */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - int verbose; -Index: gnupg-2.2.19/tools/gpgconf.c -=================================================================== ---- gnupg-2.2.19.orig/tools/gpgconf.c -+++ gnupg-2.2.19/tools/gpgconf.c -@@ -25,6 +25,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "gpgconf.h" - #include "../common/i18n.h" - #include "../common/sysutils.h" -Index: gnupg-2.2.19/tools/gpgconf.h -=================================================================== ---- gnupg-2.2.19.orig/tools/gpgconf.h -+++ gnupg-2.2.19/tools/gpgconf.h -@@ -22,7 +22,16 @@ - - #include "../common/util.h" - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif -+ - /* We keep all global options in the structure OPT. */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - int verbose; /* Verbosity level. */ -Index: gnupg-2.2.19/tools/gpgtar.c -=================================================================== ---- gnupg-2.2.19.orig/tools/gpgtar.c -+++ gnupg-2.2.19/tools/gpgtar.c -@@ -34,6 +34,7 @@ - #include - #include - -+#define INCLUDED_BY_MAIN_MODULE 1 - #include "../common/util.h" - #include "../common/i18n.h" - #include "../common/sysutils.h" -Index: gnupg-2.2.19/tools/gpgtar.h -=================================================================== ---- gnupg-2.2.19.orig/tools/gpgtar.h -+++ gnupg-2.2.19/tools/gpgtar.h -@@ -23,7 +23,16 @@ - #include "../common/util.h" - #include "../common/strlist.h" - -+#ifndef EXTERN_UNLESS_MAIN_MODULE -+# if !defined (INCLUDED_BY_MAIN_MODULE) -+# define EXTERN_UNLESS_MAIN_MODULE extern -+# else -+# define EXTERN_UNLESS_MAIN_MODULE -+# endif -+#endif -+ - /* We keep all global options in the structure OPT. */ -+EXTERN_UNLESS_MAIN_MODULE - struct - { - int verbose; diff --git a/gpg2.changes b/gpg2.changes index 503cec7..adae416 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Thu Apr 30 13:59:33 UTC 2020 - Pedro Monreal Gonzalez + +- Fix gpgme and gpgme-qt builds on gpg2 2.2.20 update [bsc#1170811] +- Refresh patches: + * gnupg-2.2.8-files-are-digests.patch + * gnupg-add_legacy_FIPS_mode_option.patch + +------------------------------------------------------------------- +Fri Mar 20 20:17:44 UTC 2020 - Andreas Stieger + +- GnuPG 2.2.20: + * Protect the error counter against overflow to guarantee that the + tools can't be tricked into returning success after an error + * gpg: Make really sure that --verify-files always returns an error + * gpg: Fix key listing --with-secret if a pattern is given + * gpg: Fix detection of certain keys used as default-key + * gpg: Fix default-key selection when a card is available + * gpg: Fix key expiration and key usage for keys created with a + creation date of zero + * gpgsm: Fix import of some CR,LF terminated certificates + * gpg: New options --include-key-block and --auto-key-import to + allow encrypted replies after an initial signed message + * gpg: Allow the use of a fingerprint with --trusted-key + * gpg: New property "fpr" for use by --export-filter + * scdaemon: Disable the pinpad if a KDF DO is used + * dirmngr: Improve finding OCSP certificates +- drop gpg2-gcc10-build-fno-common.patch, upstream + ------------------------------------------------------------------- Fri Mar 13 10:39:09 UTC 2020 - Fabian Vogt diff --git a/gpg2.spec b/gpg2.spec index ff32740..bfdd1fe 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.19 +Version: 2.2.20 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -29,7 +29,6 @@ Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes -Patch1124847: gnupg-gpg-agent-ulimit.patch Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.2.8-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch @@ -40,8 +39,7 @@ Patch12: gnupg-2.2.16-secmem.patch Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch14: gnupg-add-test-cases-for-import-without-uid.patch Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -# PATCH-FIX-UPSTREAM bsc#1160394 Fix gcc10 build -Patch16: gpg2-gcc10-build-fno-common.patch +Patch1124847: gnupg-gpg-agent-ulimit.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -107,7 +105,6 @@ gpgsm, or via the gpg-connect-agent tool. %patch13 -p1 %patch14 -p1 %patch15 -p1 -%patch16 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build @@ -132,7 +129,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --enable-gpg-is-gpg2 \ --enable-Werror -make %{?_smp_mflags} +%make_build %install %make_install From 15352e8d903f4c0bb365a5446428554aaa724e2eedf91f2ae18772716d4fd6c1 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 15 Jul 2020 09:13:43 +0000 Subject: [PATCH 140/156] Accepting request 820863 from Base:System OBS-URL: https://build.opensuse.org/request/show/820863 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=149 --- gnupg-2.2.20.tar.bz2 | 3 --- gnupg-2.2.20.tar.bz2.sig | Bin 954 -> 0 bytes gnupg-2.2.21.tar.bz2 | 3 +++ gnupg-2.2.21.tar.bz2.sig | Bin 0 -> 310 bytes gnupg-gpgme-t-encrypt-sym.patch | 21 ++++++++++++++++++++ gpg2.changes | 34 ++++++++++++++++++++++++++++++++ gpg2.spec | 5 ++++- 7 files changed, 62 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.20.tar.bz2 delete mode 100644 gnupg-2.2.20.tar.bz2.sig create mode 100644 gnupg-2.2.21.tar.bz2 create mode 100644 gnupg-2.2.21.tar.bz2.sig create mode 100644 gnupg-gpgme-t-encrypt-sym.patch diff --git a/gnupg-2.2.20.tar.bz2 b/gnupg-2.2.20.tar.bz2 deleted file mode 100644 index a1c9c43..0000000 --- a/gnupg-2.2.20.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:04a7c9d48b74c399168ee8270e548588ddbe52218c337703d7f06373d326ca30 -size 6786913 diff --git a/gnupg-2.2.20.tar.bz2.sig b/gnupg-2.2.20.tar.bz2.sig deleted file mode 100644 index 2f2868c0e1679846bc8e6b06ebb810c3acdd901abc3fae7a340382097c228ae5..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 954 zcmV;r14aCa1GfYK0SE%279j-KX(1!T23_i24?49Zn>o@?CF8aQ0$z0OcfrCY0GR;| z1WhfAfdL2rsv6RzU)ad~>EVIp;JOl$WiYTxH`s9 zzBXK0+#A#AFc--ULuIss;3!%A6WdrqpbnOlfZLYNZ+#pCU;~o4;EwRXAIBN_`3P$z ztvR&u!lK_kE8`at4FB>SN)bg>2>w8MmtYcLfoy~#DSQSuyD1zx2b-L;ijvNrRUd$= z4!=(ha>MdaMjlNu@;Y#bg@4FHgCw96V?|@rPW{}!E~pLpW-Oe|OYbEj*uDPJOz(Ky zYcP`+Kz^)OZHS+Ut)Prg`$!3a`)I|+$|q1Wfz%Kf=FP<_s^n`HYupfHdf|qkE22q% z++7kO01*KI0kjrZWpZw1av)1@V`v~KWNCABAaiMFDTx791QP)W06zj70|pBT2nPcK z1{DYb2?`4Y76JnS0v-VZ7l0Na1lVaIBg6(>>Rt~zwIrK4(oZGhwgm!S48$1)2^67M zHUJ6<5G0#9(oZGhwg{OA{T-@@T8jQ@DVh@mCujq7%@(+j_P|>vwex0)w!w2Pl3(Z+ z($T6SG8`>LLw^j*!H+yZM5n3!!3${5rgORjD~W`{q?i8gffK;{6{A4*%dPPLxW+nY zEcHH9G7B;dy|-H4nmm*CyE?JEyaubEBO9Iqxg(-376{~#iB#Rg<^y-nFQQZAUQ^#o z$YAvsEy1585J2+5uZ^!5i^u5$fHPAy**83wUvhV>f5f$G;)_u;QFhLL#AMjdLQ+G} zS?v#N;Z#2~zImGD8H<&>m0Vq?aq&P^4UByA1@Wztl(@#GX(sbyTb&k%m15-<87-a6 z)JupRapp!QICg5PasUbm5G0#9(oZGhwodd20GZ`5*oif^TEZhh85B%u;2Itcx95Id zt-}YUZ;eVn_ z!Tt=K3#_MzYYvY=S@h#=+ZhmJ>yk)}^t?L;>0S2t#QrXToex^8^bvo-Slo`Ei>L?i z7pMs~zF0LMDH~R&Ppovy3z>m$V1^&{c(Wjc2Hn5l)Y-^zLZJ<+-@ctQFo(`?2N*$o z&wTkMrKCLvypU6D4;p<)^k)O+1G!_@olrdQSpJ|Qp`+IJdK0!w-;0m1Gx~ZbT&LwJ ct(KnlwK{@hKi%s`?_$vVD(bPMdnYK|O&Zv)!To@?CF8aQ0$&F8WdI5Z5G0#9 z(oZGhwqD)`{TFAp_HnoMS;fbf*fWyPGD>lM^*K_}rV&w3tdDTVu}k`UDA2Q^7HHRE zT0g+|j@*AxfEASbB7wh3q}cz=i+Hm*aIpvg{UM@O^j}j#Q|+M!&nP&x#AC&7sKLur z9D;1#0;b*M2Kf4e7?CmG+m5^@nbUz}iZ}F}@H{}gB~)Y0{fF^$si+)m30i@_T@}dL zB2m!v24JtF&kqdtecp+|)|y(=Bs2j;9)cA+OII_}C_Ua#&s$6hBw`1YRg*Sq=r|t+ zAF{lYgZ~failed_tries = 0; + continue; + } +- if (*pi->pin && !pi->repeat_okay) ++ if (*pi->pin && !pi->repeat_okay ++ && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK) + { + /* The passphrase is empty and the pinentry did not + * already run the repetition check, do it here. This +- * is only called when using an old and simple pinentry. */ ++ * is only called when using an old and simple pinentry. ++ * It is neither called in loopback mode because the ++ * caller does any passphrase repetition by herself. */ + xfree (response); + response = NULL; + rc = agent_get_passphrase (ctrl, &response, diff --git a/gpg2.changes b/gpg2.changes index adae416..41306de 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Tue Jul 14 10:22:22 UTC 2020 - Pedro Monreal Gonzalez + +- Fix regression in latest gpg2 that makes gpgme fail to build [bsc#1174007] +- Add gnupg-gpgme-t-encrypt-sym.patch + +------------------------------------------------------------------- +Thu Jul 9 11:36:57 UTC 2020 - Andreas Stieger + +- GnuPG 2.2.21: + * gpg: Improve symmetric decryption speed by about 25% + * gpg: Support decryption of AEAD encrypted data packets + * gpg: Add option --no-include-key-block + * gpg: Allow for extra padding in ECDH + * gpg: Only a single pinentry is shown for symmetric encryption if + the pinentry supports this + * gpg: Print a note if no keys are given to --delete-key + * gpg,gpgsm: The ridiculous passphrase quality bar is not anymore + shown + * gpgsm: Certificates without a CRL distribution point are now + considered valid without looking up a CRL. The new option + --enable-issuer-based-crl-check can be used to revert to the + former behaviour + * gpgsm: Support rsaPSS signature verification + * gpgsm: Unless CRL checking is disabled lookup a missing issuer + certificate using the certificate's authorityInfoAccess + * gpgsm: Print the certificate's serial number also in decimal + notation + * gpgsm: Fix possible NULL-deref in messages of --gen-key + * scd: Support the CardOS 5 based D-Trust Card 3.1 + * dirmngr: Allow http URLs with "LOOKUP --url" + * wkd: Take name of sendmail from configure. Fixes an OpenBSD + specific bug + ------------------------------------------------------------------- Thu Apr 30 13:59:33 UTC 2020 - Pedro Monreal Gonzalez diff --git a/gpg2.spec b/gpg2.spec index bfdd1fe..ff9d6ff 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.20 +Version: 2.2.21 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -40,6 +40,8 @@ Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_duri Patch14: gnupg-add-test-cases-for-import-without-uid.patch Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch Patch1124847: gnupg-gpg-agent-ulimit.patch +# PATCH-FIX-UPSTREAM bsc#1174007 gpgme: Fails to build with latest gpg-2.2.21 +Patch16: gnupg-gpgme-t-encrypt-sym.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -105,6 +107,7 @@ gpgsm, or via the gpg-connect-agent tool. %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build From bfc3caa7a20223e25f896d1a21a18b90cb1ecb0d863e900cf7e32c073737b118 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 5 Sep 2020 22:00:15 +0000 Subject: [PATCH 141/156] Accepting request 831939 from Base:System - GnuPG 2.2.23: * gpg: fix AHEAD preference list overflow boo#1176034 / CVE-2020-25125 * gpg: fix possible segv in the key cleaning code * gpgsm: fix a minor RFC2253 parser gub * scdaemon: Fix a PIN verify failure on certain OpenPGP card implementations - GnuPG 2.2.22: * gpg: Change the default key algorithm to rsa3072 * gpg: Add regular expression support for Trust Signatures on all platforms * gpg: Ignore --personal-digest-prefs for ECDSA keys * gpgsm: Make rsaPSS a de-vs compliant scheme * gpgsm: Show also the SHA256 fingerprint in key listings * gpgsm: Do not require a default keyring for --gpgconf-list * gpg-agent: Default to extended key format and record the creation time of keys Add new option --disable-extended-key-format * gpg-agent: Support the WAYLAND_DISPLAY envvar * gpg-agent: Allow using --gpgconf-list even if HOME does not exist * gpg-agent: Make the Pinentry work even if the envvar TERM is set to the empty string * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly incremented the error counter when using the "verify" command of "gpg --edit-key" with only the signature key being present * dirmngr: Better handle systems with disabled IPv6 * gpgpslit: Install tool. It was not installed in the past to avoid conflicts with the version installed by GnuPG 1.4 OBS-URL: https://build.opensuse.org/request/show/831939 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=150 --- gnupg-2.2.21.tar.bz2 | 3 - gnupg-2.2.21.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.23.tar.bz2 | 3 + gnupg-2.2.23.tar.bz2.sig | Bin 0 -> 310 bytes gnupg-gpgme-t-encrypt-sym.patch | 21 ----- gpg2.changes | 39 +++++++++ gpg2.keyring | 148 ++++++++++++-------------------- gpg2.spec | 7 +- 8 files changed, 101 insertions(+), 120 deletions(-) delete mode 100644 gnupg-2.2.21.tar.bz2 delete mode 100644 gnupg-2.2.21.tar.bz2.sig create mode 100644 gnupg-2.2.23.tar.bz2 create mode 100644 gnupg-2.2.23.tar.bz2.sig delete mode 100644 gnupg-gpgme-t-encrypt-sym.patch diff --git a/gnupg-2.2.21.tar.bz2 b/gnupg-2.2.21.tar.bz2 deleted file mode 100644 index 2153d1d..0000000 --- a/gnupg-2.2.21.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:61e83278fb5fa7336658a8b73ab26f379d41275bb1c7c6e694dd9f9a6e8e76ec -size 6813160 diff --git a/gnupg-2.2.21.tar.bz2.sig b/gnupg-2.2.21.tar.bz2.sig deleted file mode 100644 index 6066e3d8006879cb4407a37a58ee62d26bb96f76c590dc5ae481e691f9e6bbeb..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$&F8WdI5Z5G0#9 z(oZGhwqD)`{TFAp_HnoMS;fbf*fWyPGD>lM^*K_}rV&w3tdDTVu}k`UDA2Q^7HHRE zT0g+|j@*AxfEASbB7wh3q}cz=i+Hm*aIpvg{UM@O^j}j#Q|+M!&nP&x#AC&7sKLur z9D;1#0;b*M2Kf4e7?CmG+m5^@nbUz}iZ}F}@H{}gB~)Y0{fF^$si+)m30i@_T@}dL zB2m!v24JtF&kqdtecp+|)|y(=Bs2j;9)cA+OII_}C_Ua#&s$6hBw`1YRg*Sq=r|t+ zAF{lYgZ~o@?CF8aQ0$))McmN6s5G0#9 z(oZGhw(67!0G=VeW|Yy^WJWLgJvVWqZv~aJi~28Q@0;iU2&`Vc8!*zSTncO%0oKMz z>cJa64dd$Yv*}6Dx!S1q13zE&2sIDmzC$%0$;QDLf8Npg+F#{%5S`DzwKkm`+7aBE ztE{65zhEJYG=mijm1rt}-<&OWt8NhIyKhIHCv8X}A2Uj(Sy4`z{5yUzF&z}-=~1Ym z86h!ksfa6lQPjTeuCvzZ{DZnXv=Fvp9~7dq*D48R|8U{xE2EmD0 I$&TLYr`phxKL7v# literal 0 HcmV?d00001 diff --git a/gnupg-gpgme-t-encrypt-sym.patch b/gnupg-gpgme-t-encrypt-sym.patch deleted file mode 100644 index 4cf0601..0000000 --- a/gnupg-gpgme-t-encrypt-sym.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: gnupg-2.2.21/agent/command.c -=================================================================== ---- gnupg-2.2.21.orig/agent/command.c -+++ gnupg-2.2.21/agent/command.c -@@ -1595,11 +1595,14 @@ cmd_get_passphrase (assuan_context_t ctx - pi2->failed_tries = 0; - continue; - } -- if (*pi->pin && !pi->repeat_okay) -+ if (*pi->pin && !pi->repeat_okay -+ && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK) - { - /* The passphrase is empty and the pinentry did not - * already run the repetition check, do it here. This -- * is only called when using an old and simple pinentry. */ -+ * is only called when using an old and simple pinentry. -+ * It is neither called in loopback mode because the -+ * caller does any passphrase repetition by herself. */ - xfree (response); - response = NULL; - rc = agent_get_passphrase (ctrl, &response, diff --git a/gpg2.changes b/gpg2.changes index 41306de..634ee52 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Thu Sep 3 17:16:41 UTC 2020 - Andreas Stieger + +- GnuPG 2.2.23: + * gpg: fix AHEAD preference list overflow boo#1176034 / CVE-2020-25125 + * gpg: fix possible segv in the key cleaning code + * gpgsm: fix a minor RFC2253 parser gub + * scdaemon: Fix a PIN verify failure on certain OpenPGP card + implementations + +------------------------------------------------------------------- +Tue Sep 1 21:09:57 UTC 2020 - Andreas Stieger + +- GnuPG 2.2.22: + * gpg: Change the default key algorithm to rsa3072 + * gpg: Add regular expression support for Trust Signatures on + all platforms + * gpg: Ignore --personal-digest-prefs for ECDSA keys + * gpgsm: Make rsaPSS a de-vs compliant scheme + * gpgsm: Show also the SHA256 fingerprint in key listings + * gpgsm: Do not require a default keyring for --gpgconf-list + * gpg-agent: Default to extended key format and record the + creation time of keys + Add new option --disable-extended-key-format + * gpg-agent: Support the WAYLAND_DISPLAY envvar + * gpg-agent: Allow using --gpgconf-list even if HOME does not + exist + * gpg-agent: Make the Pinentry work even if the envvar TERM is + set to the empty string + * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which + wrongly incremented the error counter when using the + "verify" command of "gpg --edit-key" with only the signature + key being present + * dirmngr: Better handle systems with disabled IPv6 + * gpgpslit: Install tool. It was not installed in the past to + avoid conflicts with the version installed by GnuPG 1.4 + * gpgtar: Make --files-from and --null work as documented +- drop gnupg-gpgme-t-encrypt-sym.patch, upstream + ------------------------------------------------------------------- Tue Jul 14 10:22:22 UTC 2020 - Pedro Monreal Gonzalez diff --git a/gpg2.keyring b/gpg2.keyring index 4637a2d..96f1bf5 100644 --- a/gpg2.keyring +++ b/gpg2.keyring @@ -1,5 +1,4 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg @@ -7,93 +6,60 @@ jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB 1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk -aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW -AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s -hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8 -5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8 -Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc -WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC -E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsqInAQQAQIA -BgUCTS2NBAAKCRBTtiDQHODGMEZPBACLmrMjpwmyVvI6X5N4NlWctXQWY+4ODx2i -O9CtUM/F96YiPFlmgwsJUzyXLwALYk+shh83TjQLfjexohzS1O07DCZUy7Lsb9R7 -HbYJ1Yf/QcEykbiAW465CZb1BAOMR2HUODBTaABaidfnhmUzJtayz7Y0KKRHAx+V -VS6kfnsFq5kBDQRUUF8HAQgAh1mo8r+kVWVTNsNlyurm2tdZKiQbdeVgpBgcDnqI -3fAV58C3nC8DVuK5qVGZPB/jbu42jc8BXGP1l6UP+515LQL5GpTtV0pRWUO02WOu -TLZBVQcq53vzbg1xVo31rWV96mqGAPs8lGUCm09fpuiVKQojO6/Ihkg7/bnzeSbc -X5Xk9eKLhyB7tnakuYJeRYm4bjs+YDApK8IFQyevYF8pjTcbLTSNJPW9WLCsozsy -11r4xdfRcTWjARVz5VzTnQ+Px8YtsnjQ3qwNJBpsqMLCdDN7YGhh/mlwPjgdq/UF -f5+bY6f3ew0vshBqInBQycBSmYyoX0Ye3sAS/OR4nu5ZaQARAQABtD5EYXZpZCBT -aGF3IChHbnVQRyBSZWxlYXNlIFNpZ25pbmcgS2V5KSA8ZHNoYXdAamFiYmVyd29j -a3kuY29tPokBPgQTAQIAKAUCVFBfBwIbAwUJCbp27gYLCQgHAwIGFQgCCQoLBBYC -AwECHgECF4AACgkQBDdvPuCFaVmIoQf+POxCWkCTicRVlq0kust/iwYO1egK9FWG -130e2Irnv2lAZZN/0S5ibjHCYFp9gfMgmtVTF5oWXjSDAy/kIykQBBcUVx4SCJbd -MtKSdsSIQMz6P4DxXumxQm79msOsbi5TsdtUwjqdrbu2sHloE7ck/hTXUCkX3zuq -txY7W23BCQxVVT5qUaFuAHkkQaaBgAb8gdgixmkIBfu9u8k3k9zUKm/PNfMjxClv -ORkP8gev+XyzNgcXM49h5YYlmDT+Ahv99nUM1wg8yJTjefBAY0fL982Scx30nDQO -3w7ihALUoj5+TXQjhs3sWPJ8u3pstr9XcfzEZC77/CZmRYNr8g5hBokBHAQQAQgA -BgUCVFOBbwAKCRAkmznSTyXjtmHeB/0X00v959Oyc0EsSLOlfC52qsEn5cU7vxFb -+KY9aKtG4+hApJxemkqpCgA5+xZwXp3SQOf0sYFwz5OsukIjRF0HgSEdjoMTH6b7 -lT0nCwKo8AMU0nJbopVIJikHOzk2gUqh1gxu5iml1RbSkmFhiGjYeqM+ONQynCeX -Gg3LLZCQ1eeoaX69bvbWQFDtTIn2HYvjZLjuGC6PGH/naZ7GchiiiK0bs4UOdJFX -HtITC/7DcgEiHMHOMT3XlwINTexZG0grl2LuWuyyhurJh5IO6geArPKUmR8SjJjV -azpwbutZhYjTzfUpPvKK8kCSan9Df5eeekDrKCU8x8aqLDVyoQcRmQENBFRQOyMB -CADmEHA30Xc6op/72ZcJdQMriVvnAyN22L3rEbTiACfvBajs6fpzme2uJlC5F1Hk -Ydx3DvdcLoIV6Ed6j95JViJaoE0EB8T1TNuQRL5xj7jAPOpVpyqErF3vReYdCDIr -umlEb8zCQvVTICsIYYAo3oxX/Z/M7ogZDDeOe1G57f/Y8YacZqKw0AqW+20dZn3W -7Lgpjl8EzX25AKBl3Hi/z+s/T7JCqxZPAlQq/KbHkYh81oIm+AX6/5o+vCynEEx/ -2OkdeoNeeHgujwL8axAwPoYKVV9COy+/NQcofZ6gvig1+S75RrkG4AdiL64C7OpX -1N2kX08KlAzI9+65lyUw8t0zABEBAAG0Mk5JSUJFIFl1dGFrYSAoR251UEcgUmVs -ZWFzZSBLZXkpIDxnbmlpYmVAZnNpai5vcmc+iQE8BBMBCAAmBQJUUDsjAhsDBQkD -wmcABQsHCAkDBBUICQoFFgIDAQACHgECF4AACgkQIHGwijO9PwZ1/wgA0LKal1wF -Za8FPUonc2GzwE9YhkZiJB8KA/a7T6//cW4N46/GswiqZJxN1RdKs1B+rp7EMMU3 -bhoXstLBcIYveljqh4lPBWCsTT2+/OpwAmgnzjgdTHcpnCMTEOdZktD5SKrTj2tV -aWXAlWK/UsEEanA3cvzofy44n7rm+Eoa7P1YGCHL++Ihsi66ElbehilTT/xxckHX -Uji1XDvoagEENEHk5j4Z2mhWtjnGclvuiBkS4XezezNMW/fPAypZX4bkURNbGd8j -tkb3Eqt+bv+ZQoSA+Ukv8APaAzj8lRSw+CYjDxpoM0jtmiPrk+u/Do46COVA/IX2 -2aYNT2Y2KoWJV4kBHAQQAQgABgUCVFOCHQAKCRAkmznSTyXjtoIhB/0ZE/ppI2Gc -qDxSwPKkRkkoMD8oXdKkPxjUF2jgP+bceHKiz1F78cx/eZltB4av8OujO1IwqH2C -0aVr46W3eSyIcpmmw6F9sjLcTfyZJfWJrvobb7WQSKvWw0eHFgNGR6Z+BA3ohjws -aCZtzzkH2gXI+EM7qaZozMw+eSkZ4qTE9B4/hkMZZpBO0oGy9PQzSlADGftyyuTt -oSUvepfs+EvYSddQ7skXWq0zePuOhng2Mppl690A+aTywyetbPvVeqjiAbI7NB5f -8Tw7dk0Febe9NHvbwzgiStMPmIKrTcthvgIClBkZvmkBFWAPxYPdHfLzAlpDGxJt -R31c0zNFBH68mQENBFRDqVIBCAC0k8eZKDmNqdmawOlJ/m62L2g8uXT/+/vAEGb1 -yaib09xI6tfGXzbqlDwrLIZcJsSIT/nt/ajJnIVbc3137va4XbwMzsDpAMH4mmiT -oqk+izEChGm2knzrLwhoflR8aGsKL35QoZT/erdjfgPeCRLvf25fHsN2Jb0WIMzC -56VkMeFoza+9HZ5hrkemmm+gPvIvhEUopxCyOS8mK5WjB4zzIdyDJfkqVpHvafNP -0N4LIsedKdyHcj/K3kY4Kejl99GW1z1snBgPamoN2/e52Pf6KTw2FjsSGZ72oalc -rkBR4wacUizGxKcRD2Y6Xa0g9mwToWdNBQCIII+uTzOzq1EDABEBAAG0IVdlcm5l -ciBLb2NoIChSZWxlYXNlIFNpZ25pbmcgS2V5KYkBPQQTAQgAJwUCVEOpUgIbAwUJ -C6oF9QULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCKhhscfv1g2aH7B/wIW6mV -mTmzW2xc1q1MUdssExQBhEeONrbWJ/HiGZP/MaabgQ/+wZuThTAwfGM5zFQBOvrB -OGURhINU6lYQlcOrVo+V8Z1mNQKFWaKxJaY5Ku1bB1OuX9FHLEiMibogHu5fjJIX -BE8XrnvueejyFQ5g/uX2xcGgCWlMe49sR3K+lEl3n93xTmSNhP52r0gTjMjbqKWK -UaIGJ5OcWSrvawdfqLXkxR8phq2AlHHEfxpcZsOp9mZirWYQ5jcgGgFP0LYXUw/R -nxFpOcrj45qufmyEL9QJKjBV5RaHJbqukefwUInPQtVUmINqQxztSh5QxQP2tsUP -IeEi5RAoCwLJam8ziQEcBBABCAAGBQJUU4JUAAoJECSbOdJPJeO2c+cH+wevKc8w -bkWSoGOJiYDglVMJa4x5utgHyXP4PyqelIQ7yibfQq3YyOU9RWRGxfvuofPXpx1E -u/XtCGgw03r4HZhauauYe27IDpA5P/Go7+WqufT6gMBoZf/1cD2ykQZpFyszEKHf -Y+BlzqPJcRaXy4+uQG3O+bh/R2eIGAJDao/AclJI+kfckeY5DzRTibPex+rGAkxZ -8qHtlCb0WeUbL3mgl9f3LlbPH77w1on6XqqIaQ+ODSS/3CUOIhNI3lrGO7mIqhSC -0n+rpqLHeVLpLkz0IFvsJOp9UOHDCA8oL0cQtJGP1pN7muKR9nCVtoNuN41JapoO -4ZaHe5Y0r5MIofSYjgRDt/rHAQQA0JkZeitcyQMqk2xGd/5mGoc4+YNwQo8OSmVw -IvY8UAI3tBorhF6ha9niaqZU4vdldTnXMU0j1oPckAhOgRPaOvaEZhYUTF0F/15p -iAF5dkZQ6dsmXVUkPNYMZTpkc2nA+IACBiOmygGBkLFuXvHRW1i6SNz28iRH/UZc -YLi/2iEAIIFWUJm0Jldlcm5lciBLb2NoIChkaXN0IHNpZykgPGRkOWpuQGdudS5v -cmc+iLwEEwECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTS2MtwUJClRO -YQAKCRBTtiDQHODGMPB4A/0U1DJR9LbkWuBs8Ko6KJoKLMVI6iYNJBhAtm3dxWeU -xA16eYDWW/b9Lk5KnjtSWuGOeqa7MCsXnkyHkO88KE9IcM3mFnhfFN2qagd/nRch -l9MPsdOgf/ug7j72Alv2V8s28R10HTjfwySe/omXWwK3qn8ou6N7ID+EwCV7i2e2 -u5kBogQ1oh4eEQQA/pdK4Oafa1uDN7Cr5nss4bNpg8YUSg01VVJ08KTCEdpCAPaU -+NzaP3KD2ow74WU2gzP70s9uSGQ2Vie4BLvOkaaBHba/3ivBrg3ILFrxbOfmKQg8 -Fhtncd/TBOwzfkkbxBNcVJuBPRtjZ3dlDbS4IPNsIIv2SuCIfQmA8qNGvWsAoIrJ -90b2fzERCZkKtfkoyYA8fnNrBADhJ8RmIrKiCnDk3Tzk04nu6O8fp3ptrmnO7jlu -vDfsEVsYRjyMbDnbnjCGu1PeFoP2HZ+H9lp4CaQbyjWh2JlvI9UOc72V16SFkV0r -8k0euNQXHhhzXWIkfz4gwSbBkN2nO5+6cIVeKnsdyFYkQyVs+Q86/PMfjo7utyrc -WLq1CAQAou3da1JR6+KJO4gUZVh2F1NoaVCEPAvlDhNV10/hwe5mS0kTjUJ1jMl5 -6mwAFvhFFF9saW+eAnrwIOHjopbdHrPBmTJlOnNMHVLJzFlqjihwRRZQyL8iNu2m -farn9Mr28ut5BQmp0CnNEJ6hl0Cs7l2xagWFtlEK2II144vK3fG0J1dlcm5lciBL -b2NoIChnbnVwZyBzaWcpIDxkZDlqbkBnbnUub3JnPohhBBMRAgAhAheABQkOFIf9 -BQJBvGheBgsJCAcDAgMVAgMDFgIBAh4BAAoJEGi3q4lXVI3NBJMAn01313ag0tgj -rGUZtDlKYbmNIeMeAJ0UpVsjxpylBcSjsPE8MAki7Hb2Rw== -=W3eM ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file +aXN0IHNpZymJAVUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE +2GkhI8QGXepeDzq1JJs50k8l47YFAl4MxBkFCRShVzYACgkQJJs50k8l47YImQf9 +HaqHWor+aSmaEwQnaAN0zRa4kPbAWya182aJtsFzLZJf6BbS0aoiMhwtREN/DMvB +jzxARKep/cELaM+mc7oDK4mEwqSX/u6BE8D7FaNA9sut8P+4xjpoLPU+UzILMg29 +t1remjyT9rs6sbu8BqufIxueArkjoi4WCOSRiVTdw+YDd88volPkXlPfS8hg9Rct +wZ8kEEDywa+NrxiLx+kDgDNTNdk3PJdfcnesf8S1a+KLUTNRds5+xGTYz0JSQ9BZ +7Q9r4VQ/NL55muQZi5W7lVxdp3HxQFUNjHzzBfGtkpS4xqZpJvNjW50Wh5Vi5RYZ +LZ3M1EuIHXHmRiY4dmqqcpkBDQRUUDsjAQgA5hBwN9F3OqKf+9mXCXUDK4lb5wMj +dti96xG04gAn7wWo7On6c5ntriZQuRdR5GHcdw73XC6CFehHeo/eSVYiWqBNBAfE +9UzbkES+cY+4wDzqVacqhKxd70XmHQgyK7ppRG/MwkL1UyArCGGAKN6MV/2fzO6I +GQw3jntRue3/2PGGnGaisNAKlvttHWZ91uy4KY5fBM19uQCgZdx4v8/rP0+yQqsW +TwJUKvymx5GIfNaCJvgF+v+aPrwspxBMf9jpHXqDXnh4Lo8C/GsQMD6GClVfQjsv +vzUHKH2eoL4oNfku+Ua5BuAHYi+uAuzqV9TdpF9PCpQMyPfuuZclMPLdMwARAQAB +tDJOSUlCRSBZdXRha2EgKEdudVBHIFJlbGVhc2UgS2V5KSA8Z25paWJlQGZzaWou +b3JnPokBPAQTAQgAJgIbAwULBwgJAwQVCAkKBRYCAwEAAh4BAheABQJYDxRZBQkL +S5A2AAoJECBxsIozvT8GvG8IAMBIlGz9voYcSSXAdQOuvz2gM2kOjvMHzN6VlS9V +P06IjnTz2DnejFZwLmxJw8e8mZjUo0jw22uo1HREQhDrne3S1IazPMeTUCUNzpWF +MxXNc6SAyrw9apWa8gouGUWJv3HOwVs8EFA2E9UdtDJ2uG7MY/+eC5K/aeOAyudZ +EbvS8rgZypTFrBtBcNKUWZhz7FRn63HxEmYLE3p6I19ZDXrc1WTazF2oz18zym6c +uURr6waRbdSemUTshpLnKCBZXzJ82bXBgXNnfdmc3gtS24ZmM3ZfK/rYztEDkiTk +s2R1gwDwf5RtDpaf5LD2ufESdbLuT+8blAlscbgYLBcwDquZAY0EWMu6rgEMAKcz +vM1IhpUwBpxPCNdrlMZh7XeLqKUd7hUvQ1KHOuDONxCDnfXdxGCKKI0Ds5I7Kkyp +Wzvcl7PplRy2fYZWwcGtL+Kj01y4L2lXB/xrrVaVwRr4S0FrcbseUGYRafBpR0C1 +Yo24CL1ef4ivsfbER2SyaZ3lrT9Ccv6xfvTluhU8X+2li1ssak/Frvy02u3EORLD +LxaaLQgANgsjnIjv/JQZ4l3xFIJT98tEoL18btg5lGrS2w4yFU1aa1SNsbp7vcu7 +wsqcJmCzX98LyG8/IBGJ5JXmZ03yzWhZ3uhhy1+Avi4GV4Mi0ADwaGMp6O63Mc3w +SL8A/DoCKJLISOc+D5xNfw6C8sYlaOSzQfqY9l4HW/+QbJmEFL2+bnjSHb8yaVU3 +ae2IIrlNkZ5Jamp12Kq6x9Vei0xGk3gd4sqhmHhECdxoJtkX9L5gt436QxdjiTcW +q3V+NNfq94UJu2Ej2kN0fNT0t9RU2n0P/mS0L+1gw5Ex6BX7BIzGL0bZhYomQwAR +AQABiQHOBB8BCAA4FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLwN0XDIABlKXJ +oDwv5co7CV2OH99yPPRitrECBwAACgkQvO9+KUsJLig2Cgv/T4rXEjHwlbsuTkzp +tgK80Dh92URzBAhPhSJ0kUz2b6y7FgVYgZ95u8elGUS4lOB0GOQSK3y4sCgldTQF +GQpMuvNMX6oNQTv1Z/H9H7Sc6AntozKRA6LQC+7DMxjPh2DEhVLYNqi7gMXtuH8o +Xz5+quarw/xbVmuS4UNqcxakd4A/HW6PayRhuju4+oV2+UmGU0etzGVwKSN/UicC +3Re3mUy8SwJFQ9/3EAfiY0SGzSWH1z7bTRg9Ga2ctYDNzUpyQsgLxD6ZRHcONkOo +GUMEQ96BeSsjT4yW9ED70CcCbhg+pMxR+lnpk4BZ4WML/plBjEb8B1YaRvhYWKd3 +OSVB/JsS6J6Q/y9TTsAJDBLAfw9h7RQKibViuVFSNftAuSdktah5mDwFnL0ZMzVS +3tDVDa5PDqbHEhK55/5EWBg4eNbAukVZmmoLzzERGXuj+LOIRElG3/n3chy1uM73 +B6da3al4gDDNHifPsuozpkVN1EAROZx1K9hGGDZC3yFQTjsJtCRBbmRyZSBIZWlu +ZWNrZSAoUmVsZWFzZSBTaWduaW5nIEtleSmJAdQEEwEIAD4WIQRbgMV1Qpjwy1XY +7Wq8734pSwkuKAUCWMu6rgIbAwUJEswDAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIX +gAAKCRC8734pSwkuKEL9DACEIL5IS9wUty62Bnwd9wK2hmwihXNkTLsOOoi8aCdO +ywPwcIucgAcIO+c/t0lbe4y4sJ1KrKbdyOUQiJAyxobLCSV/MkhIDAmsZB1ZIpF3 +nfmNekRdCVcMpqX8jAwoBS3Q9m2UJz1LeDCLFCvLF0nbyUnqHZP19UOvxmzAyZMA +Ub3W5y1+GMo4yA+3xSFI8ZbjzhawixCCRs69/4p+zCXR4e7LBf6koAHllD/0ZULp +SDjF+t2IkvRrMlM+e+Mxjklinr8v1FRGzmE/kCcdHaP88+iwC2wUKOZtFs4yIBLO +SWdQk9tLPmR8uWgNZmatRJyNvOaxd6EbK3jfckbJGFkmXjH+M9vMqFpoAewZ359F +qjq+Us7AXLAMNUynom7IrtR5Rvsjx6RNtKQYUD6XY5rc7r9js9iGruHDAAW5lyRg +j3wikc0IbV9L1bTsXIp29BsrU9sXUkVEp+xQJZgwqoOduoSjmOK88QdkibDqJiGF +dzIRiXx+Nxv1Pr9L7A4/tq+YMwRfQ+WJFgkrBgEEAdpHDwEBB0DPvkeV6RzXomGF +8jQwp0RXEt2TGFwwI7RkbpYwECY2l7QfV2VybmVyIEtvY2ggKGRpc3Qgc2lnbmlu +ZyAyMDIwKYiaBBMWCgBCFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoFAl9D7DUCGwMF +CRKFxxEFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFKIl7gmQDraea4A +/24v8c50HSC/Basf4WlREkuzhudplo8iT0BGtTQRdGAmAP9gIZ8dBekg9PRlpe7A +l7ErThn6owVH9szWrUt6jkKOBg== +=h7e4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/gpg2.spec b/gpg2.spec index ff9d6ff..629389a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.21 +Version: 2.2.23 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -40,13 +40,11 @@ Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_duri Patch14: gnupg-add-test-cases-for-import-without-uid.patch Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch Patch1124847: gnupg-gpg-agent-ulimit.patch -# PATCH-FIX-UPSTREAM bsc#1174007 gpgme: Fails to build with latest gpg-2.2.21 -Patch16: gnupg-gpgme-t-encrypt-sym.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libgcrypt-devel >= 1.7.0 -BuildRequires: libgpg-error-devel >= 1.24 +BuildRequires: libgpg-error-devel >= 1.25 BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 @@ -107,7 +105,6 @@ gpgsm, or via the gpg-connect-agent tool. %patch13 -p1 %patch14 -p1 %patch15 -p1 -%patch16 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build From 150b6370b8b2e38d04f27e0218ffcc34e900b0a69b70df63d5ced7a1204f35af Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 21 Nov 2020 11:40:12 +0000 Subject: [PATCH 142/156] Accepting request 849250 from Base:System OBS-URL: https://build.opensuse.org/request/show/849250 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=151 --- gnupg-2.2.23.tar.bz2 | 3 --- gnupg-2.2.23.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.24.tar.bz2 | 3 +++ gnupg-2.2.24.tar.bz2.sig | Bin 0 -> 119 bytes gpg2.changes | 28 ++++++++++++++++++++++++++++ gpg2.spec | 17 ++++++++--------- 6 files changed, 39 insertions(+), 12 deletions(-) delete mode 100644 gnupg-2.2.23.tar.bz2 delete mode 100644 gnupg-2.2.23.tar.bz2.sig create mode 100644 gnupg-2.2.24.tar.bz2 create mode 100644 gnupg-2.2.24.tar.bz2.sig diff --git a/gnupg-2.2.23.tar.bz2 b/gnupg-2.2.23.tar.bz2 deleted file mode 100644 index 351befb..0000000 --- a/gnupg-2.2.23.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:10b55e49d78b3e49f1edb58d7541ecbdad92ddaeeb885b6f486ed23d1cd1da5c -size 7099806 diff --git a/gnupg-2.2.23.tar.bz2.sig b/gnupg-2.2.23.tar.bz2.sig deleted file mode 100644 index 62743bf6379b25a54d4176ee0a3d07fc19e054f231b7607aff8016a30773fe64..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$))McmN6s5G0#9 z(oZGhw(67!0G=VeW|Yy^WJWLgJvVWqZv~aJi~28Q@0;iU2&`Vc8!*zSTncO%0oKMz z>cJa64dd$Yv*}6Dx!S1q13zE&2sIDmzC$%0$;QDLf8Npg+F#{%5S`DzwKkm`+7aBE ztE{65zhEJYG=mijm1rt}-<&OWt8NhIyKhIHCv8X}A2Uj(Sy4`z{5yUzF&z}-=~1Ym z86h!ksfa6lQPjTeuCvzZ{DZnXv=Fvp9~7dq*D48R|8U{xE2EmD0 I$&TLYr`phxKL7v# diff --git a/gnupg-2.2.24.tar.bz2 b/gnupg-2.2.24.tar.bz2 new file mode 100644 index 0000000..810b857 --- /dev/null +++ b/gnupg-2.2.24.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9090b400faae34f08469d78000cfec1cee5b9c553ce11347cc96ef16eab98c46 +size 7196489 diff --git a/gnupg-2.2.24.tar.bz2.sig b/gnupg-2.2.24.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..418264fe2d12e4de9229a39a35b3d2ade744ae4ef88f5fbb5f40165a9bbfea52 GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@tdb5GjMSVz(m#tG5nRW zRQXf;>HPz{6Zc&8a@cCNK1nOA<6LaAUF+T2d8X_dj10eQXRbVLShPZl>C5csKmSGk UJgH}$ + +- GnuPG 2.2.24: + * gpg: New command --quick-revoke-sig + * gpg: Do not use weak digest algos if selected by recipient + preference during sign+encrypt + * gpg: Switch to AES256 for symmetric encryption in de-vs mode + * gpg: Silence weak digest warnings with --quiet + * gpg: Print new status line CANCELED_BY_USER for a cancel during + symmetric encryption + * gpg: Fix the encrypt+sign hash algo preference selection for + ECDSA. This is in particular needed for keys created from + existing smartcard based keys + * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 + keys + * agent: Keep some permissions of private-keys-v1.d + * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and + gnutls builds + * dirmngr: Fix the pool keyserver case for a single host in the + pool + * scd: Fix the use case of verify_chv2 by CHECKPIN + * scd: Various improvements to the ccid-driver + * scd: Minor fixes for Yubikey + * gpgconf: New option --show-versions + * i18n: Complete overhaul and completion of the Italian + translation + ------------------------------------------------------------------- Thu Sep 3 17:16:41 UTC 2020 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 629389a..a1498e7 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.23 +Version: 2.2.24 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -43,9 +43,9 @@ Patch1124847: gnupg-gpg-agent-ulimit.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.7.0 -BuildRequires: libgpg-error-devel >= 1.25 -BuildRequires: libksba-devel >= 1.3.4 +BuildRequires: libgcrypt-devel >= 1.8.0 +BuildRequires: libgpg-error-devel >= 1.27 +BuildRequires: libksba-devel >= 1.3.5 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -56,11 +56,10 @@ BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) -# Add an explicit runtime dependency to match boo#955982 -Requires: libassuan0 >= 2.4.3 -# Explicit runtime depencency - runtime version check -Requires: libgcrypt20 >= 1.7.0 -Requires: libksba >= 1.3.4 +# runtime dependency to support devel repository users - boo#955982 +Requires: libassuan0 >= 2.5.0 +Requires: libgcrypt20 >= 1.8.0 +Requires: libksba >= 1.3.5 Requires: pinentry Requires(post): %{install_info_prereq} Recommends: dirmngr = %{version} From 5beb87ca974ae4e0c1a429436a5c1fcf545d8be499f076d976cdf75b499120ad Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 29 Nov 2020 11:20:02 +0000 Subject: [PATCH 143/156] Accepting request 850962 from Base:System OBS-URL: https://build.opensuse.org/request/show/850962 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=152 --- gnupg-2.2.24.tar.bz2 | 3 --- gnupg-2.2.24.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.2.25.tar.bz2 | 3 +++ gnupg-2.2.25.tar.bz2.sig | Bin 0 -> 119 bytes gpg2.changes | 9 +++++++++ gpg2.spec | 2 +- 6 files changed, 13 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.2.24.tar.bz2 delete mode 100644 gnupg-2.2.24.tar.bz2.sig create mode 100644 gnupg-2.2.25.tar.bz2 create mode 100644 gnupg-2.2.25.tar.bz2.sig diff --git a/gnupg-2.2.24.tar.bz2 b/gnupg-2.2.24.tar.bz2 deleted file mode 100644 index 810b857..0000000 --- a/gnupg-2.2.24.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9090b400faae34f08469d78000cfec1cee5b9c553ce11347cc96ef16eab98c46 -size 7196489 diff --git a/gnupg-2.2.24.tar.bz2.sig b/gnupg-2.2.24.tar.bz2.sig deleted file mode 100644 index 418264fe2d12e4de9229a39a35b3d2ade744ae4ef88f5fbb5f40165a9bbfea52..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@tdb5GjMSVz(m#tG5nRW zRQXf;>HPz{6Zc&8a@cCNK1nOA<6LaAUF+T2d8X_dj10eQXRbVLShPZl>C5csKmSGk UJgH}$B@#(;Kl3(6zdpF^fMCMXvZ-*Oc*XuT|;x9MMV`TWTGQZVGd%r}>`P%-rw=+Jk UH4orfHbpP@a;f6y1<%{r0FUA_#sB~S literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index 021d49f..f093fd3 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Nov 23 22:36:17 UTC 2020 - Andreas Stieger + +- GnuPG 2.2.25: + * scd: Fix regression in 2.2.24 requiring gpg --card-status + before signing or decrypting + * gpgsm: Using Libksba 1.5.0 signatures with a rarely used + combination of attributes can now be verified + ------------------------------------------------------------------- Tue Nov 17 21:52:38 UTC 2020 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index a1498e7..4731da9 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.24 +Version: 2.2.25 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 701c59566bab609c54216bbefe7d1a4283dffed7ec6130e4676e3b14ddb0f8d9 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 19 Jan 2021 14:59:07 +0000 Subject: [PATCH 144/156] Accepting request 863296 from Base:System OBS-URL: https://build.opensuse.org/request/show/863296 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=153 --- gnupg-2.2.25.tar.bz2 | 3 -- gnupg-2.2.25.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.2.27.tar.bz2 | 3 ++ gnupg-2.2.27.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-2.2.8-files-are-digests.patch | 48 ++++++++++++++-------------- gpg2.changes | 21 ++++++++++++ gpg2.spec | 9 ++---- 7 files changed, 50 insertions(+), 34 deletions(-) delete mode 100644 gnupg-2.2.25.tar.bz2 delete mode 100644 gnupg-2.2.25.tar.bz2.sig create mode 100644 gnupg-2.2.27.tar.bz2 create mode 100644 gnupg-2.2.27.tar.bz2.sig diff --git a/gnupg-2.2.25.tar.bz2 b/gnupg-2.2.25.tar.bz2 deleted file mode 100644 index f548d30..0000000 --- a/gnupg-2.2.25.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c55307b247af4b6f44d2916a25ffd1fb64ce2e509c3c3d028dbe7fbf309dc30a -size 7195857 diff --git a/gnupg-2.2.25.tar.bz2.sig b/gnupg-2.2.25.tar.bz2.sig deleted file mode 100644 index 15035b7c84ebc1451c55ef645e9c4e48612d1a50dfc08e5ef905c6df7e2abbb6..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@w*TFXW-%#fQfXyW@OkM zZ#Q>B@#(;Kl3(6zdpF^fMCMXvZ-*Oc*XuT|;x9MMV`TWTGQZVGd%r}>`P%-rw=+Jk UH4orfHbpP@a;f6y1<%{r0FUA_#sB~S diff --git a/gnupg-2.2.27.tar.bz2 b/gnupg-2.2.27.tar.bz2 new file mode 100644 index 0000000..451f1a3 --- /dev/null +++ b/gnupg-2.2.27.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399 +size 7191555 diff --git a/gnupg-2.2.27.tar.bz2.sig b/gnupg-2.2.27.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..8c34ebea76e995867b091e6a73811b2cfe37533d722f040a9f260b56c71e5d5c GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@qec2F>rATz(l;(F*0nE z=vnkWx8v}!PSK}3cQF1rEL<6&version = 4; @@ -74,10 +74,10 @@ Index: gnupg-2.2.20/g10/sign.c else sig->version = pk->version; -@@ -860,8 +864,12 @@ write_signature_packets (ctrl_t ctrl, - else - err = 0; +@@ -872,8 +876,12 @@ write_signature_packets (ctrl_t ctrl, } + else + err = 0; /* Actually never reached. */ + if (!opt.files_are_digests) { hash_sigversion_to_magic (md, sig); gcry_md_final (md); @@ -87,7 +87,7 @@ Index: gnupg-2.2.20/g10/sign.c if (!err) err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); -@@ -924,6 +932,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -937,6 +945,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -96,7 +96,7 @@ Index: gnupg-2.2.20/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -941,7 +951,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -954,7 +964,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -114,7 +114,7 @@ Index: gnupg-2.2.20/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -962,7 +981,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -975,7 +994,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -123,7 +123,7 @@ Index: gnupg-2.2.20/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -1100,7 +1119,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1124,7 +1143,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -132,7 +132,7 @@ Index: gnupg-2.2.20/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1155,6 +1174,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1179,6 +1198,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -141,7 +141,7 @@ Index: gnupg-2.2.20/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1195,6 +1216,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1219,6 +1240,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -187,7 +187,7 @@ Index: gnupg-2.2.20/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1213,8 +1273,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1237,8 +1297,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (ctrl, sk_list, out, mfx.md, diff --git a/gpg2.changes b/gpg2.changes index f093fd3..83c03a1 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Tue Jan 12 22:45:11 UTC 2021 - Andreas Stieger + +- GnuPG 2.2.27: + * gpgconf: Fix case with neither local nor global gpg.conf + * gpgconf: Fix description of two new options +- includes changes from 2.2.26: + * gpg: New AKL method "ntds" + * gpg: Fix --trusted-key with fingerprint arg + * scd: Fix writing of ECC keys to an OpenPGP card + * scd: Make an USB error fix specific to SPR532 readers + * dirmngr: With new LDAP keyservers store the new attributes. + Never store the useless pgpSignerID. Fix a long standing + bug storing some keys on an ldap server. + * dirmngr: Support the new Active Direcory LDAP schema for + keyservers + * dirmngr: Allow LDAP OpenPGP searches via fingerprint + * dirmngr: Do not block other threads during keyserver LDAP calls + * Support global configuration files + * Fix the iconv fallback handling to UTF-8 + ------------------------------------------------------------------- Mon Nov 23 22:36:17 UTC 2020 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 4731da9..3c8c658 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.25 +Version: 2.2.27 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -61,7 +61,6 @@ Requires: libassuan0 >= 2.5.0 Requires: libgcrypt20 >= 1.8.0 Requires: libksba >= 1.3.5 Requires: pinentry -Requires(post): %{install_info_prereq} Recommends: dirmngr = %{version} Provides: gnupg = %{version} Provides: gpg = 1.4.9 @@ -165,10 +164,6 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %post %udev_rules_update -%install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz - -%preun -%install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz %files lang -f gnupg2.lang From e6cd570008ee5cb67a47f9eeb55f356548b5cf3ea268091ab6f1844fce4f711a Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 15 Jun 2021 14:36:49 +0000 Subject: [PATCH 145/156] Accepting request 899427 from Base:System OBS-URL: https://build.opensuse.org/request/show/899427 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=154 --- gnupg-2.2.8-files-are-digests.patch | 200 ---------------------------- gpg2.changes | 9 ++ gpg2.spec | 4 - 3 files changed, 9 insertions(+), 204 deletions(-) delete mode 100644 gnupg-2.2.8-files-are-digests.patch diff --git a/gnupg-2.2.8-files-are-digests.patch b/gnupg-2.2.8-files-are-digests.patch deleted file mode 100644 index 92992b2..0000000 --- a/gnupg-2.2.8-files-are-digests.patch +++ /dev/null @@ -1,200 +0,0 @@ ---- - g10/gpg.c | 4 +++ - g10/options.h | 1 - g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ - 3 files changed, 67 insertions(+), 6 deletions(-) - -Index: gnupg-2.2.27/g10/gpg.c -=================================================================== ---- gnupg-2.2.27.orig/g10/gpg.c -+++ gnupg-2.2.27/g10/gpg.c -@@ -382,6 +382,7 @@ enum cmd_and_opt_values - oTTYtype, - oLCctype, - oLCmessages, -+ oFilesAreDigests, - oXauthority, - oGroup, - oUnGroup, -@@ -838,6 +839,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), - ARGPARSE_s_n (oUnwrap, "unwrap", "@"), - ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), -+ ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"), - - /* Aliases. I constantly mistype these, and assume other people do - as well. */ -@@ -2372,6 +2374,7 @@ main (int argc, char **argv) - opt.def_cert_expire = "0"; - gnupg_set_homedir (NULL); - opt.passphrase_repeat = 1; -+ opt.files_are_digests=0; - opt.emit_version = 0; - opt.weak_digests = NULL; - -@@ -2944,6 +2947,7 @@ main (int argc, char **argv) - opt.verify_options&=~VERIFY_SHOW_PHOTOS; - break; - case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; -+ case oFilesAreDigests: opt.files_are_digests = 1; break; - - case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; - case oIncludeKeyBlock: opt.flags.include_key_block = 1; break; -Index: gnupg-2.2.27/g10/options.h -=================================================================== ---- gnupg-2.2.27.orig/g10/options.h -+++ gnupg-2.2.27/g10/options.h -@@ -202,6 +202,7 @@ struct - int no_auto_check_trustdb; - int preserve_permissions; - int no_homedir_creation; -+ int files_are_digests; - struct groupitem *grouplist; - int mangle_dos_filenames; - int enable_progress_filter; -Index: gnupg-2.2.27/g10/sign.c -=================================================================== ---- gnupg-2.2.27.orig/g10/sign.c -+++ gnupg-2.2.27/g10/sign.c -@@ -43,6 +43,8 @@ - #include "../common/mbox-util.h" - #include "../common/compliance.h" - -+#include "../common/host2net.h" -+ - #ifdef HAVE_DOSISH_SYSTEM - #define LF "\r\n" - #else -@@ -844,6 +846,8 @@ write_signature_packets (ctrl_t ctrl, - if (duration || opt.sig_policy_url - || opt.sig_notations || opt.sig_keyserver_url) - sig->version = 4; -+ else if (opt.files_are_digests) -+ sig->version = 3; - else - sig->version = pk->version; - -@@ -872,8 +876,12 @@ write_signature_packets (ctrl_t ctrl, - } - else - err = 0; /* Actually never reached. */ -+ if (!opt.files_are_digests) { - hash_sigversion_to_magic (md, sig); - gcry_md_final (md); -+ } else if (sig->version >= 4) { -+ log_bug("files-are-digests doesn't work with v4 sigs\n"); -+ } - - if (!err) - err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); -@@ -937,6 +945,8 @@ sign_file (ctrl_t ctrl, strlist_t filena - SK_LIST sk_rover = NULL; - int multifile = 0; - u32 duration=0; -+ int sigclass = 0x00; -+ u32 timestamp = 0; - - pfx = new_progress_context (); - afx = new_armor_context (); -@@ -954,7 +964,16 @@ sign_file (ctrl_t ctrl, strlist_t filena - fname = NULL; - - if( fname && filenames->next && (!detached || encryptflag) ) -- log_bug("multiple files can only be detached signed"); -+ log_bug("multiple files can only be detached signed\n"); -+ -+ if (opt.files_are_digests && (multifile || !fname)) -+ log_bug("files-are-digests only works with one file\n"); -+ if (opt.files_are_digests && !detached) -+ log_bug("files-are-digests can only write detached signatures\n"); -+ if (opt.files_are_digests && !opt.def_digest_algo) -+ log_bug("files-are-digests needs --digest-algo\n"); -+ if (opt.files_are_digests && opt.textmode) -+ log_bug("files-are-digests doesn't work with --textmode\n"); - - if(encryptflag==2 - && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -975,7 +994,7 @@ sign_file (ctrl_t ctrl, strlist_t filena - goto leave; - - /* prepare iobufs */ -- if( multifile ) /* have list of filenames */ -+ if( multifile || opt.files_are_digests) /* have list of filenames */ - inp = NULL; /* we do it later */ - else { - inp = iobuf_open(fname); -@@ -1124,7 +1143,7 @@ sign_file (ctrl_t ctrl, strlist_t filena - for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) - gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); - -- if( !multifile ) -+ if( !multifile && !opt.files_are_digests ) - iobuf_push_filter( inp, md_filter, &mfx ); - - if( detached && !encryptflag) -@@ -1179,6 +1198,8 @@ sign_file (ctrl_t ctrl, strlist_t filena - - write_status_begin_signing (mfx.md); - -+ sigclass = opt.textmode && !outfile? 0x01 : 0x00; -+ - /* Setup the inner packet. */ - if( detached ) { - if( multifile ) { -@@ -1219,6 +1240,45 @@ sign_file (ctrl_t ctrl, strlist_t filena - if( opt.verbose ) - log_printf ("\n"); - } -+ else if (opt.files_are_digests) { -+ byte *mdb, ts[5]; -+ size_t mdlen; -+ const char *fp; -+ int c, d; -+ -+ gcry_md_final(mfx.md); -+ /* this assumes gcry_md_read returns the same buffer */ -+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); -+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); -+ if (strlen(fname) != mdlen * 2 + 11) -+ log_bug("digests must be %d + @ + 5 bytes\n", mdlen); -+ d = -1; -+ for (fp = fname ; *fp; ) { -+ c = *fp++; -+ if (c >= '0' && c <= '9') -+ c -= '0'; -+ else if (c >= 'a' && c <= 'f') -+ c -= 'a' - 10; -+ else if (c >= 'A' && c <= 'F') -+ c -= 'A' - 10; -+ else -+ log_bug("filename is not hex\n"); -+ if (d >= 0) { -+ *mdb++ = d << 4 | c; -+ c = -1; -+ if (--mdlen == 0) { -+ mdb = ts; -+ if (*fp++ != '@') -+ log_bug("missing time separator\n"); -+ } -+ } -+ d = c; -+ } -+ sigclass = ts[0]; -+ if (sigclass != 0x00 && sigclass != 0x01) -+ log_bug("bad cipher class\n"); -+ timestamp = buf32_to_u32(ts + 1); -+ } - else { - /* read, so that the filter can calculate the digest */ - while( iobuf_get(inp) != -1 ) -@@ -1237,8 +1297,8 @@ sign_file (ctrl_t ctrl, strlist_t filena - - /* write the signatures */ - rc = write_signature_packets (ctrl, sk_list, out, mfx.md, -- opt.textmode && !outfile? 0x01 : 0x00, -- 0, duration, detached ? 'D':'S', NULL); -+ sigclass, -+ timestamp, duration, detached ? 'D':'S', NULL); - if( rc ) - goto leave; - diff --git a/gpg2.changes b/gpg2.changes index 83c03a1..8cd6050 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger + +- Remove the "files-are-digests" option from the openSUSE package. + This feature was not upstream and only used in the OBS signing + daemon. The recommended upstream feature for separating the data + to be signed from the private keys is gpg agent forwarding, + available from 2.1. Drop gnupg-2.2.8-files-are-digests.patch + ------------------------------------------------------------------- Tue Jan 12 22:45:11 UTC 2021 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 3c8c658..53739ec 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -30,7 +30,6 @@ Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes Patch4: gnupg-2.0.9-langinfo.patch -Patch5: gnupg-2.2.8-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch @@ -65,8 +64,6 @@ Recommends: dirmngr = %{version} Provides: gnupg = %{version} Provides: gpg = 1.4.9 Provides: newpg -# special feature needed for OBS signd -Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 %description @@ -94,7 +91,6 @@ gpgsm, or via the gpg-connect-agent tool. %setup -q -n gnupg-%{version} %patch1124847 -p1 %patch4 -p1 -%patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 From 32fedc8808e5e7ca6ee513b0a82a37a0c522a92fb026787ebdf70aceeeb631ce Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 20 Oct 2021 18:23:18 +0000 Subject: [PATCH 146/156] Accepting request 925429 from Base:System OBS-URL: https://build.opensuse.org/request/show/925429 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=155 --- gnupg-2.2.27.tar.bz2 | 3 - gnupg-2.2.27.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.3.tar.bz2 | 3 + gnupg-2.3.3.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 47 +++--- ...viously-known-keys-even-without-UIDs.patch | 28 ++-- gnupg-dont-fail-with-seahorse-agent.patch | 24 +-- gnupg-set_umask_before_open_outfile.patch | 10 +- gpg2.changes | 148 ++++++++++++++++++ gpg2.spec | 64 ++++---- 10 files changed, 234 insertions(+), 93 deletions(-) delete mode 100644 gnupg-2.2.27.tar.bz2 delete mode 100644 gnupg-2.2.27.tar.bz2.sig create mode 100644 gnupg-2.3.3.tar.bz2 create mode 100644 gnupg-2.3.3.tar.bz2.sig diff --git a/gnupg-2.2.27.tar.bz2 b/gnupg-2.2.27.tar.bz2 deleted file mode 100644 index 451f1a3..0000000 --- a/gnupg-2.2.27.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399 -size 7191555 diff --git a/gnupg-2.2.27.tar.bz2.sig b/gnupg-2.2.27.tar.bz2.sig deleted file mode 100644 index 8c34ebea76e995867b091e6a73811b2cfe37533d722f040a9f260b56c71e5d5c..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@qec2F>rATz(l;(F*0nE z=vnkWx8v}!PSK}3cQF1rEL<6&pD=e5F=yWcLaQ9iVi3jjV}GGG7z literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 258c800..793cd3e 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.20/doc/gpg.texi +Index: gnupg-2.3.0/doc/gpg.texi =================================================================== ---- gnupg-2.2.20.orig/doc/gpg.texi -+++ gnupg-2.2.20/doc/gpg.texi -@@ -2133,6 +2133,24 @@ implies, this option is for experts only +--- gnupg-2.3.0.orig/doc/gpg.texi ++++ gnupg-2.3.0/doc/gpg.texi +@@ -2178,6 +2178,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,36 +32,37 @@ Index: gnupg-2.2.20/doc/gpg.texi @end table -Index: gnupg-2.2.20/g10/gpg.c +Index: gnupg-2.3.0/g10/gpg.c =================================================================== ---- gnupg-2.2.20.orig/g10/gpg.c -+++ gnupg-2.2.20/g10/gpg.c -@@ -429,6 +429,7 @@ enum cmd_and_opt_values - oUseOnlyOpenPGPCard, - oIncludeKeyBlock, +--- gnupg-2.3.0.orig/g10/gpg.c ++++ gnupg-2.3.0/g10/gpg.c +@@ -437,6 +437,7 @@ enum cmd_and_opt_values oNoIncludeKeyBlock, + oChUid, + oForceSignKey, + oSetLegacyFips, oNoop }; -@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), - ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), - ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), +@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), + ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), + ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), - ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3614,6 +3616,13 @@ main (int argc, char **argv) - opt.flags.use_only_openpgp_card = 1; + ARGPARSE_header (NULL, N_("Options for unattended use")), +@@ -3688,6 +3690,14 @@ main (int argc, char **argv) + opt.flags.full_timestrings = 1; break; -+ case oSetLegacyFips: -+ if(gcry_fips_mode_active()) -+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode"); -+ else -+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); -+ break; ++ case oSetLegacyFips: ++ if(gcry_fips_mode_active()) ++ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, ++ "Enable legacy support in FIPS 140-2 mode"); ++ else ++ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); ++ break; + case oNoop: break; diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch index 3c80a48..bf5711b 100644 --- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch @@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.2.19/g10/import.c +Index: gnupg-2.3.0/g10/import.c =================================================================== ---- gnupg-2.2.19.orig/g10/import.c -+++ gnupg-2.2.19/g10/import.c -@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.3.0.orig/g10/import.c ++++ gnupg-2.3.0/g10/import.c +@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,12 +29,12 @@ Index: gnupg-2.2.19/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, +@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } - -- if (!uidnode ) +- if (!uidnode) - { - if (!silent) - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); @@ -44,16 +44,18 @@ Index: gnupg-2.2.19/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, +@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, + xfree(user); } } - -- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) - { - if (!silent) - { -- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet ) +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) - log_info(_("this may be caused by a missing self-signature\n")); - } - stats->no_user_id++; @@ -66,7 +68,7 @@ Index: gnupg-2.2.19/g10/import.c /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, +@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -91,7 +93,7 @@ Index: gnupg-2.2.19/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, +@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index 6302c8b..e4bbb06 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,16 +2,16 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.1.0/g10/passphrase.c +Index: gnupg-2.3.0/g10/passphrase.c =================================================================== ---- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 -+++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 -@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) - { - /* Don't print an error if an older agent is used. */ - if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) -- log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); -+ log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); - /* Default to 65536 which we used up to 2.0.13. */ - return 96; - } +--- gnupg-2.3.0.orig/g10/passphrase.c ++++ gnupg-2.3.0/g10/passphrase.c +@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac + } + else + { +- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); ++ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); + /* Due to limitations in the API of the upper layers they + consider an error as no passphrase entered. This works in + most cases but not during key creation where this should diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index 195e99c..7e78d69 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.1.20/g10/plaintext.c +Index: gnupg-2.3.0/g10/plaintext.c =================================================================== ---- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200 +--- gnupg-2.3.0.orig/g10/plaintext.c ++++ gnupg-2.3.0/g10/plaintext.c @@ -24,6 +24,7 @@ #include #include @@ -39,5 +39,5 @@ Index: gnupg-2.1.20/g10/plaintext.c + } + umask(saved_umask); } - #else /* __riscos__ */ - /* If no output filename was given, i.e. we constructed it, convert + + leave: diff --git a/gpg2.changes b/gpg2.changes index 8cd6050..345edea 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,151 @@ +------------------------------------------------------------------- +Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger + +- GnuPG 2.3.3: + * agent: Fix segv in GET_PASSPHRASE (regression) + * dirmngr: Fix Let's Encrypt certificate chain validation + * gpg: Change default and maximum AEAD chunk size to 4 MiB + * gpg: Print a warning when importing a bad cv25519 secret key + * gpg: Fix --list-packets for undecryptable AEAD packets + * gpg: Verify backsigs for v5 keys correctly + * keyboxd: Fix checksum computation for no UBID entry on disk + * keyboxd: Fix "invalid object" error with cv448 keys + * dirmngr: New option --ignore-cert + * agent: Fix calibrate_get_time use of clock_gettime + * Support a gpgconf.ctl file under Unix and use this for the + regression tests + +------------------------------------------------------------------- +Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal + +- GnuPG 2.3.2: + * gpg: Allow fingerprint based lookup with --locate-external-key. + * gpg: Allow decryption w/o public key but with correct card inserted. + * gpg: Auto import keys specified with --trusted-keys. + * gpg: Do not use import-clean for LDAP keyserver imports. + * gpg: Fix mailbox based search via AKL keyserver method. + * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. + * gpg: Use a more descriptive prompt for symmetric decryption. + * gpg: Improve speed of secret key listing. + * gpg: Support keygrip search with traditional keyring. + * gpg: Let --fetch-key return an exit code on failure. + * gpg: Emit the NO_SECKEY status again for decryption. + * gpgsm: Support decryption of password based encryption (pwri). + * gpgsm: Support AES-GCM decryption. + * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. + * gpgsm: Fix finding of issuer in use-keyboxd mode. + * gpgsm: New option --ldapserver as an alias for --keyserver. + * agent: Use SHA-256 for SSH fingerprint by default. + * agent: Fix calling handle_pincache_put. + * agent: Fix importing protected secret key. + * agent: Fix a regression in agent_get_shadow_info_type. + * agent: Add translatable text for Caps Lock hint. + * agent: New option --pinentry-formatted-passphrase. + * agent: Add checkpin inquiry for pinentry. + * agent: New option --check-sym-passphrase-pattern. + * agent: Use the sysconfdir for a pattern file. + * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. + * dirmngr: LDAP search by a mailbox now ignores revoked keys. + * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. + * dirmngr: Allow for non-URL specified ldap keyservers. + * dirmngr: New option --ldapserver. + * dirmngr: Fix regression in KS_GET for mail address pattern. + * card: New option --shadow for the list command. + * tests: Make sure the built keyboxd is used. + * scd: Fix computing shared secrets for 512 bit curves. + * scd: Fix unblock PIN by a Reset Code with KDF. + * scd: Fix PC/SC removed card problem. + * scd: Recover the partial match for PORTSTR for PC/SC. + * scd: Make sure to release the PC/SC context. + * scd: Fix zero-byte handling in ECC. + * scd: Fix serial number detection for Yubikey 5. + * scd: Add basic support for AET JCOP cards. + * scd: Detect external interference when --pcsc-shared is in use. + * scd: Fix access to the list of cards. + * gpgconf: Do not list a disabled tpm2d. + * gpgconf: Make runtime changes with different homedir work. + * keyboxd: Fix searching for exact mail adddress. + * keyboxd: Fix searching with multiple patterns. + * tools: Extend gpg-check-pattern. + * wkd: Fix client issue with leading or trailing spaces in user-ids. + * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. + * Change the default keyserver to keyserver.ubuntu.com. This is a + temporary change due to the shutdown of the SKS keyserver pools. + +------------------------------------------------------------------- +Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal + +- GnuPG 2.3.1: + * The new configuration file common.conf is now used to enable + the use of the key database daemon with "use-keyboxd". Using + this option in gpg.conf and gpgsm.conf is supported for a + transitional period. See doc/example/common.conf for more. + * gpg: Force version 5 key creation for ed448 and cv448 algorithms. + * gpg: By default do not use the self-sigs-only option when + importing from an LDAP keyserver. + * gpg: Lookup a missing public key of the active card via LDAP. + * gpgsm: New command --show-certs. + * scd: Fix CCID driver for SCM SPR332/SPR532. + * scd: Further improvements for PKCS#15 cards. + * New configure option --with-tss to allow the selection of the + TSS library. +- Rebase patches: + * gnupg-add_legacy_FIPS_mode_option.patch + * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + * gnupg-dont-fail-with-seahorse-agent.patch + * gnupg-set_umask_before_open_outfile.patch + +------------------------------------------------------------------- +Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger + +- GnuPG 2.3.0: + * A new experimental key database daemon is provided. To enable + it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored + in a SQLite database and make key lookup much faster. + * New tool gpg-card as a flexible frontend for all types of + supported smartcards. + * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and + gpg-connect-agent. + * The gpg-wks-client tool is now installed under bin; a wrapper for + its old location at libexec is also installed. + * tpm2d: New daemon to physically bind keys to the local machine. + * gpg: Switch to ed25519/cv25519 as default public key algorithms. + * gpg: Verification results now depend on the --sender option and + the signer's UID subpacket. + * gpg: Do not use any 64-bit block size cipher algorithm for + encryption. Use AES as last resort cipher preference instead of + 3DES. This can be reverted using --allow-old-cipher-algos. + * gpg: Support AEAD encryption mode using OCB or EAX. + * gpg: Support v5 keys and signatures. + * gpg: Support curve X448 (ed448, cv448). + * gpg: Allow use of group names in key listings. + * gpg: New option --full-timestrings to print date and time. + * gpg: New option --force-sign-key. + * gpg: New option --no-auto-trust-new-key. + * gpg: The legacy key discovery method PKA is no longer supported. + The command --print-pka-records and the PKA related import and + export options have been removed. + * gpg: Support export of Ed448 Secure Shell keys. + * gpgsm: Add basic ECC support. + * gpgsm: Support creation of EdDSA certificates. [#4888] + * agent: Allow the use of "Label:" in a key file to customize the + pinentry prompt. + * agent: Support ssh-agent extensions for environment variables. + With a patched version of OpenSSH this avoids the need for the + "updatestartuptty" kludge. + * scd: Improve support for multiple card readers and tokens. + * scd: Support PIV cards. + * scd: Support for Rohde&Schwarz Cybersecurity cards. + * scd: Support Telesec Signature Cards v2.0 + * scd: Support multiple application on certain smartcard. + * scd: New option --application-priority. + * scd: New option --pcsc-shared; see man page for important notes. + * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. + * The symcryptrun tool, a wrapper for the now obsolete external + Chiasmus tool, has been removed. + * Full Unicode support for the command line. +- dropped legacy commands: gpg-zip + ------------------------------------------------------------------- Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 53739ec..f676530 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,34 +17,36 @@ Name: gpg2 -Version: 2.2.27 +Version: 2.3.3 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later Group: Productivity/Networking/Security URL: https://www.gnupg.org -Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 -Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig +Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 +Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes -Patch4: gnupg-2.0.9-langinfo.patch -Patch6: gnupg-dont-fail-with-seahorse-agent.patch -Patch8: gnupg-set_umask_before_open_outfile.patch -Patch9: gnupg-detect_FIPS_mode.patch -Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-2.2.16-secmem.patch -Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch -Patch14: gnupg-add-test-cases-for-import-without-uid.patch -Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -Patch1124847: gnupg-gpg-agent-ulimit.patch +Patch1: gnupg-gpg-agent-ulimit.patch +Patch2: gnupg-2.0.9-langinfo.patch +Patch3: gnupg-dont-fail-with-seahorse-agent.patch +Patch4: gnupg-set_umask_before_open_outfile.patch +Patch5: gnupg-detect_FIPS_mode.patch +Patch6: gnupg-add_legacy_FIPS_mode_option.patch +Patch7: gnupg-2.2.16-secmem.patch +Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch +Patch9: gnupg-add-test-cases-for-import-without-uid.patch +Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch BuildRequires: expect BuildRequires: fdupes +BuildRequires: ibmswtpm2 +BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.8.0 -BuildRequires: libgpg-error-devel >= 1.27 -BuildRequires: libksba-devel >= 1.3.5 +BuildRequires: libgcrypt-devel >= 1.9.1 +BuildRequires: libgpg-error-devel >= 1.41 +BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -53,12 +55,12 @@ BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) -BuildRequires: pkgconfig(sqlite3) >= 3.7 +BuildRequires: pkgconfig(sqlite3) >= 3.27 BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 -Requires: libgcrypt20 >= 1.8.0 -Requires: libksba >= 1.3.5 +Requires: libgcrypt20 >= 1.9.1 +Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} Provides: gnupg = %{version} @@ -88,18 +90,11 @@ gpgsm, or via the gpg-connect-agent tool. %lang_package %prep -%setup -q -n gnupg-%{version} -%patch1124847 -p1 -%patch4 -p1 -%patch6 -p1 -%patch8 -p1 -%patch9 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) +%autosetup -p1 -n gnupg-%{version} + +# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch +# to not have man pages and info files have the build date (boo#1047218) +touch -d 2018-05-04 doc/gpg.texi %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) @@ -112,7 +107,6 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-scdaemon-pgm=%{_bindir}/scdaemon \ --enable-ldap \ --enable-gpgsm=yes \ - --enable-gpg \ --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ @@ -120,8 +114,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ - --enable-gpg-is-gpg2 \ - --enable-Werror + --enable-gpg-is-gpg2 %make_build @@ -145,9 +138,6 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules -# install legacy tools -install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} -# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir} %find_lang gnupg2 %fdupes -s %{buildroot} From fc18aa63e0da96426acd94deeb82074eb7b81c4a918f8bc8c57c517980203b60 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 22 Oct 2021 12:39:51 +0000 Subject: [PATCH 147/156] https://progress.opensuse.org/issues/101358 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=156 --- gnupg-2.2.27.tar.bz2 | 3 + gnupg-2.2.27.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-2.3.3.tar.bz2 | 3 - gnupg-2.3.3.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-add_legacy_FIPS_mode_option.patch | 47 +++--- ...viously-known-keys-even-without-UIDs.patch | 28 ++-- gnupg-dont-fail-with-seahorse-agent.patch | 24 +-- gnupg-set_umask_before_open_outfile.patch | 10 +- gpg2.changes | 148 ------------------ gpg2.spec | 64 ++++---- 10 files changed, 93 insertions(+), 234 deletions(-) create mode 100644 gnupg-2.2.27.tar.bz2 create mode 100644 gnupg-2.2.27.tar.bz2.sig delete mode 100644 gnupg-2.3.3.tar.bz2 delete mode 100644 gnupg-2.3.3.tar.bz2.sig diff --git a/gnupg-2.2.27.tar.bz2 b/gnupg-2.2.27.tar.bz2 new file mode 100644 index 0000000..451f1a3 --- /dev/null +++ b/gnupg-2.2.27.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399 +size 7191555 diff --git a/gnupg-2.2.27.tar.bz2.sig b/gnupg-2.2.27.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..8c34ebea76e995867b091e6a73811b2cfe37533d722f040a9f260b56c71e5d5c GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@qec2F>rATz(l;(F*0nE z=vnkWx8v}!PSK}3cQF1rEL<6&pD=e5F=yWcLaQ9iVi3jjV}GGG7z diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 793cd3e..258c800 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.3.0/doc/gpg.texi +Index: gnupg-2.2.20/doc/gpg.texi =================================================================== ---- gnupg-2.3.0.orig/doc/gpg.texi -+++ gnupg-2.3.0/doc/gpg.texi -@@ -2178,6 +2178,24 @@ implies, this option is for experts only +--- gnupg-2.2.20.orig/doc/gpg.texi ++++ gnupg-2.2.20/doc/gpg.texi +@@ -2133,6 +2133,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,37 +32,36 @@ Index: gnupg-2.3.0/doc/gpg.texi @end table -Index: gnupg-2.3.0/g10/gpg.c +Index: gnupg-2.2.20/g10/gpg.c =================================================================== ---- gnupg-2.3.0.orig/g10/gpg.c -+++ gnupg-2.3.0/g10/gpg.c -@@ -437,6 +437,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.20.orig/g10/gpg.c ++++ gnupg-2.2.20/g10/gpg.c +@@ -429,6 +429,7 @@ enum cmd_and_opt_values + oUseOnlyOpenPGPCard, + oIncludeKeyBlock, oNoIncludeKeyBlock, - oChUid, - oForceSignKey, + oSetLegacyFips, oNoop }; -@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), - ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), - ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), +@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), + ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), + ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), - ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3688,6 +3690,14 @@ main (int argc, char **argv) - opt.flags.full_timestrings = 1; +@@ -3614,6 +3616,13 @@ main (int argc, char **argv) + opt.flags.use_only_openpgp_card = 1; break; -+ case oSetLegacyFips: -+ if(gcry_fips_mode_active()) -+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, -+ "Enable legacy support in FIPS 140-2 mode"); -+ else -+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); -+ break; ++ case oSetLegacyFips: ++ if(gcry_fips_mode_active()) ++ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode"); ++ else ++ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); ++ break; + case oNoop: break; diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch index bf5711b..3c80a48 100644 --- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch @@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.3.0/g10/import.c +Index: gnupg-2.2.19/g10/import.c =================================================================== ---- gnupg-2.3.0.orig/g10/import.c -+++ gnupg-2.3.0/g10/import.c -@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.2.19.orig/g10/import.c ++++ gnupg-2.2.19/g10/import.c +@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,12 +29,12 @@ Index: gnupg-2.3.0/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, +@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } - -- if (!uidnode) +- if (!uidnode ) - { - if (!silent) - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); @@ -44,18 +44,16 @@ Index: gnupg-2.3.0/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, - xfree(user); +@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, } } -- -- /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) - { - if (!silent) - { -- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet) +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) - log_info(_("this may be caused by a missing self-signature\n")); - } - stats->no_user_id++; @@ -68,7 +66,7 @@ Index: gnupg-2.3.0/g10/import.c /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, +@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -93,7 +91,7 @@ Index: gnupg-2.3.0/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, +@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index e4bbb06..6302c8b 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,16 +2,16 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.3.0/g10/passphrase.c +Index: gnupg-2.1.0/g10/passphrase.c =================================================================== ---- gnupg-2.3.0.orig/g10/passphrase.c -+++ gnupg-2.3.0/g10/passphrase.c -@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac - } - else - { -- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); -+ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); - /* Due to limitations in the API of the upper layers they - consider an error as no passphrase entered. This works in - most cases but not during key creation where this should +--- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 ++++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 +@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) + { + /* Don't print an error if an older agent is used. */ + if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) +- log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); ++ log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); + /* Default to 65536 which we used up to 2.0.13. */ + return 96; + } diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index 7e78d69..195e99c 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.3.0/g10/plaintext.c +Index: gnupg-2.1.20/g10/plaintext.c =================================================================== ---- gnupg-2.3.0.orig/g10/plaintext.c -+++ gnupg-2.3.0/g10/plaintext.c +--- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200 @@ -24,6 +24,7 @@ #include #include @@ -39,5 +39,5 @@ Index: gnupg-2.3.0/g10/plaintext.c + } + umask(saved_umask); } - - leave: + #else /* __riscos__ */ + /* If no output filename was given, i.e. we constructed it, convert diff --git a/gpg2.changes b/gpg2.changes index 345edea..8cd6050 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,151 +1,3 @@ -------------------------------------------------------------------- -Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger - -- GnuPG 2.3.3: - * agent: Fix segv in GET_PASSPHRASE (regression) - * dirmngr: Fix Let's Encrypt certificate chain validation - * gpg: Change default and maximum AEAD chunk size to 4 MiB - * gpg: Print a warning when importing a bad cv25519 secret key - * gpg: Fix --list-packets for undecryptable AEAD packets - * gpg: Verify backsigs for v5 keys correctly - * keyboxd: Fix checksum computation for no UBID entry on disk - * keyboxd: Fix "invalid object" error with cv448 keys - * dirmngr: New option --ignore-cert - * agent: Fix calibrate_get_time use of clock_gettime - * Support a gpgconf.ctl file under Unix and use this for the - regression tests - -------------------------------------------------------------------- -Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal - -- GnuPG 2.3.2: - * gpg: Allow fingerprint based lookup with --locate-external-key. - * gpg: Allow decryption w/o public key but with correct card inserted. - * gpg: Auto import keys specified with --trusted-keys. - * gpg: Do not use import-clean for LDAP keyserver imports. - * gpg: Fix mailbox based search via AKL keyserver method. - * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. - * gpg: Use a more descriptive prompt for symmetric decryption. - * gpg: Improve speed of secret key listing. - * gpg: Support keygrip search with traditional keyring. - * gpg: Let --fetch-key return an exit code on failure. - * gpg: Emit the NO_SECKEY status again for decryption. - * gpgsm: Support decryption of password based encryption (pwri). - * gpgsm: Support AES-GCM decryption. - * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. - * gpgsm: Fix finding of issuer in use-keyboxd mode. - * gpgsm: New option --ldapserver as an alias for --keyserver. - * agent: Use SHA-256 for SSH fingerprint by default. - * agent: Fix calling handle_pincache_put. - * agent: Fix importing protected secret key. - * agent: Fix a regression in agent_get_shadow_info_type. - * agent: Add translatable text for Caps Lock hint. - * agent: New option --pinentry-formatted-passphrase. - * agent: Add checkpin inquiry for pinentry. - * agent: New option --check-sym-passphrase-pattern. - * agent: Use the sysconfdir for a pattern file. - * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. - * dirmngr: LDAP search by a mailbox now ignores revoked keys. - * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. - * dirmngr: Allow for non-URL specified ldap keyservers. - * dirmngr: New option --ldapserver. - * dirmngr: Fix regression in KS_GET for mail address pattern. - * card: New option --shadow for the list command. - * tests: Make sure the built keyboxd is used. - * scd: Fix computing shared secrets for 512 bit curves. - * scd: Fix unblock PIN by a Reset Code with KDF. - * scd: Fix PC/SC removed card problem. - * scd: Recover the partial match for PORTSTR for PC/SC. - * scd: Make sure to release the PC/SC context. - * scd: Fix zero-byte handling in ECC. - * scd: Fix serial number detection for Yubikey 5. - * scd: Add basic support for AET JCOP cards. - * scd: Detect external interference when --pcsc-shared is in use. - * scd: Fix access to the list of cards. - * gpgconf: Do not list a disabled tpm2d. - * gpgconf: Make runtime changes with different homedir work. - * keyboxd: Fix searching for exact mail adddress. - * keyboxd: Fix searching with multiple patterns. - * tools: Extend gpg-check-pattern. - * wkd: Fix client issue with leading or trailing spaces in user-ids. - * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. - * Change the default keyserver to keyserver.ubuntu.com. This is a - temporary change due to the shutdown of the SKS keyserver pools. - -------------------------------------------------------------------- -Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal - -- GnuPG 2.3.1: - * The new configuration file common.conf is now used to enable - the use of the key database daemon with "use-keyboxd". Using - this option in gpg.conf and gpgsm.conf is supported for a - transitional period. See doc/example/common.conf for more. - * gpg: Force version 5 key creation for ed448 and cv448 algorithms. - * gpg: By default do not use the self-sigs-only option when - importing from an LDAP keyserver. - * gpg: Lookup a missing public key of the active card via LDAP. - * gpgsm: New command --show-certs. - * scd: Fix CCID driver for SCM SPR332/SPR532. - * scd: Further improvements for PKCS#15 cards. - * New configure option --with-tss to allow the selection of the - TSS library. -- Rebase patches: - * gnupg-add_legacy_FIPS_mode_option.patch - * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch - * gnupg-dont-fail-with-seahorse-agent.patch - * gnupg-set_umask_before_open_outfile.patch - -------------------------------------------------------------------- -Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger - -- GnuPG 2.3.0: - * A new experimental key database daemon is provided. To enable - it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored - in a SQLite database and make key lookup much faster. - * New tool gpg-card as a flexible frontend for all types of - supported smartcards. - * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and - gpg-connect-agent. - * The gpg-wks-client tool is now installed under bin; a wrapper for - its old location at libexec is also installed. - * tpm2d: New daemon to physically bind keys to the local machine. - * gpg: Switch to ed25519/cv25519 as default public key algorithms. - * gpg: Verification results now depend on the --sender option and - the signer's UID subpacket. - * gpg: Do not use any 64-bit block size cipher algorithm for - encryption. Use AES as last resort cipher preference instead of - 3DES. This can be reverted using --allow-old-cipher-algos. - * gpg: Support AEAD encryption mode using OCB or EAX. - * gpg: Support v5 keys and signatures. - * gpg: Support curve X448 (ed448, cv448). - * gpg: Allow use of group names in key listings. - * gpg: New option --full-timestrings to print date and time. - * gpg: New option --force-sign-key. - * gpg: New option --no-auto-trust-new-key. - * gpg: The legacy key discovery method PKA is no longer supported. - The command --print-pka-records and the PKA related import and - export options have been removed. - * gpg: Support export of Ed448 Secure Shell keys. - * gpgsm: Add basic ECC support. - * gpgsm: Support creation of EdDSA certificates. [#4888] - * agent: Allow the use of "Label:" in a key file to customize the - pinentry prompt. - * agent: Support ssh-agent extensions for environment variables. - With a patched version of OpenSSH this avoids the need for the - "updatestartuptty" kludge. - * scd: Improve support for multiple card readers and tokens. - * scd: Support PIV cards. - * scd: Support for Rohde&Schwarz Cybersecurity cards. - * scd: Support Telesec Signature Cards v2.0 - * scd: Support multiple application on certain smartcard. - * scd: New option --application-priority. - * scd: New option --pcsc-shared; see man page for important notes. - * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. - * The symcryptrun tool, a wrapper for the now obsolete external - Chiasmus tool, has been removed. - * Full Unicode support for the command line. -- dropped legacy commands: gpg-zip - ------------------------------------------------------------------- Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index f676530..53739ec 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,36 +17,34 @@ Name: gpg2 -Version: 2.3.3 +Version: 2.2.27 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later Group: Productivity/Networking/Security URL: https://www.gnupg.org -Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 -Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig +Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 +Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes -Patch1: gnupg-gpg-agent-ulimit.patch -Patch2: gnupg-2.0.9-langinfo.patch -Patch3: gnupg-dont-fail-with-seahorse-agent.patch -Patch4: gnupg-set_umask_before_open_outfile.patch -Patch5: gnupg-detect_FIPS_mode.patch -Patch6: gnupg-add_legacy_FIPS_mode_option.patch -Patch7: gnupg-2.2.16-secmem.patch -Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch -Patch9: gnupg-add-test-cases-for-import-without-uid.patch -Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +Patch4: gnupg-2.0.9-langinfo.patch +Patch6: gnupg-dont-fail-with-seahorse-agent.patch +Patch8: gnupg-set_umask_before_open_outfile.patch +Patch9: gnupg-detect_FIPS_mode.patch +Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-2.2.16-secmem.patch +Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch +Patch14: gnupg-add-test-cases-for-import-without-uid.patch +Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +Patch1124847: gnupg-gpg-agent-ulimit.patch BuildRequires: expect BuildRequires: fdupes -BuildRequires: ibmswtpm2 -BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.41 -BuildRequires: libksba-devel >= 1.3.4 +BuildRequires: libgcrypt-devel >= 1.8.0 +BuildRequires: libgpg-error-devel >= 1.27 +BuildRequires: libksba-devel >= 1.3.5 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -55,12 +53,12 @@ BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) -BuildRequires: pkgconfig(sqlite3) >= 3.27 +BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 -Requires: libgcrypt20 >= 1.9.1 -Requires: libksba >= 1.3.4 +Requires: libgcrypt20 >= 1.8.0 +Requires: libksba >= 1.3.5 Requires: pinentry Recommends: dirmngr = %{version} Provides: gnupg = %{version} @@ -90,11 +88,18 @@ gpgsm, or via the gpg-connect-agent tool. %lang_package %prep -%autosetup -p1 -n gnupg-%{version} - -# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch -# to not have man pages and info files have the build date (boo#1047218) -touch -d 2018-05-04 doc/gpg.texi +%setup -q -n gnupg-%{version} +%patch1124847 -p1 +%patch4 -p1 +%patch6 -p1 +%patch8 -p1 +%patch9 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) @@ -107,6 +112,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-scdaemon-pgm=%{_bindir}/scdaemon \ --enable-ldap \ --enable-gpgsm=yes \ + --enable-gpg \ --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ @@ -114,7 +120,8 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ - --enable-gpg-is-gpg2 + --enable-gpg-is-gpg2 \ + --enable-Werror %make_build @@ -138,6 +145,9 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules +# install legacy tools +install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} +# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir} %find_lang gnupg2 %fdupes -s %{buildroot} From 4b5604403c0e98a94f33aafca6eb4668f3e28748dd340c82426e53183d2ae89d Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 26 Nov 2021 23:50:50 +0000 Subject: [PATCH 148/156] Accepting request 933499 from Base:System Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/933499 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=157 --- gnupg-2.2.27.tar.bz2 | 3 - gnupg-2.2.27.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.3.tar.bz2 | 3 + gnupg-2.3.3.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 47 +++--- ...viously-known-keys-even-without-UIDs.patch | 28 ++-- gnupg-dont-fail-with-seahorse-agent.patch | 24 +-- gnupg-set_umask_before_open_outfile.patch | 10 +- gpg2.changes | 148 ++++++++++++++++++ gpg2.spec | 64 ++++---- 10 files changed, 234 insertions(+), 93 deletions(-) delete mode 100644 gnupg-2.2.27.tar.bz2 delete mode 100644 gnupg-2.2.27.tar.bz2.sig create mode 100644 gnupg-2.3.3.tar.bz2 create mode 100644 gnupg-2.3.3.tar.bz2.sig diff --git a/gnupg-2.2.27.tar.bz2 b/gnupg-2.2.27.tar.bz2 deleted file mode 100644 index 451f1a3..0000000 --- a/gnupg-2.2.27.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399 -size 7191555 diff --git a/gnupg-2.2.27.tar.bz2.sig b/gnupg-2.2.27.tar.bz2.sig deleted file mode 100644 index 8c34ebea76e995867b091e6a73811b2cfe37533d722f040a9f260b56c71e5d5c..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@qec2F>rATz(l;(F*0nE z=vnkWx8v}!PSK}3cQF1rEL<6&pD=e5F=yWcLaQ9iVi3jjV}GGG7z literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 258c800..793cd3e 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.20/doc/gpg.texi +Index: gnupg-2.3.0/doc/gpg.texi =================================================================== ---- gnupg-2.2.20.orig/doc/gpg.texi -+++ gnupg-2.2.20/doc/gpg.texi -@@ -2133,6 +2133,24 @@ implies, this option is for experts only +--- gnupg-2.3.0.orig/doc/gpg.texi ++++ gnupg-2.3.0/doc/gpg.texi +@@ -2178,6 +2178,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,36 +32,37 @@ Index: gnupg-2.2.20/doc/gpg.texi @end table -Index: gnupg-2.2.20/g10/gpg.c +Index: gnupg-2.3.0/g10/gpg.c =================================================================== ---- gnupg-2.2.20.orig/g10/gpg.c -+++ gnupg-2.2.20/g10/gpg.c -@@ -429,6 +429,7 @@ enum cmd_and_opt_values - oUseOnlyOpenPGPCard, - oIncludeKeyBlock, +--- gnupg-2.3.0.orig/g10/gpg.c ++++ gnupg-2.3.0/g10/gpg.c +@@ -437,6 +437,7 @@ enum cmd_and_opt_values oNoIncludeKeyBlock, + oChUid, + oForceSignKey, + oSetLegacyFips, oNoop }; -@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), - ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), - ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), +@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), + ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), + ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), - ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3614,6 +3616,13 @@ main (int argc, char **argv) - opt.flags.use_only_openpgp_card = 1; + ARGPARSE_header (NULL, N_("Options for unattended use")), +@@ -3688,6 +3690,14 @@ main (int argc, char **argv) + opt.flags.full_timestrings = 1; break; -+ case oSetLegacyFips: -+ if(gcry_fips_mode_active()) -+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode"); -+ else -+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); -+ break; ++ case oSetLegacyFips: ++ if(gcry_fips_mode_active()) ++ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, ++ "Enable legacy support in FIPS 140-2 mode"); ++ else ++ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); ++ break; + case oNoop: break; diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch index 3c80a48..bf5711b 100644 --- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch @@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.2.19/g10/import.c +Index: gnupg-2.3.0/g10/import.c =================================================================== ---- gnupg-2.2.19.orig/g10/import.c -+++ gnupg-2.2.19/g10/import.c -@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.3.0.orig/g10/import.c ++++ gnupg-2.3.0/g10/import.c +@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,12 +29,12 @@ Index: gnupg-2.2.19/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, +@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } - -- if (!uidnode ) +- if (!uidnode) - { - if (!silent) - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); @@ -44,16 +44,18 @@ Index: gnupg-2.2.19/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, +@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, + xfree(user); } } - -- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) - { - if (!silent) - { -- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet ) +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) - log_info(_("this may be caused by a missing self-signature\n")); - } - stats->no_user_id++; @@ -66,7 +68,7 @@ Index: gnupg-2.2.19/g10/import.c /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, +@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -91,7 +93,7 @@ Index: gnupg-2.2.19/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, +@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index 6302c8b..e4bbb06 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,16 +2,16 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.1.0/g10/passphrase.c +Index: gnupg-2.3.0/g10/passphrase.c =================================================================== ---- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 -+++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 -@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) - { - /* Don't print an error if an older agent is used. */ - if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) -- log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); -+ log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); - /* Default to 65536 which we used up to 2.0.13. */ - return 96; - } +--- gnupg-2.3.0.orig/g10/passphrase.c ++++ gnupg-2.3.0/g10/passphrase.c +@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac + } + else + { +- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); ++ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); + /* Due to limitations in the API of the upper layers they + consider an error as no passphrase entered. This works in + most cases but not during key creation where this should diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index 195e99c..7e78d69 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.1.20/g10/plaintext.c +Index: gnupg-2.3.0/g10/plaintext.c =================================================================== ---- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200 +--- gnupg-2.3.0.orig/g10/plaintext.c ++++ gnupg-2.3.0/g10/plaintext.c @@ -24,6 +24,7 @@ #include #include @@ -39,5 +39,5 @@ Index: gnupg-2.1.20/g10/plaintext.c + } + umask(saved_umask); } - #else /* __riscos__ */ - /* If no output filename was given, i.e. we constructed it, convert + + leave: diff --git a/gpg2.changes b/gpg2.changes index 8cd6050..345edea 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,151 @@ +------------------------------------------------------------------- +Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger + +- GnuPG 2.3.3: + * agent: Fix segv in GET_PASSPHRASE (regression) + * dirmngr: Fix Let's Encrypt certificate chain validation + * gpg: Change default and maximum AEAD chunk size to 4 MiB + * gpg: Print a warning when importing a bad cv25519 secret key + * gpg: Fix --list-packets for undecryptable AEAD packets + * gpg: Verify backsigs for v5 keys correctly + * keyboxd: Fix checksum computation for no UBID entry on disk + * keyboxd: Fix "invalid object" error with cv448 keys + * dirmngr: New option --ignore-cert + * agent: Fix calibrate_get_time use of clock_gettime + * Support a gpgconf.ctl file under Unix and use this for the + regression tests + +------------------------------------------------------------------- +Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal + +- GnuPG 2.3.2: + * gpg: Allow fingerprint based lookup with --locate-external-key. + * gpg: Allow decryption w/o public key but with correct card inserted. + * gpg: Auto import keys specified with --trusted-keys. + * gpg: Do not use import-clean for LDAP keyserver imports. + * gpg: Fix mailbox based search via AKL keyserver method. + * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. + * gpg: Use a more descriptive prompt for symmetric decryption. + * gpg: Improve speed of secret key listing. + * gpg: Support keygrip search with traditional keyring. + * gpg: Let --fetch-key return an exit code on failure. + * gpg: Emit the NO_SECKEY status again for decryption. + * gpgsm: Support decryption of password based encryption (pwri). + * gpgsm: Support AES-GCM decryption. + * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. + * gpgsm: Fix finding of issuer in use-keyboxd mode. + * gpgsm: New option --ldapserver as an alias for --keyserver. + * agent: Use SHA-256 for SSH fingerprint by default. + * agent: Fix calling handle_pincache_put. + * agent: Fix importing protected secret key. + * agent: Fix a regression in agent_get_shadow_info_type. + * agent: Add translatable text for Caps Lock hint. + * agent: New option --pinentry-formatted-passphrase. + * agent: Add checkpin inquiry for pinentry. + * agent: New option --check-sym-passphrase-pattern. + * agent: Use the sysconfdir for a pattern file. + * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. + * dirmngr: LDAP search by a mailbox now ignores revoked keys. + * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. + * dirmngr: Allow for non-URL specified ldap keyservers. + * dirmngr: New option --ldapserver. + * dirmngr: Fix regression in KS_GET for mail address pattern. + * card: New option --shadow for the list command. + * tests: Make sure the built keyboxd is used. + * scd: Fix computing shared secrets for 512 bit curves. + * scd: Fix unblock PIN by a Reset Code with KDF. + * scd: Fix PC/SC removed card problem. + * scd: Recover the partial match for PORTSTR for PC/SC. + * scd: Make sure to release the PC/SC context. + * scd: Fix zero-byte handling in ECC. + * scd: Fix serial number detection for Yubikey 5. + * scd: Add basic support for AET JCOP cards. + * scd: Detect external interference when --pcsc-shared is in use. + * scd: Fix access to the list of cards. + * gpgconf: Do not list a disabled tpm2d. + * gpgconf: Make runtime changes with different homedir work. + * keyboxd: Fix searching for exact mail adddress. + * keyboxd: Fix searching with multiple patterns. + * tools: Extend gpg-check-pattern. + * wkd: Fix client issue with leading or trailing spaces in user-ids. + * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. + * Change the default keyserver to keyserver.ubuntu.com. This is a + temporary change due to the shutdown of the SKS keyserver pools. + +------------------------------------------------------------------- +Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal + +- GnuPG 2.3.1: + * The new configuration file common.conf is now used to enable + the use of the key database daemon with "use-keyboxd". Using + this option in gpg.conf and gpgsm.conf is supported for a + transitional period. See doc/example/common.conf for more. + * gpg: Force version 5 key creation for ed448 and cv448 algorithms. + * gpg: By default do not use the self-sigs-only option when + importing from an LDAP keyserver. + * gpg: Lookup a missing public key of the active card via LDAP. + * gpgsm: New command --show-certs. + * scd: Fix CCID driver for SCM SPR332/SPR532. + * scd: Further improvements for PKCS#15 cards. + * New configure option --with-tss to allow the selection of the + TSS library. +- Rebase patches: + * gnupg-add_legacy_FIPS_mode_option.patch + * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + * gnupg-dont-fail-with-seahorse-agent.patch + * gnupg-set_umask_before_open_outfile.patch + +------------------------------------------------------------------- +Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger + +- GnuPG 2.3.0: + * A new experimental key database daemon is provided. To enable + it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored + in a SQLite database and make key lookup much faster. + * New tool gpg-card as a flexible frontend for all types of + supported smartcards. + * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and + gpg-connect-agent. + * The gpg-wks-client tool is now installed under bin; a wrapper for + its old location at libexec is also installed. + * tpm2d: New daemon to physically bind keys to the local machine. + * gpg: Switch to ed25519/cv25519 as default public key algorithms. + * gpg: Verification results now depend on the --sender option and + the signer's UID subpacket. + * gpg: Do not use any 64-bit block size cipher algorithm for + encryption. Use AES as last resort cipher preference instead of + 3DES. This can be reverted using --allow-old-cipher-algos. + * gpg: Support AEAD encryption mode using OCB or EAX. + * gpg: Support v5 keys and signatures. + * gpg: Support curve X448 (ed448, cv448). + * gpg: Allow use of group names in key listings. + * gpg: New option --full-timestrings to print date and time. + * gpg: New option --force-sign-key. + * gpg: New option --no-auto-trust-new-key. + * gpg: The legacy key discovery method PKA is no longer supported. + The command --print-pka-records and the PKA related import and + export options have been removed. + * gpg: Support export of Ed448 Secure Shell keys. + * gpgsm: Add basic ECC support. + * gpgsm: Support creation of EdDSA certificates. [#4888] + * agent: Allow the use of "Label:" in a key file to customize the + pinentry prompt. + * agent: Support ssh-agent extensions for environment variables. + With a patched version of OpenSSH this avoids the need for the + "updatestartuptty" kludge. + * scd: Improve support for multiple card readers and tokens. + * scd: Support PIV cards. + * scd: Support for Rohde&Schwarz Cybersecurity cards. + * scd: Support Telesec Signature Cards v2.0 + * scd: Support multiple application on certain smartcard. + * scd: New option --application-priority. + * scd: New option --pcsc-shared; see man page for important notes. + * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. + * The symcryptrun tool, a wrapper for the now obsolete external + Chiasmus tool, has been removed. + * Full Unicode support for the command line. +- dropped legacy commands: gpg-zip + ------------------------------------------------------------------- Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 53739ec..f676530 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,34 +17,36 @@ Name: gpg2 -Version: 2.2.27 +Version: 2.3.3 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later Group: Productivity/Networking/Security URL: https://www.gnupg.org -Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 -Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig +Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 +Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes -Patch4: gnupg-2.0.9-langinfo.patch -Patch6: gnupg-dont-fail-with-seahorse-agent.patch -Patch8: gnupg-set_umask_before_open_outfile.patch -Patch9: gnupg-detect_FIPS_mode.patch -Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-2.2.16-secmem.patch -Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch -Patch14: gnupg-add-test-cases-for-import-without-uid.patch -Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -Patch1124847: gnupg-gpg-agent-ulimit.patch +Patch1: gnupg-gpg-agent-ulimit.patch +Patch2: gnupg-2.0.9-langinfo.patch +Patch3: gnupg-dont-fail-with-seahorse-agent.patch +Patch4: gnupg-set_umask_before_open_outfile.patch +Patch5: gnupg-detect_FIPS_mode.patch +Patch6: gnupg-add_legacy_FIPS_mode_option.patch +Patch7: gnupg-2.2.16-secmem.patch +Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch +Patch9: gnupg-add-test-cases-for-import-without-uid.patch +Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch BuildRequires: expect BuildRequires: fdupes +BuildRequires: ibmswtpm2 +BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.8.0 -BuildRequires: libgpg-error-devel >= 1.27 -BuildRequires: libksba-devel >= 1.3.5 +BuildRequires: libgcrypt-devel >= 1.9.1 +BuildRequires: libgpg-error-devel >= 1.41 +BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -53,12 +55,12 @@ BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) -BuildRequires: pkgconfig(sqlite3) >= 3.7 +BuildRequires: pkgconfig(sqlite3) >= 3.27 BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 -Requires: libgcrypt20 >= 1.8.0 -Requires: libksba >= 1.3.5 +Requires: libgcrypt20 >= 1.9.1 +Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} Provides: gnupg = %{version} @@ -88,18 +90,11 @@ gpgsm, or via the gpg-connect-agent tool. %lang_package %prep -%setup -q -n gnupg-%{version} -%patch1124847 -p1 -%patch4 -p1 -%patch6 -p1 -%patch8 -p1 -%patch9 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) +%autosetup -p1 -n gnupg-%{version} + +# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch +# to not have man pages and info files have the build date (boo#1047218) +touch -d 2018-05-04 doc/gpg.texi %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) @@ -112,7 +107,6 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-scdaemon-pgm=%{_bindir}/scdaemon \ --enable-ldap \ --enable-gpgsm=yes \ - --enable-gpg \ --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ @@ -120,8 +114,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ - --enable-gpg-is-gpg2 \ - --enable-Werror + --enable-gpg-is-gpg2 %make_build @@ -145,9 +138,6 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules -# install legacy tools -install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} -# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir} %find_lang gnupg2 %fdupes -s %{buildroot} From 6eee475d180905015e5652138954d77783312d7186289ffe8a7f86ea1142a62d Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 23 Dec 2021 16:53:35 +0000 Subject: [PATCH 149/156] Accepting request 942136 from Base:System OBS-URL: https://build.opensuse.org/request/show/942136 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=158 --- gnupg-2.3.3.tar.bz2 | 3 --- gnupg-2.3.3.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.4.tar.bz2 | 3 +++ gnupg-2.3.4.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 26 ++++++++++++------------ gpg2.changes | 25 +++++++++++++++++++++++ gpg2.spec | 2 +- 7 files changed, 42 insertions(+), 17 deletions(-) delete mode 100644 gnupg-2.3.3.tar.bz2 delete mode 100644 gnupg-2.3.3.tar.bz2.sig create mode 100644 gnupg-2.3.4.tar.bz2 create mode 100644 gnupg-2.3.4.tar.bz2.sig diff --git a/gnupg-2.3.3.tar.bz2 b/gnupg-2.3.3.tar.bz2 deleted file mode 100644 index a2b1bd5..0000000 --- a/gnupg-2.3.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5789b86da6a1a6752efb38598f16a77af51170a8494039c3842b085032e8e937 -size 7590874 diff --git a/gnupg-2.3.3.tar.bz2.sig b/gnupg-2.3.3.tar.bz2.sig deleted file mode 100644 index 1de2b68b556bfdf9ece14e3d99f21a42edae3b7e1cdc886ff2b0ecfc331174ce..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0iK*-27`QkEU?M^34F7%J zy6npD=e5F=yWcLaQ9iVi3jjV}GGG7z diff --git a/gnupg-2.3.4.tar.bz2 b/gnupg-2.3.4.tar.bz2 new file mode 100644 index 0000000..057a786 --- /dev/null +++ b/gnupg-2.3.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f3468ecafb1d7f9ad7b51fd1db7aebf17ceb89d2efa8a05cf2f39b4d405402ae +size 7589561 diff --git a/gnupg-2.3.4.tar.bz2.sig b/gnupg-2.3.4.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..cd741d94f567be6b9a63844fe98234fefe3686d4597e295732e8a2515e3368a8 GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0i3fh`GH`JUz(gdB85tJG ze0{QZ9lzc64fO_r76NN8xjLLarhCqRQpb-Cn~e3_7#SFr-{Xwf@9gMvKzD^y#`@w5 UJF9Obc)rywe$gFTXDGl80Mwl>d;kCd literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 793cd3e..8e11670 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.3.0/doc/gpg.texi +Index: gnupg-2.3.4/doc/gpg.texi =================================================================== ---- gnupg-2.3.0.orig/doc/gpg.texi -+++ gnupg-2.3.0/doc/gpg.texi -@@ -2178,6 +2178,24 @@ implies, this option is for experts only +--- gnupg-2.3.4.orig/doc/gpg.texi ++++ gnupg-2.3.4/doc/gpg.texi +@@ -2196,6 +2196,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,28 +32,28 @@ Index: gnupg-2.3.0/doc/gpg.texi @end table -Index: gnupg-2.3.0/g10/gpg.c +Index: gnupg-2.3.4/g10/gpg.c =================================================================== ---- gnupg-2.3.0.orig/g10/gpg.c -+++ gnupg-2.3.0/g10/gpg.c -@@ -437,6 +437,7 @@ enum cmd_and_opt_values - oNoIncludeKeyBlock, +--- gnupg-2.3.4.orig/g10/gpg.c ++++ gnupg-2.3.4/g10/gpg.c +@@ -442,6 +442,7 @@ enum cmd_and_opt_values oChUid, oForceSignKey, + oForbidGenKey, + oSetLegacyFips, oNoop }; -@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), +@@ -877,6 +878,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), + ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3688,6 +3690,14 @@ main (int argc, char **argv) - opt.flags.full_timestrings = 1; +@@ -3725,6 +3727,14 @@ main (int argc, char **argv) + mopt.forbid_gen_key = 1; break; + case oSetLegacyFips: diff --git a/gpg2.changes b/gpg2.changes index 345edea..7baad2f 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Wed Dec 22 16:08:08 UTC 2021 - Andreas Stieger + +- GnuPG 2.3.4: + * gpg: New option --min-rsa-length + * gpg: New option --forbid-gen-key + * gpg: New option --override-compliance-check + * gpgconf: New command --show-configs + * agent,dirmngr,keyboxd: New option --steal-socket + * gpg: Fix printing of binary notations + * gpg: Remove stale ultimately trusted keys from the trustdb + * gpg: Fix indentation of --print-mds and --print-md sha512 + * gpg: Emit gpg 2.2 compatible Ed25519 signature + * gpgsm: Detect circular chains in --list-chain + * dirmngr: Make reading resolv.conf more robust + * dirmngr: Ask keyservers to provide the key fingerprints + * gpgconf: Allow changing gpg's deprecated keyserver option + * gpg-wks-server: Fix created file permissions + * scd: Support longer data for ssh-agent authentication with + openpgp cards + * scd: Modify DEVINFO behavior to support looping forever + * Silence warning about the rootdir under Unices w/o a mounted + /proc file system + * Fix possible build problems about missing include files + ------------------------------------------------------------------- Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index f676530..ca8311c 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.3 +Version: 2.3.4 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From 2e7366ea03ac55f82b3cc2bed74aa7a958989524e8c0dd06290b57cf008bf10f Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 8 May 2022 19:52:27 +0000 Subject: [PATCH 150/156] Accepting request 975336 from Base:System OBS-URL: https://build.opensuse.org/request/show/975336 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=159 --- gnupg-2.3.4.tar.bz2 | 3 - gnupg-2.3.4.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.6.tar.bz2 | 3 + gnupg-2.3.6.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 24 ++-- gpg2.changes | 11 ++ gpg2.keyring | 145 ++++++++++++++---------- gpg2.spec | 6 +- 8 files changed, 112 insertions(+), 80 deletions(-) delete mode 100644 gnupg-2.3.4.tar.bz2 delete mode 100644 gnupg-2.3.4.tar.bz2.sig create mode 100644 gnupg-2.3.6.tar.bz2 create mode 100644 gnupg-2.3.6.tar.bz2.sig diff --git a/gnupg-2.3.4.tar.bz2 b/gnupg-2.3.4.tar.bz2 deleted file mode 100644 index 057a786..0000000 --- a/gnupg-2.3.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f3468ecafb1d7f9ad7b51fd1db7aebf17ceb89d2efa8a05cf2f39b4d405402ae -size 7589561 diff --git a/gnupg-2.3.4.tar.bz2.sig b/gnupg-2.3.4.tar.bz2.sig deleted file mode 100644 index cd741d94f567be6b9a63844fe98234fefe3686d4597e295732e8a2515e3368a8..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0i3fh`GH`JUz(gdB85tJG ze0{QZ9lzc64fO_r76NN8xjLLarhCqRQpb-Cn~e3_7#SFr-{Xwf@9gMvKzD^y#`@w5 UJF9Obc)rywe$gFTXDGl80Mwl>d;kCd diff --git a/gnupg-2.3.6.tar.bz2 b/gnupg-2.3.6.tar.bz2 new file mode 100644 index 0000000..85d4e03 --- /dev/null +++ b/gnupg-2.3.6.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:21f7fe2fc5c2f214184ab050977ec7a8e304e58bfae2ab098fec69f8fabda9c1 +size 7604761 diff --git a/gnupg-2.3.6.tar.bz2.sig b/gnupg-2.3.6.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..3614025a4838df557d61505d3465588751365b1845106eb5a332b2d897c2295a GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0Nong97`QkEU?R)cG5mL$ zcf(0%(%cr_6Lu`VJ7dE>>|5$K@2Y+%D`SB9BlYiB8UANVOg5KXrnz^8r+KgA$9IqA UWzIJ9s3oSnSaHtXP~Dyl0Lum~`v3p{ literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 8e11670..5bb103e 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.3.4/doc/gpg.texi +Index: gnupg-2.3.5/doc/gpg.texi =================================================================== ---- gnupg-2.3.4.orig/doc/gpg.texi -+++ gnupg-2.3.4/doc/gpg.texi -@@ -2196,6 +2196,24 @@ implies, this option is for experts only +--- gnupg-2.3.5.orig/doc/gpg.texi ++++ gnupg-2.3.5/doc/gpg.texi +@@ -2197,6 +2197,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.3.4/doc/gpg.texi @end table -Index: gnupg-2.3.4/g10/gpg.c +Index: gnupg-2.3.5/g10/gpg.c =================================================================== ---- gnupg-2.3.4.orig/g10/gpg.c -+++ gnupg-2.3.4/g10/gpg.c -@@ -442,6 +442,7 @@ enum cmd_and_opt_values - oChUid, +--- gnupg-2.3.5.orig/g10/gpg.c ++++ gnupg-2.3.5/g10/gpg.c +@@ -443,6 +443,7 @@ enum cmd_and_opt_values oForceSignKey, oForbidGenKey, + oRequireCompliance, + oSetLegacyFips, oNoop }; -@@ -877,6 +878,7 @@ static gpgrt_opt_t opts[] = { +@@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), @@ -52,8 +52,8 @@ Index: gnupg-2.3.4/g10/gpg.c ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3725,6 +3727,14 @@ main (int argc, char **argv) - mopt.forbid_gen_key = 1; +@@ -3737,6 +3739,14 @@ main (int argc, char **argv) + opt.flags.require_compliance = 1; break; + case oSetLegacyFips: diff --git a/gpg2.changes b/gpg2.changes index 7baad2f..a14e097 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Apr 25 19:09:32 UTC 2022 - Andreas Stieger + +- GnuPG 2.3.6: + * Up to five times faster verification of detached signatures, + doubled detached signing speed, threefold decryption speedup + for large files, nearly double the AES256.OCB encryption speed + * Add support for GeNUA cards + * Added and improved options for crypto options, and all-around + bug fixes + ------------------------------------------------------------------- Wed Dec 22 16:08:08 UTC 2021 - Andreas Stieger diff --git a/gpg2.keyring b/gpg2.keyring index 96f1bf5..dd3bb0b 100644 --- a/gpg2.keyring +++ b/gpg2.keyring @@ -1,65 +1,86 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I -Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg -jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 -KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u -qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB -1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk -aXN0IHNpZymJAVUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE -2GkhI8QGXepeDzq1JJs50k8l47YFAl4MxBkFCRShVzYACgkQJJs50k8l47YImQf9 -HaqHWor+aSmaEwQnaAN0zRa4kPbAWya182aJtsFzLZJf6BbS0aoiMhwtREN/DMvB -jzxARKep/cELaM+mc7oDK4mEwqSX/u6BE8D7FaNA9sut8P+4xjpoLPU+UzILMg29 -t1remjyT9rs6sbu8BqufIxueArkjoi4WCOSRiVTdw+YDd88volPkXlPfS8hg9Rct -wZ8kEEDywa+NrxiLx+kDgDNTNdk3PJdfcnesf8S1a+KLUTNRds5+xGTYz0JSQ9BZ -7Q9r4VQ/NL55muQZi5W7lVxdp3HxQFUNjHzzBfGtkpS4xqZpJvNjW50Wh5Vi5RYZ -LZ3M1EuIHXHmRiY4dmqqcpkBDQRUUDsjAQgA5hBwN9F3OqKf+9mXCXUDK4lb5wMj -dti96xG04gAn7wWo7On6c5ntriZQuRdR5GHcdw73XC6CFehHeo/eSVYiWqBNBAfE -9UzbkES+cY+4wDzqVacqhKxd70XmHQgyK7ppRG/MwkL1UyArCGGAKN6MV/2fzO6I -GQw3jntRue3/2PGGnGaisNAKlvttHWZ91uy4KY5fBM19uQCgZdx4v8/rP0+yQqsW -TwJUKvymx5GIfNaCJvgF+v+aPrwspxBMf9jpHXqDXnh4Lo8C/GsQMD6GClVfQjsv -vzUHKH2eoL4oNfku+Ua5BuAHYi+uAuzqV9TdpF9PCpQMyPfuuZclMPLdMwARAQAB -tDJOSUlCRSBZdXRha2EgKEdudVBHIFJlbGVhc2UgS2V5KSA8Z25paWJlQGZzaWou -b3JnPokBPAQTAQgAJgIbAwULBwgJAwQVCAkKBRYCAwEAAh4BAheABQJYDxRZBQkL -S5A2AAoJECBxsIozvT8GvG8IAMBIlGz9voYcSSXAdQOuvz2gM2kOjvMHzN6VlS9V -P06IjnTz2DnejFZwLmxJw8e8mZjUo0jw22uo1HREQhDrne3S1IazPMeTUCUNzpWF -MxXNc6SAyrw9apWa8gouGUWJv3HOwVs8EFA2E9UdtDJ2uG7MY/+eC5K/aeOAyudZ -EbvS8rgZypTFrBtBcNKUWZhz7FRn63HxEmYLE3p6I19ZDXrc1WTazF2oz18zym6c -uURr6waRbdSemUTshpLnKCBZXzJ82bXBgXNnfdmc3gtS24ZmM3ZfK/rYztEDkiTk -s2R1gwDwf5RtDpaf5LD2ufESdbLuT+8blAlscbgYLBcwDquZAY0EWMu6rgEMAKcz -vM1IhpUwBpxPCNdrlMZh7XeLqKUd7hUvQ1KHOuDONxCDnfXdxGCKKI0Ds5I7Kkyp -Wzvcl7PplRy2fYZWwcGtL+Kj01y4L2lXB/xrrVaVwRr4S0FrcbseUGYRafBpR0C1 -Yo24CL1ef4ivsfbER2SyaZ3lrT9Ccv6xfvTluhU8X+2li1ssak/Frvy02u3EORLD -LxaaLQgANgsjnIjv/JQZ4l3xFIJT98tEoL18btg5lGrS2w4yFU1aa1SNsbp7vcu7 -wsqcJmCzX98LyG8/IBGJ5JXmZ03yzWhZ3uhhy1+Avi4GV4Mi0ADwaGMp6O63Mc3w -SL8A/DoCKJLISOc+D5xNfw6C8sYlaOSzQfqY9l4HW/+QbJmEFL2+bnjSHb8yaVU3 -ae2IIrlNkZ5Jamp12Kq6x9Vei0xGk3gd4sqhmHhECdxoJtkX9L5gt436QxdjiTcW -q3V+NNfq94UJu2Ej2kN0fNT0t9RU2n0P/mS0L+1gw5Ex6BX7BIzGL0bZhYomQwAR -AQABiQHOBB8BCAA4FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLwN0XDIABlKXJ -oDwv5co7CV2OH99yPPRitrECBwAACgkQvO9+KUsJLig2Cgv/T4rXEjHwlbsuTkzp -tgK80Dh92URzBAhPhSJ0kUz2b6y7FgVYgZ95u8elGUS4lOB0GOQSK3y4sCgldTQF -GQpMuvNMX6oNQTv1Z/H9H7Sc6AntozKRA6LQC+7DMxjPh2DEhVLYNqi7gMXtuH8o -Xz5+quarw/xbVmuS4UNqcxakd4A/HW6PayRhuju4+oV2+UmGU0etzGVwKSN/UicC -3Re3mUy8SwJFQ9/3EAfiY0SGzSWH1z7bTRg9Ga2ctYDNzUpyQsgLxD6ZRHcONkOo -GUMEQ96BeSsjT4yW9ED70CcCbhg+pMxR+lnpk4BZ4WML/plBjEb8B1YaRvhYWKd3 -OSVB/JsS6J6Q/y9TTsAJDBLAfw9h7RQKibViuVFSNftAuSdktah5mDwFnL0ZMzVS -3tDVDa5PDqbHEhK55/5EWBg4eNbAukVZmmoLzzERGXuj+LOIRElG3/n3chy1uM73 -B6da3al4gDDNHifPsuozpkVN1EAROZx1K9hGGDZC3yFQTjsJtCRBbmRyZSBIZWlu -ZWNrZSAoUmVsZWFzZSBTaWduaW5nIEtleSmJAdQEEwEIAD4WIQRbgMV1Qpjwy1XY -7Wq8734pSwkuKAUCWMu6rgIbAwUJEswDAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIX -gAAKCRC8734pSwkuKEL9DACEIL5IS9wUty62Bnwd9wK2hmwihXNkTLsOOoi8aCdO -ywPwcIucgAcIO+c/t0lbe4y4sJ1KrKbdyOUQiJAyxobLCSV/MkhIDAmsZB1ZIpF3 -nfmNekRdCVcMpqX8jAwoBS3Q9m2UJz1LeDCLFCvLF0nbyUnqHZP19UOvxmzAyZMA -Ub3W5y1+GMo4yA+3xSFI8ZbjzhawixCCRs69/4p+zCXR4e7LBf6koAHllD/0ZULp -SDjF+t2IkvRrMlM+e+Mxjklinr8v1FRGzmE/kCcdHaP88+iwC2wUKOZtFs4yIBLO -SWdQk9tLPmR8uWgNZmatRJyNvOaxd6EbK3jfckbJGFkmXjH+M9vMqFpoAewZ359F -qjq+Us7AXLAMNUynom7IrtR5Rvsjx6RNtKQYUD6XY5rc7r9js9iGruHDAAW5lyRg -j3wikc0IbV9L1bTsXIp29BsrU9sXUkVEp+xQJZgwqoOduoSjmOK88QdkibDqJiGF -dzIRiXx+Nxv1Pr9L7A4/tq+YMwRfQ+WJFgkrBgEEAdpHDwEBB0DPvkeV6RzXomGF -8jQwp0RXEt2TGFwwI7RkbpYwECY2l7QfV2VybmVyIEtvY2ggKGRpc3Qgc2lnbmlu -ZyAyMDIwKYiaBBMWCgBCFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoFAl9D7DUCGwMF -CRKFxxEFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFKIl7gmQDraea4A -/24v8c50HSC/Basf4WlREkuzhudplo8iT0BGtTQRdGAmAP9gIZ8dBekg9PRlpe7A -l7ErThn6owVH9szWrUt6jkKOBg== -=h7e4 +mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531 +3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB +a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb +LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO +MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD +ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ +hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ +F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV ++wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o +BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL +/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg +dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg +xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ +hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K +ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z +QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn +ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz +iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47 +CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+ +FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ +CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs +IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl +fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ +6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu +ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo +sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x +/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/ +Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE +o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv +5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP +4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7 +b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ +bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk +icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo +GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj +m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/ +IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp +/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB +BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l +ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ +AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe +BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0 +EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh +BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv +V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37 +c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR +OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ +l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q +Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W +HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi +UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8 +7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8 +wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP +C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V +bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO +Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt +VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd +fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu +dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F +AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO +my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX +7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c +3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS +QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF +vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe +vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM +YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ +t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY +eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM +4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+ +7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X +D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm +MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy +MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x +14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa +jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV +WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF +AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR +RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W +IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS +N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw +eiInsGZ/+h5XYrpXTgA= +=4+Sn -----END PGP PUBLIC KEY BLOCK----- diff --git a/gpg2.spec b/gpg2.spec index ca8311c..0ebba32 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.4 +Version: 2.3.6 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -26,7 +26,7 @@ URL: https://www.gnupg.org Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html -Source3: %{name}.keyring +Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes Patch1: gnupg-gpg-agent-ulimit.patch From 66a81fcf6365b6ba504946e191c76b9cf6a6e12e1824f2e0bf1a8eaac6a8b594 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 24 May 2022 18:30:53 +0000 Subject: [PATCH 151/156] Accepting request 978674 from Base:System Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/978674 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=160 --- gpg2.changes | 5 +++++ gpg2.spec | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/gpg2.changes b/gpg2.changes index a14e097..3b8c465 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon May 16 09:12:06 UTC 2022 - Marcus Meissner + +- added tpm support, added a new subpackage gpg2-tpm + ------------------------------------------------------------------- Mon Apr 25 19:09:32 UTC 2022 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 0ebba32..22b46be 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -87,6 +87,15 @@ revocation lists (CRLs) for X.509 certificates, downloading X.509 certificates, and providing access to OCSP providers. Dirmngr is invoked internally by gpg, gpgsm, or via the gpg-connect-agent tool. +%package tpm +Summary: TPM2 support for GnuPG +Group: Productivity/Networking/Security + +%description tpm +Version 2.3 of GnuPG introduced support for converting GPG private +keys to TPM2 wrapped form. This package enables that support. The +keytotpm command will not function unless this package is installed. + %lang_package %prep @@ -105,6 +114,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-pinentry-pgm=%{_bindir}/pinentry \ --with-dirmngr-pgm=%{_bindir}/dirmngr \ --with-scdaemon-pgm=%{_bindir}/scdaemon \ + --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ --enable-ldap \ --enable-gpgsm=yes \ --enable-gpgtar \ @@ -136,6 +146,8 @@ rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot # install scdaemon to %%{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} +# install tpm2daemon +mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules @@ -162,6 +174,7 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.* %doc %{_docdir}/%{name} %exclude %{_bindir}/dirmngr* +%exclude %{_bindir}/tpm2daemon* %{_bindir}/* %{_libdir}/[^d]* %{_sbindir}/addgnupghome @@ -178,4 +191,7 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %{_docdir}/%{name}/examples/systemd-user/dirmngr.* %{_bindir}/dirmngr* +%files tpm +%{_bindir}/tpm2daemon* + %changelog From dcafaab052cb7efe6943ed4b94812d618e0c16ddb78397e91110f930f535f519 Mon Sep 17 00:00:00 2001 From: Fabian Vogt Date: Sun, 31 Jul 2022 21:00:18 +0000 Subject: [PATCH 152/156] Accepting request 989805 from Base:System GnuPG 2.3.7 CVE-2022-34903 boo#1201225 (forwarded request 988764 from AndreasStieger) OBS-URL: https://build.opensuse.org/request/show/989805 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=161 --- gnupg-2.3.6.tar.bz2 | 3 --- gnupg-2.3.6.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.7.tar.bz2 | 3 +++ gnupg-2.3.7.tar.bz2.sig | Bin 0 -> 119 bytes gpg2.changes | 14 ++++++++++++++ gpg2.spec | 2 +- 6 files changed, 18 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.3.6.tar.bz2 delete mode 100644 gnupg-2.3.6.tar.bz2.sig create mode 100644 gnupg-2.3.7.tar.bz2 create mode 100644 gnupg-2.3.7.tar.bz2.sig diff --git a/gnupg-2.3.6.tar.bz2 b/gnupg-2.3.6.tar.bz2 deleted file mode 100644 index 85d4e03..0000000 --- a/gnupg-2.3.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:21f7fe2fc5c2f214184ab050977ec7a8e304e58bfae2ab098fec69f8fabda9c1 -size 7604761 diff --git a/gnupg-2.3.6.tar.bz2.sig b/gnupg-2.3.6.tar.bz2.sig deleted file mode 100644 index 3614025a4838df557d61505d3465588751365b1845106eb5a332b2d897c2295a..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0Nong97`QkEU?R)cG5mL$ zcf(0%(%cr_6Lu`VJ7dE>>|5$K@2Y+%D`SB9BlYiB8UANVOg5KXrnz^8r+KgA$9IqA UWzIJ9s3oSnSaHtXP~Dyl0Lum~`v3p{ diff --git a/gnupg-2.3.7.tar.bz2 b/gnupg-2.3.7.tar.bz2 new file mode 100644 index 0000000..f5ee5ef --- /dev/null +++ b/gnupg-2.3.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669 +size 7599853 diff --git a/gnupg-2.3.7.tar.bz2.sig b/gnupg-2.3.7.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..bdfdc3f72059cccd4f5c9a0133beb1530963c2571e726139e9ff55f05c553e5b GIT binary patch literal 119 zcmeAuWnmEJV2~A4WMTT;`@dNJXUzu7g||ZHWyVd2Uc|x5lyru>nt_W`049>-#qdvO zL7+3Q{`(J>+YGMdISHrR+s@B?aK9^PapD{99~W0eGW_?yT>p52R_TMa9j2v + +- GnuPG 2.3.7: + * CVE-2022-34903: garbled status messages could trick gpgme and + other parsers to accept faked status lines [boo#1201225] + * A number of bug fixes to the gpg command line interface + * gpgsm gained a number of new options and got some rework on + the PKCS#12 parser to support DFN issues keys + * The gpg agent got some added options and UI tweaks + * smart card support got a number of bug fixes, and improved + support for Technology Nexus cards and Yubikey + * The Telesec ESIGN application is now supported + ------------------------------------------------------------------- Mon May 16 09:12:06 UTC 2022 - Marcus Meissner diff --git a/gpg2.spec b/gpg2.spec index 22b46be..24e4ac6 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.6 +Version: 2.3.7 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later From f755af3d44775012a85606485ab69b27f04aa4fc86cd84173ee0432960e005bb Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 10 Aug 2022 15:12:29 +0000 Subject: [PATCH 153/156] Accepting request 993850 from Base:System OBS-URL: https://build.opensuse.org/request/show/993850 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=162 --- ...ix-workaround-for-Yubikey-heuristics.patch | 61 +++++++++++++++++++ gpg2.changes | 6 ++ gpg2.spec | 1 + 3 files changed, 68 insertions(+) create mode 100644 gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch diff --git a/gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch b/gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch new file mode 100644 index 0000000..50b048e --- /dev/null +++ b/gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch @@ -0,0 +1,61 @@ +From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Wed, 13 Jul 2022 10:40:55 +0900 +Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics. +References: https://bugzilla.opensuse.org/show_bug.cgi?id=1202201 + +* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case +of firmware 5.4, too. + +-- + +GnuPG-bug-id: 6070 +Signed-off-by: NIIBE Yutaka +--- + scd/app-openpgp.c | 29 +++++++++++++++++++++-------- + 1 file changed, 21 insertions(+), 8 deletions(-) + +diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c +index 8bb346a86..4667416df 100644 +--- a/scd/app-openpgp.c ++++ b/scd/app-openpgp.c +@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno) + app->app_local->keyattr[keyno].ecc.algo = *buffer; + app->app_local->keyattr[keyno].ecc.flags = 0; + +- if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY +- || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) +- { /* Found "pubkey required"-byte for private key template. */ +- oidlen--; +- if (buffer[buflen-1] == 0xff) +- app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; ++ if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY) ++ { ++ /* Yubikey implementations vary. ++ * Firmware version 5.2 returns "pubkey required"-byte with ++ * 0x00, but after removal and second time insertion, it ++ * returns bogus value there. ++ * Firmware version 5.4 returns none. ++ */ ++ curve = ecc_curve (buffer + 1, oidlen); ++ if (!curve) ++ curve = ecc_curve (buffer + 1, oidlen - 1); ++ } ++ else ++ { ++ if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) ++ { /* Found "pubkey required"-byte for private key template. */ ++ oidlen--; ++ if (buffer[buflen-1] == 0xff) ++ app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; ++ } ++ curve = ecc_curve (buffer + 1, oidlen); + } +- +- curve = ecc_curve (buffer + 1, oidlen); + + if (!curve) + { +-- +2.37.1 + diff --git a/gpg2.changes b/gpg2.changes index 8ba8580..3039bd1 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Aug 8 18:00:44 UTC 2022 - Andreas Stieger + +- Fix YubiKey 5 Nano support (boo#1202201), add + gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch + ------------------------------------------------------------------- Tue Jul 12 22:06:02 UTC 2022 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 24e4ac6..5b9eedc 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -39,6 +39,7 @@ Patch7: gnupg-2.2.16-secmem.patch Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +Patch11: gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: ibmswtpm2 From 2411675e0bd58950a4d52dba3253bbb2dadd33ab3630b69b1421ee95f77fc08c Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 18 Oct 2022 10:44:45 +0000 Subject: [PATCH 154/156] Accepting request 1029595 from Base:System OBS-URL: https://build.opensuse.org/request/show/1029595 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=163 --- ...ix-workaround-for-Yubikey-heuristics.patch | 61 ------------------ gnupg-2.3.7.tar.bz2 | 3 - gnupg-2.3.7.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.8.tar.bz2 | 3 + gnupg-2.3.8.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-detect_FIPS_mode.patch | 30 ++------- gpg2.changes | 38 +++++++++++ gpg2.spec | 3 +- 8 files changed, 49 insertions(+), 89 deletions(-) delete mode 100644 gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch delete mode 100644 gnupg-2.3.7.tar.bz2 delete mode 100644 gnupg-2.3.7.tar.bz2.sig create mode 100644 gnupg-2.3.8.tar.bz2 create mode 100644 gnupg-2.3.8.tar.bz2.sig diff --git a/gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch b/gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch deleted file mode 100644 index 50b048e..0000000 --- a/gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch +++ /dev/null @@ -1,61 +0,0 @@ -From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001 -From: NIIBE Yutaka -Date: Wed, 13 Jul 2022 10:40:55 +0900 -Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics. -References: https://bugzilla.opensuse.org/show_bug.cgi?id=1202201 - -* scd/app-openpgp.c (parse_algorithm_attribute): Handle the case -of firmware 5.4, too. - --- - -GnuPG-bug-id: 6070 -Signed-off-by: NIIBE Yutaka ---- - scd/app-openpgp.c | 29 +++++++++++++++++++++-------- - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c -index 8bb346a86..4667416df 100644 ---- a/scd/app-openpgp.c -+++ b/scd/app-openpgp.c -@@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno) - app->app_local->keyattr[keyno].ecc.algo = *buffer; - app->app_local->keyattr[keyno].ecc.flags = 0; - -- if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY -- || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) -- { /* Found "pubkey required"-byte for private key template. */ -- oidlen--; -- if (buffer[buflen-1] == 0xff) -- app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; -+ if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY) -+ { -+ /* Yubikey implementations vary. -+ * Firmware version 5.2 returns "pubkey required"-byte with -+ * 0x00, but after removal and second time insertion, it -+ * returns bogus value there. -+ * Firmware version 5.4 returns none. -+ */ -+ curve = ecc_curve (buffer + 1, oidlen); -+ if (!curve) -+ curve = ecc_curve (buffer + 1, oidlen - 1); -+ } -+ else -+ { -+ if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) -+ { /* Found "pubkey required"-byte for private key template. */ -+ oidlen--; -+ if (buffer[buflen-1] == 0xff) -+ app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; -+ } -+ curve = ecc_curve (buffer + 1, oidlen); - } -- -- curve = ecc_curve (buffer + 1, oidlen); - - if (!curve) - { --- -2.37.1 - diff --git a/gnupg-2.3.7.tar.bz2 b/gnupg-2.3.7.tar.bz2 deleted file mode 100644 index f5ee5ef..0000000 --- a/gnupg-2.3.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669 -size 7599853 diff --git a/gnupg-2.3.7.tar.bz2.sig b/gnupg-2.3.7.tar.bz2.sig deleted file mode 100644 index bdfdc3f72059cccd4f5c9a0133beb1530963c2571e726139e9ff55f05c553e5b..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEJV2~A4WMTT;`@dNJXUzu7g||ZHWyVd2Uc|x5lyru>nt_W`049>-#qdvO zL7+3Q{`(J>+YGMdISHrR+s@B?aK9^PapD{99~W0eGW_?yT>p52R_TMa9j2vF literal 0 HcmV?d00001 diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch index 81aa96b..025a611 100644 --- a/gnupg-detect_FIPS_mode.patch +++ b/gnupg-detect_FIPS_mode.patch @@ -1,34 +1,18 @@ -Index: gnupg-2.1.1/g10/encrypt.c +Index: gnupg-2.3.8/g10/mainproc.c =================================================================== ---- gnupg-2.1.1.orig/g10/encrypt.c -+++ gnupg-2.1.1/g10/encrypt.c -@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro - /* Because 3DES is implicitly in the prefs, this can - only happen if we do not have any public keys in - the list. */ -- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; -+ /* Libgcrypt manual says that gcry_version_check must be called -+ before calling gcry_fips_mode_active. */ -+ gcry_check_version (NULL); -+ efx->cfx.dek->algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO; - } - - /* In case 3DES has been selected, print a warning if -Index: gnupg-2.1.1/g10/mainproc.c -=================================================================== ---- gnupg-2.1.1.orig/g10/mainproc.c -+++ gnupg-2.1.1/g10/mainproc.c -@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt ) +--- gnupg-2.3.8.orig/g10/mainproc.c ++++ gnupg-2.3.8/g10/mainproc.c +@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt ) according to 2440, so hopefully it won't come up that often. There is no good way to specify what algorithms to use in that case, so these there are the historical answer. */ - gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); + + /* Libgcrypt manual says that gcry_version_check must be called -+ before calling gcry_fips_mode_active. */ ++ * before calling gcry_fips_mode_active. */ + gcry_check_version (NULL); -+ if( !gcry_fips_mode_active() ) -+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); ++ if(!gcry_fips_mode_active()) ++ gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160); gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); } if (DBG_HASHING) diff --git a/gpg2.changes b/gpg2.changes index 3039bd1..da1913e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal + +- GnuPG 2.3.8: + * gpg: Do not consider unknown public keys as non-compliant while + decrypting. + * gpg: Avoid to emit a compliance mode line if Libgcrypt is + non-compliant. + * gpg: Improve --edit-key setpref command to ease c+p. + * gpg: Emit an ERROR status if --quick-set-primary-uid fails and + allow to pass the user ID by hash. + * gpg: Actually show symmetric+pubkey encrypted data as de-vs + compliant. Add extra compliance checks for symkey_enc packets. + * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit + preference. + * gpgsm: Fix reporting of bad passphrase error during PKCS#11 + import. + * agent: Fix a regression in "READKEY --format=ssh". + * agent: New option --need-attr for KEYINFO. + * agent: New attribute "Remote-list" for use by KEYINFO. + * scd: Fix problem with Yubikey 5.4 firmware. + * dirmngr: Fix CRL Distribution Point fallback to other schemes. + * dirmngr: New LDAP server flag "areconly" (A-record-only). + * dirmngr: Fix upload of multiple keys for an LDAP server specified + using the colon format. + * dirmngr: Use LDAP schema v2 when a Base DN is specified. + * dirmngr: Avoid caching expired certificates. + * wkd: Fix path traversal attack in gpg-wks-server. Add the mail + address to the pending request data. + * wkd: New command --mirror for gpg-wks-client. + * gpg-auth: New tool for authentication. + * New common.conf option no-autostart. + * Silence warnings from AllowSetForegroundWindow unless + GNUPG_EXEC_DEBUG_FLAGS is used. + * Rebase gnupg-detect_FIPS_mode.patch + * Remove patch upstream: + - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch + ------------------------------------------------------------------- Mon Aug 8 18:00:44 UTC 2022 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 5b9eedc..87c0390 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.7 +Version: 2.3.8 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -39,7 +39,6 @@ Patch7: gnupg-2.2.16-secmem.patch Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -Patch11: gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: ibmswtpm2 From 7a614d5a5404cc1f8a250ddf6ea4b55b48ac26af6c59482f2e2f0f7f3cbbaa87 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 16 May 2023 12:15:56 +0000 Subject: [PATCH 155/156] Accepting request 1087238 from Base:System OBS-URL: https://build.opensuse.org/request/show/1087238 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=164 --- gnupg-2.3.8.tar.bz2 | 3 - gnupg-2.3.8.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.4.1.tar.bz2 | 3 + gnupg-2.4.1.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 55 +++-- ...viously-known-keys-even-without-UIDs.patch | 23 +- gnupg-allow-large-rsa.patch | 13 ++ gnupg-revert-rfc4880bis.patch | 202 ++++++++++++++++++ gpg2.changes | 164 ++++++++++++++ gpg2.spec | 36 ++-- 10 files changed, 440 insertions(+), 59 deletions(-) delete mode 100644 gnupg-2.3.8.tar.bz2 delete mode 100644 gnupg-2.3.8.tar.bz2.sig create mode 100644 gnupg-2.4.1.tar.bz2 create mode 100644 gnupg-2.4.1.tar.bz2.sig create mode 100644 gnupg-allow-large-rsa.patch create mode 100644 gnupg-revert-rfc4880bis.patch diff --git a/gnupg-2.3.8.tar.bz2 b/gnupg-2.3.8.tar.bz2 deleted file mode 100644 index ab87c26..0000000 --- a/gnupg-2.3.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed -size 7644926 diff --git a/gnupg-2.3.8.tar.bz2.sig b/gnupg-2.3.8.tar.bz2.sig deleted file mode 100644 index cf362c596cfba1af7147ffbb690b7138f5abc05793f0f1820b62731a3dd04f61..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0$sX398MrtFU?TsXGcw$g zHrzS){lqH|j=sC^{zz)=GUgxqE<9fODU`Fi`QR(vH4OjL+3kNhsW=q1xCSl0)sZW8 VL0x~5P~&++&U?QfUNkLa0RYLSGll>F diff --git a/gnupg-2.4.1.tar.bz2 b/gnupg-2.4.1.tar.bz2 new file mode 100644 index 0000000..f61626e --- /dev/null +++ b/gnupg-2.4.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:76b71e5aeb443bfd910ce9cbc8281b617c8341687afb67bae455877972b59de8 +size 7341338 diff --git a/gnupg-2.4.1.tar.bz2.sig b/gnupg-2.4.1.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..c12b732bc36d7aba22f95b7fcedaf6ee6e00cc7431c12f265e0842ee382a7f27 GIT binary patch literal 119 zcmeAuWnmEGVvrS6WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0Dc&3X8MrtFU?S_P8GbR@ zrC3C7op-Y!DmJAfE=?itaou)fzok7Kwl4jRt(zkl88)Oa+8bIN%Gchw^+MW{C0?Ef Td8e@VNa=5zD4}4poRJ# g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.3.0/g10/import.c +Index: gnupg-2.4.0/g10/import.c =================================================================== ---- gnupg-2.3.0.orig/g10/import.c -+++ gnupg-2.3.0/g10/import.c -@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.4.0.orig/g10/import.c ++++ gnupg-2.4.0/g10/import.c +@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,7 +29,7 @@ Index: gnupg-2.3.0/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, +@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -44,13 +44,12 @@ Index: gnupg-2.3.0/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, - xfree(user); +@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, } } -- + - /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) - { - if (!silent) - { @@ -64,11 +63,11 @@ Index: gnupg-2.3.0/g10/import.c + /* Delete invalid parts, and note if we have any valid ones left. + * We will later abort import if this key is new but contains + * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options); ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, +@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -93,7 +92,7 @@ Index: gnupg-2.3.0/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, +@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-allow-large-rsa.patch b/gnupg-allow-large-rsa.patch new file mode 100644 index 0000000..81e726a --- /dev/null +++ b/gnupg-allow-large-rsa.patch @@ -0,0 +1,13 @@ +Index: gnupg-2.4.1/g10/keygen.c +=================================================================== +--- gnupg-2.4.1.orig/g10/keygen.c ++++ gnupg-2.4.1/g10/keygen.c +@@ -2456,7 +2456,7 @@ get_keysize_range (int algo, unsigned in + + default: + *min = opt.compliance == CO_DE_VS ? 2048: 1024; +- *max = 4096; ++ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; + def = 3072; + break; + } diff --git a/gnupg-revert-rfc4880bis.patch b/gnupg-revert-rfc4880bis.patch new file mode 100644 index 0000000..f981206 --- /dev/null +++ b/gnupg-revert-rfc4880bis.patch @@ -0,0 +1,202 @@ +From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 31 Oct 2022 16:14:18 +0100 +Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg + +* g10/gpg.c (oRFC4880bis): Remove. +(opts): Make --rfc4880bis a Noop. +(compliance_options): Make rfc4880bis to gnupg. +(set_compliance_option): Remove rfc4880bis stuff. +(main): Ditto. Note that this now activates the --mimemode option. +* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection. +(keygen_upd_std_prefs): Always announce support for v5 keys. +(read_parameter_file): Activate the v4 and v5 keywords. +-- + +Index: gnupg-2.4.1/g10/gpg.c +=================================================================== +--- gnupg-2.4.1.orig/g10/gpg.c ++++ gnupg-2.4.1/g10/gpg.c +@@ -247,6 +247,7 @@ enum cmd_and_opt_values + oGnuPG, + oRFC2440, + oRFC4880, ++ oRFC4880bis, + oOpenPGP, + oPGP7, + oPGP8, +@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), + ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), + ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), ++ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"), + ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), + ARGPARSE_s_n (oPGP7, "pgp6", "@"), + ARGPARSE_s_n (oPGP7, "pgp7", "@"), +@@ -977,7 +979,6 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), + ARGPARSE_s_s (oNoop, "aead-algo", "@"), + ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), +- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + +@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co + { + { "gnupg", oGnuPG }, + { "openpgp", oOpenPGP }, +- { "rfc4880bis", oGnuPG }, ++ { "rfc4880bis", oRFC4880bis }, + { "rfc4880", oRFC4880 }, + { "rfc2440", oRFC2440 }, + { "pgp6", oPGP7 }, +@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co + static void + set_compliance_option (enum cmd_and_opt_values option) + { ++ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */ ++ + switch (option) + { ++ case oRFC4880bis: ++ opt.flags.rfc4880bis = 1; ++ opt.compliance = CO_RFC4880; ++ opt.flags.dsa2 = 1; ++ opt.flags.require_cross_cert = 1; ++ opt.rfc2440_text = 0; ++ opt.allow_non_selfsigned_uid = 1; ++ opt.allow_freeform_uid = 1; ++ opt.escape_from = 1; ++ opt.not_dash_escaped = 0; ++ opt.def_cipher_algo = 0; ++ opt.def_digest_algo = 0; ++ opt.cert_digest_algo = 0; ++ opt.compress_algo = -1; ++ opt.s2k_mode = 3; /* iterated+salted */ ++ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; ++ opt.s2k_cipher_algo = CIPHER_ALGO_AES256; ++ break; + case oOpenPGP: + case oRFC4880: + /* This is effectively the same as RFC2440, but with +@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_ + case oPGP8: opt.compliance = CO_PGP8; break; + case oGnuPG: + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + break; + + case oDE_VS: +@@ -2490,6 +2512,7 @@ main (int argc, char **argv) + opt.emit_version = 0; + opt.weak_digests = NULL; + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + + /* Check special options given on the command line. */ + orig_argc = argc; +@@ -3032,6 +3055,7 @@ main (int argc, char **argv) + case oOpenPGP: + case oRFC2440: + case oRFC4880: ++ case oRFC4880bis: + case oPGP7: + case oPGP8: + case oGnuPG: +@@ -3867,6 +3891,11 @@ main (int argc, char **argv) + if( may_coredump && !opt.quiet ) + log_info(_("WARNING: program may create a core file!\n")); + ++ if (!opt.flags.rfc4880bis) ++ { ++ opt.mimemode = 0; /* This will use text mode instead. */ ++ } ++ + if (eyes_only) { + if (opt.set_filename) + log_info(_("WARNING: %s overrides %s\n"), +@@ -4083,7 +4112,7 @@ main (int argc, char **argv) + /* Check our chosen algorithms against the list of legal + algorithms. */ + +- if(!GNUPG) ++ if(!GNUPG && !opt.flags.rfc4880bis) + { + const char *badalg=NULL; + preftype_t badtype=PREFTYPE_NONE; +Index: gnupg-2.4.1/g10/keygen.c +=================================================================== +--- gnupg-2.4.1.orig/g10/keygen.c ++++ gnupg-2.4.1/g10/keygen.c +@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string + strcat(dummy_string,"S7 "); + strcat(dummy_string,"S2 "); /* 3DES */ + +- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) ++ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) + strcat(dummy_string,"A2 "); + + if (personal) +@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig + /* Make sure that the MDC feature flag is set if needed. */ + add_feature_mdc (sig,mdc_available); + add_feature_aead (sig, aead_available); +- add_feature_v5 (sig, 1); ++ add_feature_v5 (sig, opt.flags.rfc4880bis); + add_keyserver_modify (sig,ks_modify); + keygen_add_keyserver_url(sig,NULL); + +@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, + } + } + else if (!ascii_strcasecmp (s, "v5")) +- keyversion = 5; ++ { ++ if (opt.flags.rfc4880bis) ++ keyversion = 5; ++ } + else if (!ascii_strcasecmp (s, "v4")) + keyversion = 4; + else +@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, + * ecdsa := Use algorithm ECDSA. + * eddsa := Use algorithm EdDSA. + * ecdh := Use algorithm ECDH. +- * v5 := Create version 5 key ++ * v5 := Create version 5 key (requires option --rfc4880bis) + * + * There are several defaults and fallbacks depending on the + * algorithm. PART can be used to select which part of STRING is +@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const + } + } + +- if ((keywords[i].key == pVERSION +- || keywords[i].key == pSUBVERSION)) +- ; /* Ignore version. */ ++ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION ++ || keywords[i].key == pSUBVERSION)) ++ ; /* Ignore version unless --rfc4880bis is active. */ + else + { + r = xmalloc_clear( sizeof *r + strlen( value ) ); +@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p + para = r; + } + +- r = xmalloc_clear (sizeof *r + 20); +- r->key = for_subkey? pSUBVERSION : pVERSION; +- snprintf (r->u.value, 20, "%d", version); +- r->next = para; +- para = r; ++ if (opt.flags.rfc4880bis) ++ { ++ r = xmalloc_clear (sizeof *r + 20); ++ r->key = for_subkey? pSUBVERSION : pVERSION; ++ snprintf (r->u.value, 20, "%d", version); ++ r->next = para; ++ para = r; ++ } + + if (keytime) + { diff --git a/gpg2.changes b/gpg2.changes index da1913e..5da703c 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,167 @@ +------------------------------------------------------------------- +Sat Apr 29 08:25:46 UTC 2023 - Pedro Monreal + +- Temporarily revert back to the pre-2.4 default for key generation. + The new rfc4880bis has been set as the default in 2.4 version and + might create incompatible keys. Note that, rfc4880bis can still + be used with the option flag --rfc4880bis as in previous versions. + * More info in the gnupg-devel ML: + https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html + * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 + * Add gnupg-revert-rfc4880bis.patch + +------------------------------------------------------------------- +Sat Apr 29 08:12:32 UTC 2023 - Pedro Monreal + +- Allow 8192 bit RSA keys in keygen UI when large_rsa is set + * Add gnupg-allow-large-rsa.patch + +------------------------------------------------------------------- +Sat Apr 29 08:01:16 UTC 2023 - Pedro Monreal + +- Enable the regression tests: Fix the regression test suite that + fails with the IBM TPM Software stack. Builds fine using the Intel + TPM; use the swtpm and tpm2-0-tss-devel packages instead of + ibmswtpm2 and ibmtss-devel. + +------------------------------------------------------------------- +Fri Apr 28 17:32:11 UTC 2023 - David Anes + +- Rebased patches: + * gnupg-add_legacy_FIPS_mode_option.patch + +- Removed patches (already upstream): + * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch + +- Don't ship systemd examples, as they are removed from upstream + release tarball. + +- Update to 2.4.1: + * If the ~/.gnupg directory does not exist, the keyboxd is now + automagically enabled. + * gpg: New option --add-desig-revoker. + * gpg: New option --assert-signer. + * gpg: New command --quick-add-adsk and other ADSK features. + * gpg: New list-option "show-unusable-sigs". Also show + "[self-signature]" instead of the user-id in key signature + listings. + * gpg: For symmetric encryption the default S2K hash is now SHA256. + * gpg: Detect already compressed data also when using a pipe. Also + detect JPEG and PNG file formats. + * gpg: New subcommand "openpgp" for --card-edit. + * gpgsm: Verification of detached signatures does now strip trailing + zeroes from the input if --assume-binary is used. + * gpgsm: Non-armored detached signature are now created without + using indefinite form length octets. This improves compatibility + with some PDF signature verification software. + * gpgtar: Emit progress status lines in create mode. + * dirmngr: The LDAP modifyTimestamp is now returned by some + keyserver commands. + * ssh: Allow specification of the order keys are presented to ssh. + See the man page entry for --enable-ssh-support. + * gpg: Make list-options "show-sig-subpackets" work again. + Fixes regression in 2.4.0. + * gpg: Fix the keytocard command for Yubikeys. + * gpg: Do not continue an export after a cancel for the primary key. + * gpg: Replace the --override-compliance-check hack by a real fix. + * gpgtar: Fix decryption with input taken from stdin. + +------------------------------------------------------------------- +Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal + +- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 + * The original patch has been modified to expand the changes + also to the tests/gpgme/Makefile.in file. + * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch + +------------------------------------------------------------------- +Tue Dec 20 16:01:05 UTC 2022 - David Anes + +- Updated to require libgpg-error-devel >= 1.46 + +- Rebased patches: + * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + * gnupg-add_legacy_FIPS_mode_option.patch + +- GnuPG 2.4.0: + * common: Fix translations in --help for gpgrt < 1.47. + * gpg: Do not continue the export after a cancel for the primary key. + * gpg: Replace use of PRIu64 in log_debug. + * Update NEWS for 2.4.0. + * tests: Fix make check with GPGME. + * agent: Allow arguments to "scd serialno" in restricted mode. + * scd:p15: Skip deleted records. + * build: Remove Windows CE support. + * wkd: Do not send/install/mirror expired user ids. + * gpgsm: Print the revocation time also with --verify. + * gpgsm: Fix "problem re-searching certificate" case. + * gpgsm: Print revocation date and reason in cert listings. + * gpgsm: Silence the "non-critical certificate policy not allowed". + * gpgsm: Always use the chain model if the root-CA requests this. + * gpg: New export option "mode1003". + * gpg: Remove a mostly duplicated function. + * tests: Simplify fake-pinentry to use the option only. + * tests: Fix fake-pinentry for Windows. + * tests: Fix make check-all. + * agent: Fix import of protected v5 keys. + * gpgsm: Change default algo to AES-256. + * tests: Put a workaround for semihosted environment. + * tests: More fix for semihosted environment. + * tests: Support semihosted environment. + * tests: Fix tests under cms. + * tests,w32: Fix for semihosted environment. + * w32: Fix for tests on semihosted environment. + * w32: Fix gnupg_unsetenv. + * wkd: New option --add-revocs and some fixes. + * wkd: Make use of --debug extprog. + * gpg: New export-filter export-revocs. + * gpg: Fix double-free in gpg --card-edit. + * gpg: Make --require-compliance work with out --status-fd. + * gpg: New option --list-filter. + * dirmngr: Silence ocsp debug output. + * tests: Fix to support --enable-all-tests and variants. + * tests:w32: Fix for non-dot file name for Windows. + * tests:gpgscm:w32: Fix for GetTempPath. + * tests: Keep .log files in objdir. + * tests: Use 233 for invalid value of FD. + * w32: Fix gnupg_tmpfile for possible failure. + * scd: Redact --debug cardio output of a VERIFY APDU. + * common: Remove Windows CE support in common. + * gpgsm: Fix colon outout of ECC encryption certificates. + * scd:nks: Fix ECC signing if key not given by keygrip. + * dirmngr: Fix verification of ECDSA signed CRLs. + * agent: Allow trustlist on Windows in Unicode homedirs. + * gpg: Fix verification of cleartext signatures with overlong lines. + * gpg: Move w32_system function. + * gpg: New option --quick-update-pref. + * gpg: New list-options show-pref and show-pref-verbose. + * tests: Add tests to check that OCB is only used for capable keys. + * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. + * tests: Add symmetric decryption tests. + * tests: Add tr:assert-same function. + * agent: Avoid blanks in the ssh key's comment. + * build: Update m4 files. + * gpg: Merge --rfc4880bis features into --gnupg. + * gpg: Allow only OCB for AEAD encryption. + * gpg: New option --compatibility-flags. + * gpgsm: Also announce AES256-CBC in signatures. + * gpg: Fix trusted introducer for user-ids with only the mbox. + * gpg: Import stray revocation certificates. + * agent: Automatically convert to extended key format by KEYATTR. + * card: New commands "gpg" and "gpgsm". + * card: Also show fingerprints of known X.509 certificates. + * scd:nks: Support non-ESIGN signing with the Signature Card v2. + * gpgsm: Allow ECC encryption keys with just keyAgreement specified. + * gpgsm: Use macro constants for cert_usage_p. + * build: Update gpg-error.m4. + * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. + * gpg: Move NETLIBS after GPG_ERROR_LIBS. + * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. + * common,w32: Fix struct stat on Windows. + * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. + * common: Don't use FD2INT for POSIX-only code. + * dirmngr: Fix build with no LDAP support. + ------------------------------------------------------------------- Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal diff --git a/gpg2.spec b/gpg2.spec index 87c0390..7ffb33c 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.8 +Version: 2.4.1 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -39,19 +39,23 @@ Patch7: gnupg-2.2.16-secmem.patch Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set +Patch11: gnupg-allow-large-rsa.patch +#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation +Patch12: gnupg-revert-rfc4880bis.patch BuildRequires: expect BuildRequires: fdupes -BuildRequires: ibmswtpm2 -BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.41 -BuildRequires: libksba-devel >= 1.3.4 +BuildRequires: libgpg-error-devel >= 1.46 +BuildRequires: libksba-devel >= 1.6.3 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel BuildRequires: pkgconfig BuildRequires: readline-devel +BuildRequires: swtpm +BuildRequires: tpm2-0-tss-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) @@ -60,6 +64,7 @@ BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 Requires: libgcrypt20 >= 1.9.1 +Requires: libgpg-error >= 1.46 Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} @@ -115,6 +120,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-dirmngr-pgm=%{_bindir}/dirmngr \ --with-scdaemon-pgm=%{_bindir}/scdaemon \ --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ + --disable-rpath \ --enable-ldap \ --enable-gpgsm=yes \ --enable-gpgtar \ @@ -123,7 +129,9 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --enable-wks-tools \ --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ - --enable-build-timestamp=$date \ + --with-tss=intel \ + --enable-all-tests \ + --enable-build-timestamp=${date} \ --enable-gpg-is-gpg2 %make_build @@ -131,10 +139,11 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %install %make_install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ -# bnc#391347 +# install gpgconf.conf bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg # delete to prevent fdupes from creating cross-partition hardlink rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf +# remove info dir rm %{buildroot}%{_infodir}/dir # compat symlinks ln -sf gpg2 %{buildroot}%{_bindir}/gpg @@ -155,10 +164,7 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %fdupes -s %{buildroot} %check -# Run only localy, fails in OBS -#%%if ! 0%%{?qemu_user_space_build} -#make %%{?_smp_mflags} check -#%%endif +%make_build check || : %post %udev_rules_update @@ -166,12 +172,11 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %files lang -f gnupg2.lang %files +%license COPYING* +%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ %{_infodir}/gnupg* %exclude %{_mandir}/*/dirmngr*%{ext_man} %{_mandir}/*/*%{ext_man} -%license COPYING* -%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ -%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.* %doc %{_docdir}/%{name} %exclude %{_bindir}/dirmngr* %exclude %{_bindir}/tpm2daemon* @@ -188,7 +193,6 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %files -n dirmngr %license COPYING* %{_mandir}/*/dirmngr*%{ext_man} -%{_docdir}/%{name}/examples/systemd-user/dirmngr.* %{_bindir}/dirmngr* %files tpm From 1991155811ada5b9a0aeaaf76860f3a1a5d66eec083f068ea8678bf9f8b9964e Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 17 May 2023 08:52:48 +0000 Subject: [PATCH 156/156] Accepting request 1087520 from openSUSE:Factory https://bugzilla.opensuse.org/show_bug.cgi?id=1211456 https://bugzilla.opensuse.org/show_bug.cgi?id=1211444 OBS-URL: https://build.opensuse.org/request/show/1087520 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=165 --- gnupg-2.3.8.tar.bz2 | 3 + gnupg-2.3.8.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-2.4.1.tar.bz2 | 3 - gnupg-2.4.1.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-add_legacy_FIPS_mode_option.patch | 55 ++--- ...viously-known-keys-even-without-UIDs.patch | 23 +- gnupg-allow-large-rsa.patch | 13 -- gnupg-revert-rfc4880bis.patch | 202 ------------------ gpg2.changes | 164 -------------- gpg2.spec | 36 ++-- 10 files changed, 59 insertions(+), 440 deletions(-) create mode 100644 gnupg-2.3.8.tar.bz2 create mode 100644 gnupg-2.3.8.tar.bz2.sig delete mode 100644 gnupg-2.4.1.tar.bz2 delete mode 100644 gnupg-2.4.1.tar.bz2.sig delete mode 100644 gnupg-allow-large-rsa.patch delete mode 100644 gnupg-revert-rfc4880bis.patch diff --git a/gnupg-2.3.8.tar.bz2 b/gnupg-2.3.8.tar.bz2 new file mode 100644 index 0000000..ab87c26 --- /dev/null +++ b/gnupg-2.3.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed +size 7644926 diff --git a/gnupg-2.3.8.tar.bz2.sig b/gnupg-2.3.8.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..cf362c596cfba1af7147ffbb690b7138f5abc05793f0f1820b62731a3dd04f61 GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0$sX398MrtFU?TsXGcw$g zHrzS){lqH|j=sC^{zz)=GUgxqE<9fODU`Fi`QR(vH4OjL+3kNhsW=q1xCSl0)sZW8 VL0x~5P~&++&U?QfUNkLa0RYLSGll>F literal 0 HcmV?d00001 diff --git a/gnupg-2.4.1.tar.bz2 b/gnupg-2.4.1.tar.bz2 deleted file mode 100644 index f61626e..0000000 --- a/gnupg-2.4.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:76b71e5aeb443bfd910ce9cbc8281b617c8341687afb67bae455877972b59de8 -size 7341338 diff --git a/gnupg-2.4.1.tar.bz2.sig b/gnupg-2.4.1.tar.bz2.sig deleted file mode 100644 index c12b732bc36d7aba22f95b7fcedaf6ee6e00cc7431c12f265e0842ee382a7f27..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGVvrS6WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0Dc&3X8MrtFU?S_P8GbR@ zrC3C7op-Y!DmJAfE=?itaou)fzok7Kwl4jRt(zkl88)Oa+8bIN%Gchw^+MW{C0?Ef Td8e@VNa=5zD4}4poRJ# g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.4.0/g10/import.c +Index: gnupg-2.3.0/g10/import.c =================================================================== ---- gnupg-2.4.0.orig/g10/import.c -+++ gnupg-2.4.0/g10/import.c -@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.3.0.orig/g10/import.c ++++ gnupg-2.3.0/g10/import.c +@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,7 +29,7 @@ Index: gnupg-2.4.0/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, +@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -44,12 +44,13 @@ Index: gnupg-2.4.0/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, +@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, + xfree(user); } } - +- - /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) +- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) - { - if (!silent) - { @@ -63,11 +64,11 @@ Index: gnupg-2.4.0/g10/import.c + /* Delete invalid parts, and note if we have any valid ones left. + * We will later abort import if this key is new but contains + * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); ++ delete_inv_parts (ctrl, keyblock, keyid, options); /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, +@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -92,7 +93,7 @@ Index: gnupg-2.4.0/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, +@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-allow-large-rsa.patch b/gnupg-allow-large-rsa.patch deleted file mode 100644 index 81e726a..0000000 --- a/gnupg-allow-large-rsa.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: gnupg-2.4.1/g10/keygen.c -=================================================================== ---- gnupg-2.4.1.orig/g10/keygen.c -+++ gnupg-2.4.1/g10/keygen.c -@@ -2456,7 +2456,7 @@ get_keysize_range (int algo, unsigned in - - default: - *min = opt.compliance == CO_DE_VS ? 2048: 1024; -- *max = 4096; -+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; - def = 3072; - break; - } diff --git a/gnupg-revert-rfc4880bis.patch b/gnupg-revert-rfc4880bis.patch deleted file mode 100644 index f981206..0000000 --- a/gnupg-revert-rfc4880bis.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Mon, 31 Oct 2022 16:14:18 +0100 -Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg - -* g10/gpg.c (oRFC4880bis): Remove. -(opts): Make --rfc4880bis a Noop. -(compliance_options): Make rfc4880bis to gnupg. -(set_compliance_option): Remove rfc4880bis stuff. -(main): Ditto. Note that this now activates the --mimemode option. -* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection. -(keygen_upd_std_prefs): Always announce support for v5 keys. -(read_parameter_file): Activate the v4 and v5 keywords. --- - -Index: gnupg-2.4.1/g10/gpg.c -=================================================================== ---- gnupg-2.4.1.orig/g10/gpg.c -+++ gnupg-2.4.1/g10/gpg.c -@@ -247,6 +247,7 @@ enum cmd_and_opt_values - oGnuPG, - oRFC2440, - oRFC4880, -+ oRFC4880bis, - oOpenPGP, - oPGP7, - oPGP8, -@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), - ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), - ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), -+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"), - ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), - ARGPARSE_s_n (oPGP7, "pgp6", "@"), - ARGPARSE_s_n (oPGP7, "pgp7", "@"), -@@ -977,7 +979,6 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), - ARGPARSE_s_s (oNoop, "aead-algo", "@"), - ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), -- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), - ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), - ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), - -@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co - { - { "gnupg", oGnuPG }, - { "openpgp", oOpenPGP }, -- { "rfc4880bis", oGnuPG }, -+ { "rfc4880bis", oRFC4880bis }, - { "rfc4880", oRFC4880 }, - { "rfc2440", oRFC2440 }, - { "pgp6", oPGP7 }, -@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co - static void - set_compliance_option (enum cmd_and_opt_values option) - { -+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */ -+ - switch (option) - { -+ case oRFC4880bis: -+ opt.flags.rfc4880bis = 1; -+ opt.compliance = CO_RFC4880; -+ opt.flags.dsa2 = 1; -+ opt.flags.require_cross_cert = 1; -+ opt.rfc2440_text = 0; -+ opt.allow_non_selfsigned_uid = 1; -+ opt.allow_freeform_uid = 1; -+ opt.escape_from = 1; -+ opt.not_dash_escaped = 0; -+ opt.def_cipher_algo = 0; -+ opt.def_digest_algo = 0; -+ opt.cert_digest_algo = 0; -+ opt.compress_algo = -1; -+ opt.s2k_mode = 3; /* iterated+salted */ -+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; -+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256; -+ break; - case oOpenPGP: - case oRFC4880: - /* This is effectively the same as RFC2440, but with -@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_ - case oPGP8: opt.compliance = CO_PGP8; break; - case oGnuPG: - opt.compliance = CO_GNUPG; -+ opt.flags.rfc4880bis = 1; - break; - - case oDE_VS: -@@ -2490,6 +2512,7 @@ main (int argc, char **argv) - opt.emit_version = 0; - opt.weak_digests = NULL; - opt.compliance = CO_GNUPG; -+ opt.flags.rfc4880bis = 1; - - /* Check special options given on the command line. */ - orig_argc = argc; -@@ -3032,6 +3055,7 @@ main (int argc, char **argv) - case oOpenPGP: - case oRFC2440: - case oRFC4880: -+ case oRFC4880bis: - case oPGP7: - case oPGP8: - case oGnuPG: -@@ -3867,6 +3891,11 @@ main (int argc, char **argv) - if( may_coredump && !opt.quiet ) - log_info(_("WARNING: program may create a core file!\n")); - -+ if (!opt.flags.rfc4880bis) -+ { -+ opt.mimemode = 0; /* This will use text mode instead. */ -+ } -+ - if (eyes_only) { - if (opt.set_filename) - log_info(_("WARNING: %s overrides %s\n"), -@@ -4083,7 +4112,7 @@ main (int argc, char **argv) - /* Check our chosen algorithms against the list of legal - algorithms. */ - -- if(!GNUPG) -+ if(!GNUPG && !opt.flags.rfc4880bis) - { - const char *badalg=NULL; - preftype_t badtype=PREFTYPE_NONE; -Index: gnupg-2.4.1/g10/keygen.c -=================================================================== ---- gnupg-2.4.1.orig/g10/keygen.c -+++ gnupg-2.4.1/g10/keygen.c -@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string - strcat(dummy_string,"S7 "); - strcat(dummy_string,"S2 "); /* 3DES */ - -- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) -+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) - strcat(dummy_string,"A2 "); - - if (personal) -@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig - /* Make sure that the MDC feature flag is set if needed. */ - add_feature_mdc (sig,mdc_available); - add_feature_aead (sig, aead_available); -- add_feature_v5 (sig, 1); -+ add_feature_v5 (sig, opt.flags.rfc4880bis); - add_keyserver_modify (sig,ks_modify); - keygen_add_keyserver_url(sig,NULL); - -@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, - } - } - else if (!ascii_strcasecmp (s, "v5")) -- keyversion = 5; -+ { -+ if (opt.flags.rfc4880bis) -+ keyversion = 5; -+ } - else if (!ascii_strcasecmp (s, "v4")) - keyversion = 4; - else -@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, - * ecdsa := Use algorithm ECDSA. - * eddsa := Use algorithm EdDSA. - * ecdh := Use algorithm ECDH. -- * v5 := Create version 5 key -+ * v5 := Create version 5 key (requires option --rfc4880bis) - * - * There are several defaults and fallbacks depending on the - * algorithm. PART can be used to select which part of STRING is -@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const - } - } - -- if ((keywords[i].key == pVERSION -- || keywords[i].key == pSUBVERSION)) -- ; /* Ignore version. */ -+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION -+ || keywords[i].key == pSUBVERSION)) -+ ; /* Ignore version unless --rfc4880bis is active. */ - else - { - r = xmalloc_clear( sizeof *r + strlen( value ) ); -@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p - para = r; - } - -- r = xmalloc_clear (sizeof *r + 20); -- r->key = for_subkey? pSUBVERSION : pVERSION; -- snprintf (r->u.value, 20, "%d", version); -- r->next = para; -- para = r; -+ if (opt.flags.rfc4880bis) -+ { -+ r = xmalloc_clear (sizeof *r + 20); -+ r->key = for_subkey? pSUBVERSION : pVERSION; -+ snprintf (r->u.value, 20, "%d", version); -+ r->next = para; -+ para = r; -+ } - - if (keytime) - { diff --git a/gpg2.changes b/gpg2.changes index 5da703c..da1913e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,167 +1,3 @@ -------------------------------------------------------------------- -Sat Apr 29 08:25:46 UTC 2023 - Pedro Monreal - -- Temporarily revert back to the pre-2.4 default for key generation. - The new rfc4880bis has been set as the default in 2.4 version and - might create incompatible keys. Note that, rfc4880bis can still - be used with the option flag --rfc4880bis as in previous versions. - * More info in the gnupg-devel ML: - https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html - * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 - * Add gnupg-revert-rfc4880bis.patch - -------------------------------------------------------------------- -Sat Apr 29 08:12:32 UTC 2023 - Pedro Monreal - -- Allow 8192 bit RSA keys in keygen UI when large_rsa is set - * Add gnupg-allow-large-rsa.patch - -------------------------------------------------------------------- -Sat Apr 29 08:01:16 UTC 2023 - Pedro Monreal - -- Enable the regression tests: Fix the regression test suite that - fails with the IBM TPM Software stack. Builds fine using the Intel - TPM; use the swtpm and tpm2-0-tss-devel packages instead of - ibmswtpm2 and ibmtss-devel. - -------------------------------------------------------------------- -Fri Apr 28 17:32:11 UTC 2023 - David Anes - -- Rebased patches: - * gnupg-add_legacy_FIPS_mode_option.patch - -- Removed patches (already upstream): - * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - -- Don't ship systemd examples, as they are removed from upstream - release tarball. - -- Update to 2.4.1: - * If the ~/.gnupg directory does not exist, the keyboxd is now - automagically enabled. - * gpg: New option --add-desig-revoker. - * gpg: New option --assert-signer. - * gpg: New command --quick-add-adsk and other ADSK features. - * gpg: New list-option "show-unusable-sigs". Also show - "[self-signature]" instead of the user-id in key signature - listings. - * gpg: For symmetric encryption the default S2K hash is now SHA256. - * gpg: Detect already compressed data also when using a pipe. Also - detect JPEG and PNG file formats. - * gpg: New subcommand "openpgp" for --card-edit. - * gpgsm: Verification of detached signatures does now strip trailing - zeroes from the input if --assume-binary is used. - * gpgsm: Non-armored detached signature are now created without - using indefinite form length octets. This improves compatibility - with some PDF signature verification software. - * gpgtar: Emit progress status lines in create mode. - * dirmngr: The LDAP modifyTimestamp is now returned by some - keyserver commands. - * ssh: Allow specification of the order keys are presented to ssh. - See the man page entry for --enable-ssh-support. - * gpg: Make list-options "show-sig-subpackets" work again. - Fixes regression in 2.4.0. - * gpg: Fix the keytocard command for Yubikeys. - * gpg: Do not continue an export after a cancel for the primary key. - * gpg: Replace the --override-compliance-check hack by a real fix. - * gpgtar: Fix decryption with input taken from stdin. - -------------------------------------------------------------------- -Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal - -- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 - * The original patch has been modified to expand the changes - also to the tests/gpgme/Makefile.in file. - * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - -------------------------------------------------------------------- -Tue Dec 20 16:01:05 UTC 2022 - David Anes - -- Updated to require libgpg-error-devel >= 1.46 - -- Rebased patches: - * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch - * gnupg-add_legacy_FIPS_mode_option.patch - -- GnuPG 2.4.0: - * common: Fix translations in --help for gpgrt < 1.47. - * gpg: Do not continue the export after a cancel for the primary key. - * gpg: Replace use of PRIu64 in log_debug. - * Update NEWS for 2.4.0. - * tests: Fix make check with GPGME. - * agent: Allow arguments to "scd serialno" in restricted mode. - * scd:p15: Skip deleted records. - * build: Remove Windows CE support. - * wkd: Do not send/install/mirror expired user ids. - * gpgsm: Print the revocation time also with --verify. - * gpgsm: Fix "problem re-searching certificate" case. - * gpgsm: Print revocation date and reason in cert listings. - * gpgsm: Silence the "non-critical certificate policy not allowed". - * gpgsm: Always use the chain model if the root-CA requests this. - * gpg: New export option "mode1003". - * gpg: Remove a mostly duplicated function. - * tests: Simplify fake-pinentry to use the option only. - * tests: Fix fake-pinentry for Windows. - * tests: Fix make check-all. - * agent: Fix import of protected v5 keys. - * gpgsm: Change default algo to AES-256. - * tests: Put a workaround for semihosted environment. - * tests: More fix for semihosted environment. - * tests: Support semihosted environment. - * tests: Fix tests under cms. - * tests,w32: Fix for semihosted environment. - * w32: Fix for tests on semihosted environment. - * w32: Fix gnupg_unsetenv. - * wkd: New option --add-revocs and some fixes. - * wkd: Make use of --debug extprog. - * gpg: New export-filter export-revocs. - * gpg: Fix double-free in gpg --card-edit. - * gpg: Make --require-compliance work with out --status-fd. - * gpg: New option --list-filter. - * dirmngr: Silence ocsp debug output. - * tests: Fix to support --enable-all-tests and variants. - * tests:w32: Fix for non-dot file name for Windows. - * tests:gpgscm:w32: Fix for GetTempPath. - * tests: Keep .log files in objdir. - * tests: Use 233 for invalid value of FD. - * w32: Fix gnupg_tmpfile for possible failure. - * scd: Redact --debug cardio output of a VERIFY APDU. - * common: Remove Windows CE support in common. - * gpgsm: Fix colon outout of ECC encryption certificates. - * scd:nks: Fix ECC signing if key not given by keygrip. - * dirmngr: Fix verification of ECDSA signed CRLs. - * agent: Allow trustlist on Windows in Unicode homedirs. - * gpg: Fix verification of cleartext signatures with overlong lines. - * gpg: Move w32_system function. - * gpg: New option --quick-update-pref. - * gpg: New list-options show-pref and show-pref-verbose. - * tests: Add tests to check that OCB is only used for capable keys. - * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. - * tests: Add symmetric decryption tests. - * tests: Add tr:assert-same function. - * agent: Avoid blanks in the ssh key's comment. - * build: Update m4 files. - * gpg: Merge --rfc4880bis features into --gnupg. - * gpg: Allow only OCB for AEAD encryption. - * gpg: New option --compatibility-flags. - * gpgsm: Also announce AES256-CBC in signatures. - * gpg: Fix trusted introducer for user-ids with only the mbox. - * gpg: Import stray revocation certificates. - * agent: Automatically convert to extended key format by KEYATTR. - * card: New commands "gpg" and "gpgsm". - * card: Also show fingerprints of known X.509 certificates. - * scd:nks: Support non-ESIGN signing with the Signature Card v2. - * gpgsm: Allow ECC encryption keys with just keyAgreement specified. - * gpgsm: Use macro constants for cert_usage_p. - * build: Update gpg-error.m4. - * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. - * gpg: Move NETLIBS after GPG_ERROR_LIBS. - * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. - * common,w32: Fix struct stat on Windows. - * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. - * common: Don't use FD2INT for POSIX-only code. - * dirmngr: Fix build with no LDAP support. - ------------------------------------------------------------------- Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal diff --git a/gpg2.spec b/gpg2.spec index 7ffb33c..87c0390 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.4.1 +Version: 2.3.8 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -39,23 +39,19 @@ Patch7: gnupg-2.2.16-secmem.patch Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set -Patch11: gnupg-allow-large-rsa.patch -#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation -Patch12: gnupg-revert-rfc4880bis.patch BuildRequires: expect BuildRequires: fdupes +BuildRequires: ibmswtpm2 +BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.46 -BuildRequires: libksba-devel >= 1.6.3 +BuildRequires: libgpg-error-devel >= 1.41 +BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel BuildRequires: pkgconfig BuildRequires: readline-devel -BuildRequires: swtpm -BuildRequires: tpm2-0-tss-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) @@ -64,7 +60,6 @@ BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 Requires: libgcrypt20 >= 1.9.1 -Requires: libgpg-error >= 1.46 Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} @@ -120,7 +115,6 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-dirmngr-pgm=%{_bindir}/dirmngr \ --with-scdaemon-pgm=%{_bindir}/scdaemon \ --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ - --disable-rpath \ --enable-ldap \ --enable-gpgsm=yes \ --enable-gpgtar \ @@ -129,9 +123,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --enable-wks-tools \ --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ - --with-tss=intel \ - --enable-all-tests \ - --enable-build-timestamp=${date} \ + --enable-build-timestamp=$date \ --enable-gpg-is-gpg2 %make_build @@ -139,11 +131,10 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %install %make_install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ -# install gpgconf.conf bnc#391347 +# bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg # delete to prevent fdupes from creating cross-partition hardlink rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf -# remove info dir rm %{buildroot}%{_infodir}/dir # compat symlinks ln -sf gpg2 %{buildroot}%{_bindir}/gpg @@ -164,7 +155,10 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %fdupes -s %{buildroot} %check -%make_build check || : +# Run only localy, fails in OBS +#%%if ! 0%%{?qemu_user_space_build} +#make %%{?_smp_mflags} check +#%%endif %post %udev_rules_update @@ -172,11 +166,12 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %files lang -f gnupg2.lang %files -%license COPYING* -%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ %{_infodir}/gnupg* %exclude %{_mandir}/*/dirmngr*%{ext_man} %{_mandir}/*/*%{ext_man} +%license COPYING* +%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ +%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.* %doc %{_docdir}/%{name} %exclude %{_bindir}/dirmngr* %exclude %{_bindir}/tpm2daemon* @@ -193,6 +188,7 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %files -n dirmngr %license COPYING* %{_mandir}/*/dirmngr*%{ext_man} +%{_docdir}/%{name}/examples/systemd-user/dirmngr.* %{_bindir}/dirmngr* %files tpm