Accepting request 1112814 from home:pmonrealgonzalez:branches:Base:System

- Install the systemd user units in the _userunitdir [bsc#1201564]
  * Note that, there is no activation by default.

- Temporarily revert back to the pre-2.4 default for key generation.
  The new rfc4880bis has been set as the default in 2.4 version and
  might create incompatible keys. Note that, rfc4880bis can still
  be used with the option flag --rfc4880bis as in previous versions.
  * More info in the gnupg-devel ML:
    https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html
  * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9
  * Add gnupg-revert-rfc4880bis.patch

- Allow 8192 bit RSA keys in keygen UI when large_rsa is set
  * Add gnupg-allow-large-rsa.patch

- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313
  * The original patch has been modified to expand the changes
    also to the tests/gpgme/Makefile.in file.
  * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch

- Updated to require libgpg-error-devel >= 1.46
- Rebased patches:
  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
  * gnupg-add_legacy_FIPS_mode_option.patch
- GnuPG 2.4.0:
  * common: Fix translations in --help for gpgrt < 1.47.
  * gpg: Do not continue the export after a cancel for the primary key.
  * gpg: Replace use of PRIu64 in log_debug.
  * Update NEWS for 2.4.0.
  * tests: Fix make check with GPGME.

OBS-URL: https://build.opensuse.org/request/show/1112814
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=289

gnupg-2.3.8.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed
-size 7644926

gnupg-2.4.0.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
+size 7666935

gnupg-add_legacy_FIPS_mode_option.patch

@@ -3,11 +3,11 @@
  g10/gpg.c    |    9 +++++++++
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.3.5/doc/gpg.texi
+Index: gnupg-2.4.0/doc/gpg.texi
 ===================================================================
---- gnupg-2.3.5.orig/doc/gpg.texi
-+++ gnupg-2.3.5/doc/gpg.texi
-@@ -2197,6 +2197,24 @@ implies, this option is for experts only
+--- gnupg-2.4.0.orig/doc/gpg.texi
++++ gnupg-2.4.0/doc/gpg.texi
+@@ -2218,6 +2218,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,19 +32,19 @@ Index: gnupg-2.3.5/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.3.5/g10/gpg.c
+Index: gnupg-2.4.0/g10/gpg.c
 ===================================================================
---- gnupg-2.3.5.orig/g10/gpg.c
-+++ gnupg-2.3.5/g10/gpg.c
+--- gnupg-2.4.0.orig/g10/gpg.c
++++ gnupg-2.4.0/g10/gpg.c
 @@ -443,6 +443,7 @@ enum cmd_and_opt_values
      oForceSignKey,
      oForbidGenKey,
      oRequireCompliance,
 +    oSetLegacyFips,
+     oCompatibilityFlags,
  
      oNoop
-   };
-@@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = {
+@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = {
    ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
    ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
    ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
@@ -52,7 +52,7 @@ Index: gnupg-2.3.5/g10/gpg.c
  
  
    ARGPARSE_header (NULL, N_("Options for unattended use")),
-@@ -3737,6 +3739,14 @@ main (int argc, char **argv)
+@@ -3711,6 +3714,14 @@ main (int argc, char **argv)
              opt.flags.require_compliance = 1;
              break;
  

gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch

@@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  g10/import.c | 49 +++++++++++--------------------------------------
  1 file changed, 11 insertions(+), 38 deletions(-)
 
-Index: gnupg-2.3.0/g10/import.c
+Index: gnupg-2.4.0/g10/import.c
 ===================================================================
---- gnupg-2.3.0.orig/g10/import.c
-+++ gnupg-2.3.0/g10/import.c
-@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl,
+--- gnupg-2.4.0.orig/g10/import.c
++++ gnupg-2.4.0/g10/import.c
+@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
    size_t an;
    char pkstrbuf[PUBKEY_STRING_SIZE];
    int merge_keys_done = 0;
@@ -29,7 +29,7 @@ Index: gnupg-2.3.0/g10/import.c
    KEYDB_HANDLE hd = NULL;
  
    if (r_valid)
-@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl,
        log_printf ("\n");
      }
  
@@ -44,13 +44,12 @@ Index: gnupg-2.3.0/g10/import.c
    if (screener && screener (keyblock, screener_arg))
      {
        log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl,
-             xfree(user);
+@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl,
  	  }
      }
--
+ 
 -  /* Delete invalid parts and bail out if there are no user ids left.  */
--  if (!delete_inv_parts (ctrl, keyblock, keyid, options))
+-  if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
 -    {
 -      if (!silent)
 -        {
@@ -64,11 +63,11 @@ Index: gnupg-2.3.0/g10/import.c
 +  /* Delete invalid parts, and note if we have any valid ones left.
 +   * We will later abort import if this key is new but contains
 +   * no valid uids.  */
-+  delete_inv_parts (ctrl, keyblock, keyid, options);
++  delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
  
    /* Get rid of deleted nodes.  */
    commit_kbnode (&keyblock);
-@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl,
+@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl,
      {
        apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
        commit_kbnode (&keyblock);
@@ -93,7 +92,7 @@ Index: gnupg-2.3.0/g10/import.c
      }
  
    /* The keyblock is valid and ready for real import.  */
-@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl,
        err = 0;
        stats->skipped_new_keys++;
      }

gnupg-allow-large-rsa.patch

@@ -0,0 +1,13 @@
+Index: gnupg-2.4.0/g10/keygen.c
+===================================================================
+--- gnupg-2.4.0.orig/g10/keygen.c
++++ gnupg-2.4.0/g10/keygen.c
+@@ -2461,7 +2461,7 @@ get_keysize_range (int algo, unsigned in
+ 
+     default:
+       *min = opt.compliance == CO_DE_VS ? 2048: 1024;
+-      *max = 4096;
++      *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
+       def = 3072;
+       break;
+     }

gnupg-revert-rfc4880bis.patch

@@ -0,0 +1,202 @@
+From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 31 Oct 2022 16:14:18 +0100
+Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
+
+* g10/gpg.c (oRFC4880bis): Remove.
+(opts): Make --rfc4880bis a Noop.
+(compliance_options): Make rfc4880bis to gnupg.
+(set_compliance_option): Remove rfc4880bis stuff.
+(main): Ditto.  Note that this now activates the --mimemode option.
+* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
+(keygen_upd_std_prefs): Always announce support for v5 keys.
+(read_parameter_file): Activate the v4 and v5 keywords.
+--
+
+Index: gnupg-2.4.0/g10/gpg.c
+===================================================================
+--- gnupg-2.4.0.orig/g10/gpg.c
++++ gnupg-2.4.0/g10/gpg.c
+@@ -246,6 +246,7 @@ enum cmd_and_opt_values
+     oGnuPG,
+     oRFC2440,
+     oRFC4880,
++    oRFC4880bis,
+     oOpenPGP,
+     oPGP7,
+     oPGP8,
+@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
+   ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
+   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
++  ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
+   ARGPARSE_s_n (oPGP7, "pgp6", "@"),
+   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
+@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
+   ARGPARSE_s_s (oNoop, "aead-algo", "@"),
+   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
+-  ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
+ 
+ 
+   ARGPARSE_group (302, N_(
+@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co
+   {
+     { "gnupg",      oGnuPG },
+     { "openpgp",    oOpenPGP },
+-    { "rfc4880bis", oGnuPG },
++    { "rfc4880bis", oRFC4880bis },
+     { "rfc4880",    oRFC4880 },
+     { "rfc2440",    oRFC2440 },
+     { "pgp6",       oPGP7 },
+@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co
+ static void
+ set_compliance_option (enum cmd_and_opt_values option)
+ {
++  opt.flags.rfc4880bis = 0;  /* Clear because it is initially set.  */
++
+   switch (option)
+     {
++    case oRFC4880bis:
++      opt.flags.rfc4880bis = 1;
++      opt.compliance = CO_RFC4880;
++      opt.flags.dsa2 = 1;
++      opt.flags.require_cross_cert = 1;
++      opt.rfc2440_text = 0;
++      opt.allow_non_selfsigned_uid = 1;
++      opt.allow_freeform_uid = 1;
++      opt.escape_from = 1;
++      opt.not_dash_escaped = 0;
++      opt.def_cipher_algo = 0;
++      opt.def_digest_algo = 0;
++      opt.cert_digest_algo = 0;
++      opt.compress_algo = -1;
++      opt.s2k_mode = 3; /* iterated+salted */
++      opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
++      opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
++      break;
+     case oOpenPGP:
+     case oRFC4880:
+       /* This is effectively the same as RFC2440, but with
+@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_
+     case oPGP8:  opt.compliance = CO_PGP8;  break;
+     case oGnuPG:
+       opt.compliance = CO_GNUPG;
++      opt.flags.rfc4880bis = 1;
+       break;
+ 
+     case oDE_VS:
+@@ -2470,6 +2492,7 @@ main (int argc, char **argv)
+     opt.emit_version = 0;
+     opt.weak_digests = NULL;
+     opt.compliance = CO_GNUPG;
++    opt.flags.rfc4880bis = 1;
+ 
+     /* Check special options given on the command line.  */
+     orig_argc = argc;
+@@ -3008,6 +3031,7 @@ main (int argc, char **argv)
+           case oOpenPGP:
+           case oRFC2440:
+           case oRFC4880:
++          case oRFC4880bis:
+           case oPGP7:
+           case oPGP8:
+           case oGnuPG:
+@@ -3832,6 +3856,11 @@ main (int argc, char **argv)
+     if( may_coredump && !opt.quiet )
+ 	log_info(_("WARNING: program may create a core file!\n"));
+ 
++    if (!opt.flags.rfc4880bis)
++      {
++        opt.mimemode = 0; /* This will use text mode instead.  */
++      }
++
+     if (eyes_only) {
+       if (opt.set_filename)
+ 	  log_info(_("WARNING: %s overrides %s\n"),
+@@ -4057,7 +4086,7 @@ main (int argc, char **argv)
+     /* Check our chosen algorithms against the list of legal
+        algorithms. */
+ 
+-    if(!GNUPG)
++    if(!GNUPG && !opt.flags.rfc4880bis)
+       {
+ 	const char *badalg=NULL;
+ 	preftype_t badtype=PREFTYPE_NONE;
+Index: gnupg-2.4.0/g10/keygen.c
+===================================================================
+--- gnupg-2.4.0.orig/g10/keygen.c
++++ gnupg-2.4.0/g10/keygen.c
+@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string
+ 	      strcat(dummy_string,"S7 ");
+ 	    strcat(dummy_string,"S2 "); /* 3DES */
+ 
+-            if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
++            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ 	      strcat(dummy_string,"A2 ");
+ 
+             if (personal)
+@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig
+   /* Make sure that the MDC feature flag is set if needed.  */
+   add_feature_mdc (sig,mdc_available);
+   add_feature_aead (sig, aead_available);
+-  add_feature_v5 (sig, 1);
++  add_feature_v5 (sig, opt.flags.rfc4880bis);
+   add_keyserver_modify (sig,ks_modify);
+   keygen_add_keyserver_url(sig,NULL);
+ 
+@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl,
+                 }
+             }
+           else if (!ascii_strcasecmp (s, "v5"))
+-            keyversion = 5;
++            {
++              if (opt.flags.rfc4880bis)
++                keyversion = 5;
++            }
+           else if (!ascii_strcasecmp (s, "v4"))
+             keyversion = 4;
+           else
+@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl,
+  *   ecdsa := Use algorithm ECDSA.
+  *   eddsa := Use algorithm EdDSA.
+  *   ecdh  := Use algorithm ECDH.
+- *   v5    := Create version 5 key
++ *   v5    := Create version 5 key (requires option --rfc4880bis)
+  *
+  * There are several defaults and fallbacks depending on the
+  * algorithm.  PART can be used to select which part of STRING is
+@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const
+ 	    }
+ 	}
+ 
+-        if ((keywords[i].key == pVERSION
+-             || keywords[i].key == pSUBVERSION))
+-          ; /* Ignore version.  */
++        if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
++                                      || keywords[i].key == pSUBVERSION))
++          ; /* Ignore version unless --rfc4880bis is active.  */
+         else
+           {
+             r = xmalloc_clear( sizeof *r + strlen( value ) );
+@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p
+       para = r;
+     }
+ 
+-  r = xmalloc_clear (sizeof *r + 20);
+-  r->key = for_subkey? pSUBVERSION : pVERSION;
+-  snprintf (r->u.value, 20, "%d", version);
+-  r->next = para;
+-  para = r;
++  if (opt.flags.rfc4880bis)
++    {
++      r = xmalloc_clear (sizeof *r + 20);
++      r->key = for_subkey? pSUBVERSION : pVERSION;
++      snprintf (r->u.value, 20, "%d", version);
++      r->next = para;
++      para = r;
++    }
+ 
+   if (keytime)
+     {

gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch

@@ -0,0 +1,168 @@
+From e89d57a2cb10bd04d266165015f159be2ab48984 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 21 Dec 2022 10:52:24 +0900
+Subject: tests: Fix tests/gpgme for in-source-tree builds.
+
+* tests/gpgme/Makefile.am: Don't use setup.scm/ dir.
+* tests/gpgme/Makefile.in: Don't use setup.scm/ dir.
+* tests/gpgme/all-tests.scm: Fix the name of the environment.
+
+--
+
+GnuPG-bug-id: 6313
+Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+
+Index: gnupg-2.4.0/tests/gpgme/Makefile.am
+===================================================================
+--- gnupg-2.4.0.orig/tests/gpgme/Makefile.am
++++ gnupg-2.4.0/tests/gpgme/Makefile.am
+@@ -47,8 +47,7 @@ check: xcheck
+ 
+ .PHONY: xcheck
+ xcheck:
+-	@$(MKDIR_P) setup.scm/tests \
+-	  tests/gpg lang/qt/tests lang/python/tests
++	@$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests
+ 	$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \
+ 	  $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
+ 
+@@ -61,4 +60,4 @@ CLEANFILES = *.log report.xml
+ all-local: $(required_pgms)
+ 
+ clean-local:
+-	-rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests
++	-rm -rf tests lang
+Index: gnupg-2.4.0/tests/gpgme/Makefile.in
+===================================================================
+--- gnupg-2.4.0.orig/tests/gpgme/Makefile.in
++++ gnupg-2.4.0/tests/gpgme/Makefile.in
+@@ -614,8 +614,7 @@ check: xcheck
+ 
+ .PHONY: xcheck
+ xcheck:
+-	@$(MKDIR_P) setup.scm/tests \
+-	  tests/gpg lang/qt/tests lang/python/tests
++	@$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests
+ 	$(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \
+ 	  $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS)
+ 
+@@ -624,7 +623,7 @@ xcheck:
+ all-local: $(required_pgms)
+ 
+ clean-local:
+-	-rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests
++	-rm -rf tests lang
+ 
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
+Index: gnupg-2.4.0/tests/gpgme/all-tests.scm
+===================================================================
+--- gnupg-2.4.0.orig/tests/gpgme/all-tests.scm
++++ gnupg-2.4.0/tests/gpgme/all-tests.scm
+@@ -41,7 +41,7 @@
+     (test::scm
+      #f
+      #f
+-     (path-join "tests" "gpgme" "setup.scm" "tests" "gpg")
++     (path-join "tests" "gpgme" "tests" "gpg")
+      (in-srcdir "tests" "gpgme" "setup.scm")
+      "--" "tests" "gpg")))
+  (define setup-py
+@@ -49,7 +49,7 @@
+     (test::scm
+      #f
+      #f
+-     (path-join "tests" "gpgme" "setup.scm" "lang" "python" "tests")
++     (path-join "tests" "gpgme" "lang" "python" "tests")
+      (in-srcdir "tests" "gpgme" "setup.scm")
+      "--" "lang" "python" "tests")))
+ 
+From 658daae34aa3b2b40e6473d44d41abcf175f1ab2 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Tue, 21 Mar 2023 09:15:20 +0100
+Subject: [PATCH 0787/1000] doc: Suggest the use of out-of-source builds.
+
+--
+
+GnuPG-bug-id:  6313
+
+diff --git a/INSTALL b/INSTALL
+index 5458714e1..9e9642898 100644
+--- a/INSTALL
++++ b/INSTALL
+@@ -42,10 +42,12 @@ may remove or edit it.
+ you want to change it or regenerate `configure' using a newer version
+ of `autoconf'.
+ 
+-The simplest way to compile this package is:
++The suggested way to compile this package is:
+ 
+-  1. `cd' to the directory containing the package's source code and type
+-     `./configure' to configure the package for your system.
++  1. `cd' to the directory containing the package's source code and
++     create a new directory named `build'.  Then `cd' to that
++     directory and type `../configure' to configure the package for
++     your system.
+ 
+      Running `configure' might take a while.  While running, it prints
+      some messages telling which features it is checking for.
+@@ -58,14 +60,17 @@ The simplest way to compile this package is:
+   4. Type `make install' to install the programs and any data files and
+      documentation.
+ 
+-  5. You can remove the program binaries and object files from the
+-     source code directory by typing `make clean'.  To also remove the
+-     files that `configure' created (so you can compile the package for
+-     a different kind of computer), type `make distclean'.  There is
+-     also a `make maintainer-clean' target, but that is intended mainly
+-     for the package's developers.  If you use it, you may have to get
+-     all sorts of other programs in order to regenerate files that came
+-     with the distribution.
++  5. You can remove the program binaries and object files by deleting
++     all files from the `build' directory.  In case you did not used a
++     dedicated build directory but build the software directly in the
++     source tree, you can remove the program binaries and object files
++     from the source code directory by typing `make clean'.  To also
++     remove the files that `configure' created (so you can compile the
++     package for a different kind of computer), type `make distclean'.
++     There is also a `make maintainer-clean' target, but that is
++     intended mainly for the package's developers.  If you use it, you
++     may have to get all sorts of other programs in order to
++     regenerate files that came with the distribution.
+ 
+ Compilers and Options
+ =====================
+@@ -231,4 +236,3 @@ an Autoconf bug.  Until the bug is fixed you can use this workaround:
+ 
+ `configure' also accepts some other, not widely useful, options.  Run
+ `configure --help' for more details.
+-
+diff --git a/README b/README
+index 42eed238f..b9bf7805e 100644
+--- a/README
++++ b/README
+@@ -53,7 +53,9 @@
+ 
+   As with all packages, you just have to do
+ 
+-    ./configure
++    mkdir build
++    cd build
++    ../configure
+     make
+     make check
+     make install
+@@ -81,7 +83,8 @@
+   To quickly build all required software without installing it, the
+   Speedo method may be used:
+ 
+-    make -f build-aux/speedo.mk  native
++    cd build
++    make -f ../build-aux/speedo.mk  native
+ 
+   This method downloads all required libraries and does a native build
+   of GnuPG to PLAY/inst/.  GNU make is required and you need to set
+-- 
+2.42.0
+

gpg2.changes

@@ -1,3 +1,123 @@
+-------------------------------------------------------------------
+Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Install the systemd user units in the _userunitdir [bsc#1201564]
+  * Note that, there is no activation by default.
+
+-------------------------------------------------------------------
+Fri Mar 10 09:03:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Temporarily revert back to the pre-2.4 default for key generation.
+  The new rfc4880bis has been set as the default in 2.4 version and
+  might create incompatible keys. Note that, rfc4880bis can still
+  be used with the option flag --rfc4880bis as in previous versions.
+  * More info in the gnupg-devel ML:
+    https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html
+  * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9
+  * Add gnupg-revert-rfc4880bis.patch
+
+-------------------------------------------------------------------
+Fri Mar 10 08:42:02 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Allow 8192 bit RSA keys in keygen UI when large_rsa is set
+  * Add gnupg-allow-large-rsa.patch
+
+-------------------------------------------------------------------
+Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313
+  * The original patch has been modified to expand the changes
+    also to the tests/gpgme/Makefile.in file.
+  * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
+
+-------------------------------------------------------------------
+Tue Dec 20 16:01:05 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Updated to require libgpg-error-devel >= 1.46
+
+- Rebased patches:
+  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+- GnuPG 2.4.0:
+  * common: Fix translations in --help for gpgrt < 1.47.
+  * gpg: Do not continue the export after a cancel for the primary key.
+  * gpg: Replace use of PRIu64 in log_debug.
+  * Update NEWS for 2.4.0.
+  * tests: Fix make check with GPGME.
+  * agent: Allow arguments to "scd serialno" in restricted mode.
+  * scd:p15: Skip deleted records.
+  * build: Remove Windows CE support.
+  * wkd: Do not send/install/mirror expired user ids.
+  * gpgsm: Print the revocation time also with --verify.
+  * gpgsm: Fix "problem re-searching certificate" case.
+  * gpgsm: Print revocation date and reason in cert listings.
+  * gpgsm: Silence the "non-critical certificate policy not allowed".
+  * gpgsm: Always use the chain model if the root-CA requests this.
+  * gpg: New export option "mode1003".
+  * gpg: Remove a mostly duplicated function.
+  * tests: Simplify fake-pinentry to use the option only.
+  * tests: Fix fake-pinentry for Windows.
+  * tests: Fix make check-all.
+  * agent: Fix import of protected v5 keys.
+  * gpgsm: Change default algo to AES-256.
+  * tests: Put a workaround for semihosted environment.
+  * tests: More fix for semihosted environment.
+  * tests: Support semihosted environment.
+  * tests: Fix tests under cms.
+  * tests,w32: Fix for semihosted environment.
+  * w32: Fix for tests on semihosted environment.
+  * w32: Fix gnupg_unsetenv.
+  * wkd: New option --add-revocs and some fixes.
+  * wkd: Make use of --debug extprog.
+  * gpg: New export-filter export-revocs.
+  * gpg: Fix double-free in gpg --card-edit.
+  * gpg: Make --require-compliance work with out --status-fd.
+  * gpg: New option --list-filter.
+  * dirmngr: Silence ocsp debug output.
+  * tests: Fix to support --enable-all-tests and variants.
+  * tests:w32: Fix for non-dot file name for Windows.
+  * tests:gpgscm:w32: Fix for GetTempPath.
+  * tests: Keep .log files in objdir.
+  * tests: Use 233 for invalid value of FD.
+  * w32: Fix gnupg_tmpfile for possible failure.
+  * scd: Redact --debug cardio output of a VERIFY APDU.
+  * common: Remove Windows CE support in common.
+  * gpgsm: Fix colon outout of ECC encryption certificates.
+  * scd:nks: Fix ECC signing if key not given by keygrip.
+  * dirmngr: Fix verification of ECDSA signed CRLs.
+  * agent: Allow trustlist on Windows in Unicode homedirs.
+  * gpg: Fix verification of cleartext signatures with overlong lines.
+  * gpg: Move w32_system function.
+  * gpg: New option --quick-update-pref.
+  * gpg: New list-options show-pref and show-pref-verbose.
+  * tests: Add tests to check that OCB is only used for capable keys.
+  * gpg: Make --list-packets work w/o --no-armor for plain OCB packets.
+  * tests: Add symmetric decryption tests.
+  * tests: Add tr:assert-same function.
+  * agent: Avoid blanks in the ssh key's comment.
+  * build: Update m4 files.
+  * gpg: Merge --rfc4880bis features into --gnupg.
+  * gpg: Allow only OCB for AEAD encryption.
+  * gpg: New option --compatibility-flags.
+  * gpgsm: Also announce AES256-CBC in signatures.
+  * gpg: Fix trusted introducer for user-ids with only the mbox.
+  * gpg: Import stray revocation certificates.
+  * agent: Automatically convert to extended key format by KEYATTR.
+  * card: New commands "gpg" and "gpgsm".
+  * card: Also show fingerprints of known X.509 certificates.
+  * scd:nks: Support non-ESIGN signing with the Signature Card v2.
+  * gpgsm: Allow ECC encryption keys with just keyAgreement specified.
+  * gpgsm: Use macro constants for cert_usage_p.
+  * build: Update gpg-error.m4.
+  * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.
+  * gpg: Move NETLIBS after GPG_ERROR_LIBS.
+  * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future.
+  * common,w32: Fix struct stat on Windows.
+  * agent,w32: Support Win32-OpenSSH emulation by gpg-agent.
+  * common: Don't use FD2INT for POSIX-only code.
+  * dirmngr: Fix build with no LDAP support.
+
 -------------------------------------------------------------------
 Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 

gpg2.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.3.8
+Version:        2.4.0
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@@ -39,14 +39,20 @@ Patch7:         gnupg-2.2.16-secmem.patch
 Patch8:         gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
 Patch9:         gnupg-add-test-cases-for-import-without-uid.patch
 Patch10:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set
+Patch11:        gnupg-allow-large-rsa.patch
+#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation
+Patch12:        gnupg-revert-rfc4880bis.patch
+#PATCH-FIX-UPSTREAM Fix tests/gpgme for in-source-tree builds
+Patch13:        gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  ibmswtpm2
 BuildRequires:  ibmtss-devel
 BuildRequires:  libassuan-devel >= 2.5.0
 BuildRequires:  libgcrypt-devel >= 1.9.1
-BuildRequires:  libgpg-error-devel >= 1.41
-BuildRequires:  libksba-devel >= 1.3.4
+BuildRequires:  libgpg-error-devel >= 1.46
+BuildRequires:  libksba-devel >= 1.6.3
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 1.2
 BuildRequires:  openldap2-devel
@@ -131,34 +137,45 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
 %install
 %make_install
 mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
-# bnc#391347
+# install gpgconf.conf bnc#391347
 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
 # delete to prevent fdupes from creating cross-partition hardlink
 rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf
+
+# remove info dir
 rm %{buildroot}%{_infodir}/dir
+
 # compat symlinks
 ln -sf gpg2 %{buildroot}%{_bindir}/gpg
 ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
 ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
+
 # fix rpmlint invalid-lc-messages-dir:
 rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
+
 # install scdaemon to %%{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
+
 # install tpm2daemon
 mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir}
+
 # install udev rules for scdaemon
 install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 
+# Move the systemd user units to appropriate directory
+install -d -m 755 %{buildroot}%{_userunitdir}
+mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_userunitdir}
+
 %find_lang gnupg2
 %fdupes -s %{buildroot}
 
 %check
 # Run only localy, fails in OBS
-#%%if ! 0%%{?qemu_user_space_build}
-#make %%{?_smp_mflags} check
-#%%endif
+%if ! 0%{?qemu_user_space_build}
+%make_build -j1 check || :
+%endif
 
 %post
 %udev_rules_update
@@ -166,12 +183,11 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 %files lang -f gnupg2.lang
 
 %files
+%license COPYING*
+%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ README
 %{_infodir}/gnupg*
 %exclude %{_mandir}/*/dirmngr*%{ext_man}
 %{_mandir}/*/*%{ext_man}
-%license COPYING*
-%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
-%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %doc %{_docdir}/%{name}
 %exclude %{_bindir}/dirmngr*
 %exclude %{_bindir}/tpm2daemon*
@@ -184,12 +200,15 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 %{_datadir}/gnupg
 %dir %{_sysconfdir}/gnupg
 %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
+%{_userunitdir}/gpg-agent*
+# This exclude is needed for i586 and armv7l
+%exclude %{_userunitdir}/dirmngr.*
 
 %files -n dirmngr
 %license COPYING*
 %{_mandir}/*/dirmngr*%{ext_man}
-%{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %{_bindir}/dirmngr*
+%{_userunitdir}/dirmngr.*
 
 %files tpm
 %{_bindir}/tpm2daemon*