From fb0ed03b152d6a21034935b2440c61fd1dbbe21e280773431c55b85be0b80e45 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Mon, 25 Sep 2023 10:24:20 +0000 Subject: [PATCH] Accepting request 1112814 from home:pmonrealgonzalez:branches:Base:System - Install the systemd user units in the _userunitdir [bsc#1201564] * Note that, there is no activation by default. - Temporarily revert back to the pre-2.4 default for key generation. The new rfc4880bis has been set as the default in 2.4 version and might create incompatible keys. Note that, rfc4880bis can still be used with the option flag --rfc4880bis as in previous versions. * More info in the gnupg-devel ML: https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 * Add gnupg-revert-rfc4880bis.patch - Allow 8192 bit RSA keys in keygen UI when large_rsa is set * Add gnupg-allow-large-rsa.patch - Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 * The original patch has been modified to expand the changes also to the tests/gpgme/Makefile.in file. * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - Updated to require libgpg-error-devel >= 1.46 - Rebased patches: * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-add_legacy_FIPS_mode_option.patch - GnuPG 2.4.0: * common: Fix translations in --help for gpgrt < 1.47. * gpg: Do not continue the export after a cancel for the primary key. * gpg: Replace use of PRIu64 in log_debug. * Update NEWS for 2.4.0. * tests: Fix make check with GPGME. OBS-URL: https://build.opensuse.org/request/show/1112814 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=289 --- gnupg-2.3.8.tar.bz2 | 3 - gnupg-2.3.8.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.4.0.tar.bz2 | 3 + gnupg-2.4.0.tar.bz2.sig | Bin 0 -> 238 bytes gnupg-add_legacy_FIPS_mode_option.patch | 20 +- ...viously-known-keys-even-without-UIDs.patch | 23 +- gnupg-allow-large-rsa.patch | 13 ++ gnupg-revert-rfc4880bis.patch | 202 ++++++++++++++++++ ...ests-gpgme-for-in-source-tree-builds.patch | 168 +++++++++++++++ gpg2.changes | 120 +++++++++++ gpg2.spec | 43 ++-- 11 files changed, 558 insertions(+), 37 deletions(-) delete mode 100644 gnupg-2.3.8.tar.bz2 delete mode 100644 gnupg-2.3.8.tar.bz2.sig create mode 100644 gnupg-2.4.0.tar.bz2 create mode 100644 gnupg-2.4.0.tar.bz2.sig create mode 100644 gnupg-allow-large-rsa.patch create mode 100644 gnupg-revert-rfc4880bis.patch create mode 100644 gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch diff --git a/gnupg-2.3.8.tar.bz2 b/gnupg-2.3.8.tar.bz2 deleted file mode 100644 index ab87c26..0000000 --- a/gnupg-2.3.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed -size 7644926 diff --git a/gnupg-2.3.8.tar.bz2.sig b/gnupg-2.3.8.tar.bz2.sig deleted file mode 100644 index cf362c596cfba1af7147ffbb690b7138f5abc05793f0f1820b62731a3dd04f61..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0$sX398MrtFU?TsXGcw$g zHrzS){lqH|j=sC^{zz)=GUgxqE<9fODU`Fi`QR(vH4OjL+3kNhsW=q1xCSl0)sZW8 VL0x~5P~&++&U?QfUNkLa0RYLSGll>F diff --git a/gnupg-2.4.0.tar.bz2 b/gnupg-2.4.0.tar.bz2 new file mode 100644 index 0000000..0389e0d --- /dev/null +++ b/gnupg-2.4.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483 +size 7666935 diff --git a/gnupg-2.4.0.tar.bz2.sig b/gnupg-2.4.0.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..d9d3aeb7b1ef62d20ab58e6d36afb3be5d5b6f1c7f45491e07a56a2f80030d2d GIT binary patch literal 238 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0$#YiTVBq2ufQhiVGcqjC zlM4U$+1o?O*Su-k@n!eBqd)Dvth2gx>-wn5i(BLE82)Fp_}}43=C)%fU2`K$EX_mt zU9!o_0^P_ze%IvZt8jC4Ago=}Cm8+RPPf=fXsy>TpS$@)+w#{AvM+c547X&H literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 5bb103e..e3c7cf8 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.3.5/doc/gpg.texi +Index: gnupg-2.4.0/doc/gpg.texi =================================================================== ---- gnupg-2.3.5.orig/doc/gpg.texi -+++ gnupg-2.3.5/doc/gpg.texi -@@ -2197,6 +2197,24 @@ implies, this option is for experts only +--- gnupg-2.4.0.orig/doc/gpg.texi ++++ gnupg-2.4.0/doc/gpg.texi +@@ -2218,6 +2218,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.3.5/doc/gpg.texi @end table -Index: gnupg-2.3.5/g10/gpg.c +Index: gnupg-2.4.0/g10/gpg.c =================================================================== ---- gnupg-2.3.5.orig/g10/gpg.c -+++ gnupg-2.3.5/g10/gpg.c +--- gnupg-2.4.0.orig/g10/gpg.c ++++ gnupg-2.4.0/g10/gpg.c @@ -443,6 +443,7 @@ enum cmd_and_opt_values oForceSignKey, oForbidGenKey, oRequireCompliance, + oSetLegacyFips, + oCompatibilityFlags, oNoop - }; -@@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = { +@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.3.5/g10/gpg.c ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3737,6 +3739,14 @@ main (int argc, char **argv) +@@ -3711,6 +3714,14 @@ main (int argc, char **argv) opt.flags.require_compliance = 1; break; diff --git a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch index bf5711b..649e0d8 100644 --- a/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +++ b/gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch @@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.3.0/g10/import.c +Index: gnupg-2.4.0/g10/import.c =================================================================== ---- gnupg-2.3.0.orig/g10/import.c -+++ gnupg-2.3.0/g10/import.c -@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.4.0.orig/g10/import.c ++++ gnupg-2.4.0/g10/import.c +@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,7 +29,7 @@ Index: gnupg-2.3.0/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, +@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -44,13 +44,12 @@ Index: gnupg-2.3.0/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, - xfree(user); +@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, } } -- + - /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) - { - if (!silent) - { @@ -64,11 +63,11 @@ Index: gnupg-2.3.0/g10/import.c + /* Delete invalid parts, and note if we have any valid ones left. + * We will later abort import if this key is new but contains + * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options); ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, +@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -93,7 +92,7 @@ Index: gnupg-2.3.0/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, +@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-allow-large-rsa.patch b/gnupg-allow-large-rsa.patch new file mode 100644 index 0000000..b2ebc1e --- /dev/null +++ b/gnupg-allow-large-rsa.patch @@ -0,0 +1,13 @@ +Index: gnupg-2.4.0/g10/keygen.c +=================================================================== +--- gnupg-2.4.0.orig/g10/keygen.c ++++ gnupg-2.4.0/g10/keygen.c +@@ -2461,7 +2461,7 @@ get_keysize_range (int algo, unsigned in + + default: + *min = opt.compliance == CO_DE_VS ? 2048: 1024; +- *max = 4096; ++ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; + def = 3072; + break; + } diff --git a/gnupg-revert-rfc4880bis.patch b/gnupg-revert-rfc4880bis.patch new file mode 100644 index 0000000..4d70894 --- /dev/null +++ b/gnupg-revert-rfc4880bis.patch @@ -0,0 +1,202 @@ +From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 31 Oct 2022 16:14:18 +0100 +Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg + +* g10/gpg.c (oRFC4880bis): Remove. +(opts): Make --rfc4880bis a Noop. +(compliance_options): Make rfc4880bis to gnupg. +(set_compliance_option): Remove rfc4880bis stuff. +(main): Ditto. Note that this now activates the --mimemode option. +* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection. +(keygen_upd_std_prefs): Always announce support for v5 keys. +(read_parameter_file): Activate the v4 and v5 keywords. +-- + +Index: gnupg-2.4.0/g10/gpg.c +=================================================================== +--- gnupg-2.4.0.orig/g10/gpg.c ++++ gnupg-2.4.0/g10/gpg.c +@@ -246,6 +246,7 @@ enum cmd_and_opt_values + oGnuPG, + oRFC2440, + oRFC4880, ++ oRFC4880bis, + oOpenPGP, + oPGP7, + oPGP8, +@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), + ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), + ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), ++ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"), + ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), + ARGPARSE_s_n (oPGP7, "pgp6", "@"), + ARGPARSE_s_n (oPGP7, "pgp7", "@"), +@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), + ARGPARSE_s_s (oNoop, "aead-algo", "@"), + ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), +- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + + + ARGPARSE_group (302, N_( +@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co + { + { "gnupg", oGnuPG }, + { "openpgp", oOpenPGP }, +- { "rfc4880bis", oGnuPG }, ++ { "rfc4880bis", oRFC4880bis }, + { "rfc4880", oRFC4880 }, + { "rfc2440", oRFC2440 }, + { "pgp6", oPGP7 }, +@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co + static void + set_compliance_option (enum cmd_and_opt_values option) + { ++ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */ ++ + switch (option) + { ++ case oRFC4880bis: ++ opt.flags.rfc4880bis = 1; ++ opt.compliance = CO_RFC4880; ++ opt.flags.dsa2 = 1; ++ opt.flags.require_cross_cert = 1; ++ opt.rfc2440_text = 0; ++ opt.allow_non_selfsigned_uid = 1; ++ opt.allow_freeform_uid = 1; ++ opt.escape_from = 1; ++ opt.not_dash_escaped = 0; ++ opt.def_cipher_algo = 0; ++ opt.def_digest_algo = 0; ++ opt.cert_digest_algo = 0; ++ opt.compress_algo = -1; ++ opt.s2k_mode = 3; /* iterated+salted */ ++ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; ++ opt.s2k_cipher_algo = CIPHER_ALGO_AES256; ++ break; + case oOpenPGP: + case oRFC4880: + /* This is effectively the same as RFC2440, but with +@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_ + case oPGP8: opt.compliance = CO_PGP8; break; + case oGnuPG: + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + break; + + case oDE_VS: +@@ -2470,6 +2492,7 @@ main (int argc, char **argv) + opt.emit_version = 0; + opt.weak_digests = NULL; + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + + /* Check special options given on the command line. */ + orig_argc = argc; +@@ -3008,6 +3031,7 @@ main (int argc, char **argv) + case oOpenPGP: + case oRFC2440: + case oRFC4880: ++ case oRFC4880bis: + case oPGP7: + case oPGP8: + case oGnuPG: +@@ -3832,6 +3856,11 @@ main (int argc, char **argv) + if( may_coredump && !opt.quiet ) + log_info(_("WARNING: program may create a core file!\n")); + ++ if (!opt.flags.rfc4880bis) ++ { ++ opt.mimemode = 0; /* This will use text mode instead. */ ++ } ++ + if (eyes_only) { + if (opt.set_filename) + log_info(_("WARNING: %s overrides %s\n"), +@@ -4057,7 +4086,7 @@ main (int argc, char **argv) + /* Check our chosen algorithms against the list of legal + algorithms. */ + +- if(!GNUPG) ++ if(!GNUPG && !opt.flags.rfc4880bis) + { + const char *badalg=NULL; + preftype_t badtype=PREFTYPE_NONE; +Index: gnupg-2.4.0/g10/keygen.c +=================================================================== +--- gnupg-2.4.0.orig/g10/keygen.c ++++ gnupg-2.4.0/g10/keygen.c +@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string + strcat(dummy_string,"S7 "); + strcat(dummy_string,"S2 "); /* 3DES */ + +- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) ++ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) + strcat(dummy_string,"A2 "); + + if (personal) +@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig + /* Make sure that the MDC feature flag is set if needed. */ + add_feature_mdc (sig,mdc_available); + add_feature_aead (sig, aead_available); +- add_feature_v5 (sig, 1); ++ add_feature_v5 (sig, opt.flags.rfc4880bis); + add_keyserver_modify (sig,ks_modify); + keygen_add_keyserver_url(sig,NULL); + +@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl, + } + } + else if (!ascii_strcasecmp (s, "v5")) +- keyversion = 5; ++ { ++ if (opt.flags.rfc4880bis) ++ keyversion = 5; ++ } + else if (!ascii_strcasecmp (s, "v4")) + keyversion = 4; + else +@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl, + * ecdsa := Use algorithm ECDSA. + * eddsa := Use algorithm EdDSA. + * ecdh := Use algorithm ECDH. +- * v5 := Create version 5 key ++ * v5 := Create version 5 key (requires option --rfc4880bis) + * + * There are several defaults and fallbacks depending on the + * algorithm. PART can be used to select which part of STRING is +@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const + } + } + +- if ((keywords[i].key == pVERSION +- || keywords[i].key == pSUBVERSION)) +- ; /* Ignore version. */ ++ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION ++ || keywords[i].key == pSUBVERSION)) ++ ; /* Ignore version unless --rfc4880bis is active. */ + else + { + r = xmalloc_clear( sizeof *r + strlen( value ) ); +@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p + para = r; + } + +- r = xmalloc_clear (sizeof *r + 20); +- r->key = for_subkey? pSUBVERSION : pVERSION; +- snprintf (r->u.value, 20, "%d", version); +- r->next = para; +- para = r; ++ if (opt.flags.rfc4880bis) ++ { ++ r = xmalloc_clear (sizeof *r + 20); ++ r->key = for_subkey? pSUBVERSION : pVERSION; ++ snprintf (r->u.value, 20, "%d", version); ++ r->next = para; ++ para = r; ++ } + + if (keytime) + { diff --git a/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch b/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch new file mode 100644 index 0000000..41a084f --- /dev/null +++ b/gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch @@ -0,0 +1,168 @@ +From e89d57a2cb10bd04d266165015f159be2ab48984 Mon Sep 17 00:00:00 2001 +From: NIIBE Yutaka +Date: Wed, 21 Dec 2022 10:52:24 +0900 +Subject: tests: Fix tests/gpgme for in-source-tree builds. + +* tests/gpgme/Makefile.am: Don't use setup.scm/ dir. +* tests/gpgme/Makefile.in: Don't use setup.scm/ dir. +* tests/gpgme/all-tests.scm: Fix the name of the environment. + +-- + +GnuPG-bug-id: 6313 +Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d +Signed-off-by: NIIBE Yutaka + +Index: gnupg-2.4.0/tests/gpgme/Makefile.am +=================================================================== +--- gnupg-2.4.0.orig/tests/gpgme/Makefile.am ++++ gnupg-2.4.0/tests/gpgme/Makefile.am +@@ -47,8 +47,7 @@ check: xcheck + + .PHONY: xcheck + xcheck: +- @$(MKDIR_P) setup.scm/tests \ +- tests/gpg lang/qt/tests lang/python/tests ++ @$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests + $(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \ + $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS) + +@@ -61,4 +60,4 @@ CLEANFILES = *.log report.xml + all-local: $(required_pgms) + + clean-local: +- -rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests ++ -rm -rf tests lang +Index: gnupg-2.4.0/tests/gpgme/Makefile.in +=================================================================== +--- gnupg-2.4.0.orig/tests/gpgme/Makefile.in ++++ gnupg-2.4.0/tests/gpgme/Makefile.in +@@ -614,8 +614,7 @@ check: xcheck + + .PHONY: xcheck + xcheck: +- @$(MKDIR_P) setup.scm/tests \ +- tests/gpg lang/qt/tests lang/python/tests ++ @$(MKDIR_P) tests/gpg lang/qt/tests lang/python/tests + $(TESTS_ENVIRONMENT) $(abs_top_builddir)/tests/gpgscm/gpgscm$(EXEEXT) \ + $(abs_srcdir)/run-tests.scm $(TESTFLAGS) $(TESTS) + +@@ -624,7 +623,7 @@ xcheck: + all-local: $(required_pgms) + + clean-local: +- -rm -rf setup.scm/tests tests/gpg lang/qt/tests lang/python/tests ++ -rm -rf tests lang + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. +Index: gnupg-2.4.0/tests/gpgme/all-tests.scm +=================================================================== +--- gnupg-2.4.0.orig/tests/gpgme/all-tests.scm ++++ gnupg-2.4.0/tests/gpgme/all-tests.scm +@@ -41,7 +41,7 @@ + (test::scm + #f + #f +- (path-join "tests" "gpgme" "setup.scm" "tests" "gpg") ++ (path-join "tests" "gpgme" "tests" "gpg") + (in-srcdir "tests" "gpgme" "setup.scm") + "--" "tests" "gpg"))) + (define setup-py +@@ -49,7 +49,7 @@ + (test::scm + #f + #f +- (path-join "tests" "gpgme" "setup.scm" "lang" "python" "tests") ++ (path-join "tests" "gpgme" "lang" "python" "tests") + (in-srcdir "tests" "gpgme" "setup.scm") + "--" "lang" "python" "tests"))) + +From 658daae34aa3b2b40e6473d44d41abcf175f1ab2 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Tue, 21 Mar 2023 09:15:20 +0100 +Subject: [PATCH 0787/1000] doc: Suggest the use of out-of-source builds. + +-- + +GnuPG-bug-id: 6313 + +diff --git a/INSTALL b/INSTALL +index 5458714e1..9e9642898 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -42,10 +42,12 @@ may remove or edit it. + you want to change it or regenerate `configure' using a newer version + of `autoconf'. + +-The simplest way to compile this package is: ++The suggested way to compile this package is: + +- 1. `cd' to the directory containing the package's source code and type +- `./configure' to configure the package for your system. ++ 1. `cd' to the directory containing the package's source code and ++ create a new directory named `build'. Then `cd' to that ++ directory and type `../configure' to configure the package for ++ your system. + + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. +@@ -58,14 +60,17 @@ The simplest way to compile this package is: + 4. Type `make install' to install the programs and any data files and + documentation. + +- 5. You can remove the program binaries and object files from the +- source code directory by typing `make clean'. To also remove the +- files that `configure' created (so you can compile the package for +- a different kind of computer), type `make distclean'. There is +- also a `make maintainer-clean' target, but that is intended mainly +- for the package's developers. If you use it, you may have to get +- all sorts of other programs in order to regenerate files that came +- with the distribution. ++ 5. You can remove the program binaries and object files by deleting ++ all files from the `build' directory. In case you did not used a ++ dedicated build directory but build the software directly in the ++ source tree, you can remove the program binaries and object files ++ from the source code directory by typing `make clean'. To also ++ remove the files that `configure' created (so you can compile the ++ package for a different kind of computer), type `make distclean'. ++ There is also a `make maintainer-clean' target, but that is ++ intended mainly for the package's developers. If you use it, you ++ may have to get all sorts of other programs in order to ++ regenerate files that came with the distribution. + + Compilers and Options + ===================== +@@ -231,4 +236,3 @@ an Autoconf bug. Until the bug is fixed you can use this workaround: + + `configure' also accepts some other, not widely useful, options. Run + `configure --help' for more details. +- +diff --git a/README b/README +index 42eed238f..b9bf7805e 100644 +--- a/README ++++ b/README +@@ -53,7 +53,9 @@ + + As with all packages, you just have to do + +- ./configure ++ mkdir build ++ cd build ++ ../configure + make + make check + make install +@@ -81,7 +83,8 @@ + To quickly build all required software without installing it, the + Speedo method may be used: + +- make -f build-aux/speedo.mk native ++ cd build ++ make -f ../build-aux/speedo.mk native + + This method downloads all required libraries and does a native build + of GnuPG to PLAY/inst/. GNU make is required and you need to set +-- +2.42.0 + diff --git a/gpg2.changes b/gpg2.changes index da1913e..ae5ee0c 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,123 @@ +------------------------------------------------------------------- +Thu Sep 21 07:36:32 UTC 2023 - Pedro Monreal + +- Install the systemd user units in the _userunitdir [bsc#1201564] + * Note that, there is no activation by default. + +------------------------------------------------------------------- +Fri Mar 10 09:03:00 UTC 2023 - Pedro Monreal + +- Temporarily revert back to the pre-2.4 default for key generation. + The new rfc4880bis has been set as the default in 2.4 version and + might create incompatible keys. Note that, rfc4880bis can still + be used with the option flag --rfc4880bis as in previous versions. + * More info in the gnupg-devel ML: + https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html + * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 + * Add gnupg-revert-rfc4880bis.patch + +------------------------------------------------------------------- +Fri Mar 10 08:42:02 UTC 2023 - Pedro Monreal + +- Allow 8192 bit RSA keys in keygen UI when large_rsa is set + * Add gnupg-allow-large-rsa.patch + +------------------------------------------------------------------- +Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal + +- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 + * The original patch has been modified to expand the changes + also to the tests/gpgme/Makefile.in file. + * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch + +------------------------------------------------------------------- +Tue Dec 20 16:01:05 UTC 2022 - David Anes + +- Updated to require libgpg-error-devel >= 1.46 + +- Rebased patches: + * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + * gnupg-add_legacy_FIPS_mode_option.patch + +- GnuPG 2.4.0: + * common: Fix translations in --help for gpgrt < 1.47. + * gpg: Do not continue the export after a cancel for the primary key. + * gpg: Replace use of PRIu64 in log_debug. + * Update NEWS for 2.4.0. + * tests: Fix make check with GPGME. + * agent: Allow arguments to "scd serialno" in restricted mode. + * scd:p15: Skip deleted records. + * build: Remove Windows CE support. + * wkd: Do not send/install/mirror expired user ids. + * gpgsm: Print the revocation time also with --verify. + * gpgsm: Fix "problem re-searching certificate" case. + * gpgsm: Print revocation date and reason in cert listings. + * gpgsm: Silence the "non-critical certificate policy not allowed". + * gpgsm: Always use the chain model if the root-CA requests this. + * gpg: New export option "mode1003". + * gpg: Remove a mostly duplicated function. + * tests: Simplify fake-pinentry to use the option only. + * tests: Fix fake-pinentry for Windows. + * tests: Fix make check-all. + * agent: Fix import of protected v5 keys. + * gpgsm: Change default algo to AES-256. + * tests: Put a workaround for semihosted environment. + * tests: More fix for semihosted environment. + * tests: Support semihosted environment. + * tests: Fix tests under cms. + * tests,w32: Fix for semihosted environment. + * w32: Fix for tests on semihosted environment. + * w32: Fix gnupg_unsetenv. + * wkd: New option --add-revocs and some fixes. + * wkd: Make use of --debug extprog. + * gpg: New export-filter export-revocs. + * gpg: Fix double-free in gpg --card-edit. + * gpg: Make --require-compliance work with out --status-fd. + * gpg: New option --list-filter. + * dirmngr: Silence ocsp debug output. + * tests: Fix to support --enable-all-tests and variants. + * tests:w32: Fix for non-dot file name for Windows. + * tests:gpgscm:w32: Fix for GetTempPath. + * tests: Keep .log files in objdir. + * tests: Use 233 for invalid value of FD. + * w32: Fix gnupg_tmpfile for possible failure. + * scd: Redact --debug cardio output of a VERIFY APDU. + * common: Remove Windows CE support in common. + * gpgsm: Fix colon outout of ECC encryption certificates. + * scd:nks: Fix ECC signing if key not given by keygrip. + * dirmngr: Fix verification of ECDSA signed CRLs. + * agent: Allow trustlist on Windows in Unicode homedirs. + * gpg: Fix verification of cleartext signatures with overlong lines. + * gpg: Move w32_system function. + * gpg: New option --quick-update-pref. + * gpg: New list-options show-pref and show-pref-verbose. + * tests: Add tests to check that OCB is only used for capable keys. + * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. + * tests: Add symmetric decryption tests. + * tests: Add tr:assert-same function. + * agent: Avoid blanks in the ssh key's comment. + * build: Update m4 files. + * gpg: Merge --rfc4880bis features into --gnupg. + * gpg: Allow only OCB for AEAD encryption. + * gpg: New option --compatibility-flags. + * gpgsm: Also announce AES256-CBC in signatures. + * gpg: Fix trusted introducer for user-ids with only the mbox. + * gpg: Import stray revocation certificates. + * agent: Automatically convert to extended key format by KEYATTR. + * card: New commands "gpg" and "gpgsm". + * card: Also show fingerprints of known X.509 certificates. + * scd:nks: Support non-ESIGN signing with the Signature Card v2. + * gpgsm: Allow ECC encryption keys with just keyAgreement specified. + * gpgsm: Use macro constants for cert_usage_p. + * build: Update gpg-error.m4. + * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. + * gpg: Move NETLIBS after GPG_ERROR_LIBS. + * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. + * common,w32: Fix struct stat on Windows. + * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. + * common: Don't use FD2INT for POSIX-only code. + * dirmngr: Fix build with no LDAP support. + ------------------------------------------------------------------- Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal diff --git a/gpg2.spec b/gpg2.spec index 87c0390..c5a1441 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.8 +Version: 2.4.0 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -39,14 +39,20 @@ Patch7: gnupg-2.2.16-secmem.patch Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set +Patch11: gnupg-allow-large-rsa.patch +#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation +Patch12: gnupg-revert-rfc4880bis.patch +#PATCH-FIX-UPSTREAM Fix tests/gpgme for in-source-tree builds +Patch13: gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: ibmswtpm2 BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.41 -BuildRequires: libksba-devel >= 1.3.4 +BuildRequires: libgpg-error-devel >= 1.46 +BuildRequires: libksba-devel >= 1.6.3 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -131,34 +137,45 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %install %make_install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ -# bnc#391347 +# install gpgconf.conf bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg # delete to prevent fdupes from creating cross-partition hardlink rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf + +# remove info dir rm %{buildroot}%{_infodir}/dir + # compat symlinks ln -sf gpg2 %{buildroot}%{_bindir}/gpg ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 + # fix rpmlint invalid-lc-messages-dir: rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot + # install scdaemon to %%{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} + # install tpm2daemon mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir} + # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules +# Move the systemd user units to appropriate directory +install -d -m 755 %{buildroot}%{_userunitdir} +mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_userunitdir} + %find_lang gnupg2 %fdupes -s %{buildroot} %check # Run only localy, fails in OBS -#%%if ! 0%%{?qemu_user_space_build} -#make %%{?_smp_mflags} check -#%%endif +%if ! 0%{?qemu_user_space_build} +%make_build -j1 check || : +%endif %post %udev_rules_update @@ -166,12 +183,11 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %files lang -f gnupg2.lang %files +%license COPYING* +%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ README %{_infodir}/gnupg* %exclude %{_mandir}/*/dirmngr*%{ext_man} %{_mandir}/*/*%{ext_man} -%license COPYING* -%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ -%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.* %doc %{_docdir}/%{name} %exclude %{_bindir}/dirmngr* %exclude %{_bindir}/tpm2daemon* @@ -184,12 +200,15 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules %{_datadir}/gnupg %dir %{_sysconfdir}/gnupg %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf +%{_userunitdir}/gpg-agent* +# This exclude is needed for i586 and armv7l +%exclude %{_userunitdir}/dirmngr.* %files -n dirmngr %license COPYING* %{_mandir}/*/dirmngr*%{ext_man} -%{_docdir}/%{name}/examples/systemd-user/dirmngr.* %{_bindir}/dirmngr* +%{_userunitdir}/dirmngr.* %files tpm %{_bindir}/tpm2daemon*