diff --git a/gnupg-2.0.4-install_tools.diff b/gnupg-2.0.4-install_tools.diff deleted file mode 100644 index 05f0031..0000000 --- a/gnupg-2.0.4-install_tools.diff +++ /dev/null @@ -1,33 +0,0 @@ -Index: tools/Makefile.am -=================================================================== ---- tools/Makefile.am.orig -+++ tools/Makefile.am -@@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde - - bin_SCRIPTS = gpgsm-gencert.sh - if HAVE_USTAR --# bin_SCRIPTS += gpg-zip --noinst_SCRIPTS = gpg-zip -+bin_SCRIPTS += gpg-zip -+#noinst_SCRIPTS = gpg-zip - endif - - if BUILD_SYMCRYPTRUN -@@ -55,7 +55,7 @@ endif - # Fixme: We should remove the gpgkey2ssh tool. - bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} - if !HAVE_W32_SYSTEM --bin_PROGRAMS += watchgnupg gpgparsemail -+bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit - endif - if !HAVE_W32CE_SYSTEM - bin_PROGRAMS += gpgkey2ssh ${gpgtar} -@@ -66,7 +66,7 @@ libexec_PROGRAMS = gpg-check-pattern - endif - - if !HAVE_W32CE_SYSTEM --noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert gpgsplit -+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert - endif - - common_libs = $(libcommon) diff --git a/gnupg-large_keys.patch b/gnupg-large_keys.patch deleted file mode 100644 index 097b4c2..0000000 --- a/gnupg-large_keys.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Lorenz Hüdepohl -Date: 2014-11-27 17:01:07 +0000 -Subject: Continue to support existing large RSA keys -References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 -Upstream: no - -For RSA keys up to probably 8192 bits it seems to be enough to call -configure with the additional options - - --enable-large-secmem - --enable-large-rsa - -However, there are existing keys out there that are even larger. - -Werner Koch thinks that it is silly to use keys that are this large. He -is probably even right with this, which is why this patch still does not -allow to create new keys larger than the set maximum (4096/8192 -depending on whether enable-large-rsa is set in gpg.conf). - -I still want to continue to use my existing 10k bits key, though. - ---- -diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c ---- gnupg-2.1.0.org/agent/command.c 2014-11-04 17:10:44.000000000 +0200 -+++ gnupg-2.1.0/agent/command.c 2014-11-26 18:04:11.548271074 +0200 -@@ -47,7 +47,7 @@ - /* Maximum allowed size of the key parameters. */ - #define MAXLEN_KEYPARAM 1024 - /* Maximum allowed size of key data as used in inquiries (bytes). */ --#define MAXLEN_KEYDATA 4096 -+#define MAXLEN_KEYDATA 8192 - /* The size of the import/export KEK key (in bytes). */ - #define KEYWRAP_KEYSIZE (128/8) - -diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac ---- gnupg-2.1.0.org/configure.ac 2014-11-04 17:09:28.000000000 +0200 -+++ gnupg-2.1.0/configure.ac 2014-11-17 19:40:28.632527090 +0200 -@@ -230,7 +230,7 @@ - large_secmem=$enableval, large_secmem=no) - AC_MSG_RESULT($large_secmem) - if test "$large_secmem" = yes ; then -- SECMEM_BUFFER_SIZE=65536 -+ SECMEM_BUFFER_SIZE=262144 - else - SECMEM_BUFFER_SIZE=32768 - fi diff --git a/gnupg-remove_development_version_warning.patch b/gnupg-remove_development_version_warning.patch deleted file mode 100644 index b265147..0000000 --- a/gnupg-remove_development_version_warning.patch +++ /dev/null @@ -1,15 +0,0 @@ -Index: gnupg-2.1.0/autogen.sh -=================================================================== ---- gnupg-2.1.0.orig/autogen.sh 2014-11-05 09:04:41.000000000 +0100 -+++ gnupg-2.1.0/autogen.sh 2014-11-11 17:46:57.154859332 +0100 -@@ -228,8 +228,8 @@ if [ "$myhost" = "find-version" ]; then - rvd=$((0x$(echo ${rev} | head -c 4))) - else - ingit=no -- beta=yes -- tmp="-unknown" -+ beta=no -+ tmp="" - rev="0000000" - rvd="0" - fi diff --git a/gpg2.changes b/gpg2.changes index 0958884..7a430c2 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Mar 19 15:56:12 UTC 2015 - astieger@suse.com + +- Ensure secure memory can be used with default 64k memlock limit + Fixes [boo#915931], removes gnupg-large_keys.patch +- Removed gnupg-remove_development_version_warning.patch, obsolete +- Removed gnupg-2.0.4-install_tools.diff, replaced by spec install +- Removed autoconf requirement and autoreconf calls thus obsoleted + ------------------------------------------------------------------- Tue Feb 24 08:10:22 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2736cb5..7a620eb 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -27,17 +27,13 @@ Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring -Patch2: gnupg-2.0.4-install_tools.diff Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.0.18-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-remove_development_version_warning.patch -Patch14: gnupg-large_keys.patch Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch -BuildRequires: automake >= 1.14 BuildRequires: expect BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 @@ -79,19 +75,15 @@ gpg-agent, and a keybox library. %prep %setup -q -n gnupg-%{version} -%patch2 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 -%patch14 -p1 %patch15 -p1 %build -autoreconf -fi # build PIEs (position independent executables) for address space randomisation: %ifarch s390x %{sparc} # s390x needs to use the large PIE model (at least for gpg.c): @@ -138,6 +130,10 @@ install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/% # install scdaemon to %{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} +# install legacy tools +install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} +install -m 755 tools/gpgsplit %{buildroot}/%{_bindir} + %find_lang gnupg2 %if 0%{?suse_version} > 1020 %fdupes %{buildroot}