Toshaan Bharvani
2 years ago
commit
6e7d506639
10 changed files with 2049 additions and 0 deletions
@ -0,0 +1,54 @@
@@ -0,0 +1,54 @@
|
||||
diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c |
||||
--- gnupg-2.1.1/g10/mainproc.c.fips 2015-01-29 17:19:49.266031504 +0100 |
||||
+++ gnupg-2.1.1/g10/mainproc.c 2015-01-29 17:27:13.938088122 +0100 |
||||
@@ -719,7 +719,8 @@ proc_plaintext( CTX c, PACKET *pkt ) |
||||
according to 2440, so hopefully it won't come up that often. |
||||
There is no good way to specify what algorithms to use in |
||||
that case, so these there are the historical answer. */ |
||||
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); |
||||
+ if (!gcry_fips_mode_active()) |
||||
+ gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); |
||||
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); |
||||
} |
||||
if (DBG_HASHING) |
||||
diff --git a/common/t-sexputil.c b/common/t-sexputil.c |
||||
index d75090c5b..be5eb2122 100644 |
||||
--- a/common/t-sexputil.c |
||||
+++ b/common/t-sexputil.c |
||||
@@ -291,36 +291,6 @@ test_ecc_uncompress (void) |
||||
const char *b; /* Compressed. */ |
||||
} |
||||
tests[] = { |
||||
- { |
||||
- "(public-key" |
||||
- " (ecc" |
||||
- " (curve brainpoolP256r1)" |
||||
- " (q #042ECD8679930BE2DB4AD42B8600BA3F80" |
||||
- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406" |
||||
- /* */"436DD11A1756AFE56CD93408410FCDA9" |
||||
- /* */"BA95024EB613BD481A14FCFEC27A448A#)))", |
||||
- /* The same in compressed form. */ |
||||
- "(public-key" |
||||
- " (ecc" |
||||
- " (curve brainpoolP256r1)" |
||||
- " (q #022ECD8679930BE2DB4AD42B8600BA3F80" |
||||
- /* */"2D4D539BFF2F69B83EC9B7BBAA7F3406#)))" |
||||
- }, |
||||
- { |
||||
- "(public-key" |
||||
- " (ecc" |
||||
- " (curve brainpoolP256r1)" |
||||
- " (q #045B784CA008EE64AB3D85017EE0D2BE87" |
||||
- /* */"558762C7300E0C8E06B1F9AF7C031458" |
||||
- /* */"9EBBA41915313417BA54218EB0569C59" |
||||
- /* */"0B156C76DBCAB6E84575E6EF68CE7B87#)))", |
||||
- /* The same in compressed form. */ |
||||
- "(public-key" |
||||
- " (ecc" |
||||
- " (curve brainpoolP256r1)" |
||||
- " (q #035B784CA008EE64AB3D85017EE0D2BE87" |
||||
- /* */"558762C7300E0C8E06B1F9AF7C031458#)))" |
||||
- }, |
||||
{ /* A key which does not require a conversion. */ |
||||
"(public-key" |
||||
" (ecdsa" |
@ -0,0 +1,33 @@
@@ -0,0 +1,33 @@
|
||||
diff -up gnupg-2.1.10/g10/gpg.c.secmem gnupg-2.1.10/g10/gpg.c |
||||
--- gnupg-2.1.10/g10/gpg.c.secmem 2015-12-04 10:53:27.000000000 +0100 |
||||
+++ gnupg-2.1.10/g10/gpg.c 2015-12-07 15:32:38.922812652 +0100 |
||||
@@ -889,7 +889,7 @@ make_libversion (const char *libname, co |
||||
|
||||
if (maybe_setuid) |
||||
{ |
||||
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ |
||||
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ |
||||
maybe_setuid = 0; |
||||
} |
||||
s = getfnc (NULL); |
||||
@@ -1041,7 +1041,7 @@ build_list (const char *text, char lette |
||||
char *string; |
||||
|
||||
if (maybe_setuid) |
||||
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ |
||||
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ |
||||
|
||||
indent = utf8_charcount (text, -1); |
||||
len = 0; |
||||
diff -up gnupg-2.1.10/sm/gpgsm.c.secmem gnupg-2.1.10/sm/gpgsm.c |
||||
--- gnupg-2.1.10/sm/gpgsm.c.secmem 2015-11-30 17:39:52.000000000 +0100 |
||||
+++ gnupg-2.1.10/sm/gpgsm.c 2015-12-07 15:31:17.226884207 +0100 |
||||
@@ -530,7 +530,7 @@ make_libversion (const char *libname, co |
||||
|
||||
if (maybe_setuid) |
||||
{ |
||||
- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ |
||||
+ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ |
||||
maybe_setuid = 0; |
||||
} |
||||
s = getfnc (NULL); |
@ -0,0 +1,32 @@
@@ -0,0 +1,32 @@
|
||||
From: Vincent Breitmoser <look@my.amazin.horse> |
||||
Date: Thu, 13 Jun 2019 21:27:43 +0200 |
||||
Subject: gpg: accept subkeys with a good revocation but no self-sig during |
||||
import |
||||
|
||||
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we |
||||
encounter a valid revocation signature. This allows import of subkey |
||||
revocation signatures, even in the absence of a corresponding subkey |
||||
binding signature. |
||||
|
||||
-- |
||||
|
||||
This fixes the remaining test in import-incomplete.scm. |
||||
|
||||
GnuPG-Bug-id: 4393 |
||||
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
||||
--- |
||||
g10/import.c | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/g10/import.c b/g10/import.c |
||||
index f9acf95..9217911 100644 |
||||
--- a/g10/import.c |
||||
+++ b/g10/import.c |
||||
@@ -3602,6 +3602,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) |
||||
/* It's valid, so is it newer? */ |
||||
if (sig->timestamp >= rsdate) |
||||
{ |
||||
+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ |
||||
if (rsnode) |
||||
{ |
||||
/* Delete the last revocation sig since |
@ -0,0 +1,107 @@
@@ -0,0 +1,107 @@
|
||||
From: Vincent Breitmoser <look@my.amazin.horse> |
||||
Date: Thu, 13 Jun 2019 21:27:42 +0200 |
||||
Subject: gpg: allow import of previously known keys, even without UIDs |
||||
|
||||
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that |
||||
has no user id, as long as we already have a local variant of the cert |
||||
that matches the primary key. |
||||
|
||||
-- |
||||
|
||||
This fixes two of the three broken tests in import-incomplete.scm. |
||||
|
||||
GnuPG-Bug-id: 4393 |
||||
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
||||
--- |
||||
g10/import.c | 44 +++++++++++--------------------------------- |
||||
1 file changed, 11 insertions(+), 33 deletions(-) |
||||
|
||||
diff --git a/g10/import.c b/g10/import.c |
||||
index 5d3162c..f9acf95 100644 |
||||
--- a/g10/import.c |
||||
+++ b/g10/import.c |
||||
@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl, |
||||
size_t an; |
||||
char pkstrbuf[PUBKEY_STRING_SIZE]; |
||||
int merge_keys_done = 0; |
||||
- int any_filter = 0; |
||||
KEYDB_HANDLE hd = NULL; |
||||
|
||||
if (r_valid) |
||||
@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl, |
||||
log_printf ("\n"); |
||||
} |
||||
|
||||
- |
||||
- if (!uidnode) |
||||
- { |
||||
- if (!silent) |
||||
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); |
||||
- return 0; |
||||
- } |
||||
- |
||||
if (screener && screener (keyblock, screener_arg)) |
||||
{ |
||||
log_error (_("key %s: %s\n"), keystr_from_pk (pk), |
||||
@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl, |
||||
} |
||||
} |
||||
|
||||
- /* Delete invalid parts and bail out if there are no user ids left. */ |
||||
- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) |
||||
- { |
||||
- if (!silent) |
||||
- { |
||||
- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); |
||||
- if (!opt.quiet) |
||||
- log_info(_("this may be caused by a missing self-signature\n")); |
||||
- } |
||||
- stats->no_user_id++; |
||||
- return 0; |
||||
- } |
||||
+ /* Delete invalid parts, and note if we have any valid ones left. |
||||
+ * We will later abort import if this key is new but contains |
||||
+ * no valid uids. */ |
||||
+ delete_inv_parts (ctrl, keyblock, keyid, options); |
||||
|
||||
/* Get rid of deleted nodes. */ |
||||
commit_kbnode (&keyblock); |
||||
@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl, |
||||
{ |
||||
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); |
||||
commit_kbnode (&keyblock); |
||||
- any_filter = 1; |
||||
} |
||||
if (import_filter.drop_sig) |
||||
{ |
||||
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); |
||||
commit_kbnode (&keyblock); |
||||
- any_filter = 1; |
||||
- } |
||||
- |
||||
- /* If we ran any filter we need to check that at least one user id |
||||
- * is left in the keyring. Note that we do not use log_error in |
||||
- * this case. */ |
||||
- if (any_filter && !any_uid_left (keyblock)) |
||||
- { |
||||
- if (!opt.quiet ) |
||||
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); |
||||
- stats->no_user_id++; |
||||
- return 0; |
||||
} |
||||
|
||||
/* The keyblock is valid and ready for real import. */ |
||||
@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl, |
||||
err = 0; |
||||
stats->skipped_new_keys++; |
||||
} |
||||
+ else if (err && !any_uid_left (keyblock)) |
||||
+ { |
||||
+ if (!silent) |
||||
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); |
||||
+ err = 0; |
||||
+ stats->no_user_id++; |
||||
+ } |
||||
else if (err) /* Insert this key. */ |
||||
{ |
||||
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ |
@ -0,0 +1,201 @@
@@ -0,0 +1,201 @@
|
||||
From: Vincent Breitmoser <look@my.amazin.horse> |
||||
Date: Thu, 13 Jun 2019 21:27:41 +0200 |
||||
Subject: tests: add test cases for import without uid |
||||
|
||||
This commit adds a test case that does the following, in order: |
||||
- Import of a primary key plus user id |
||||
- Check that import of a subkey works, without a user id present in the |
||||
imported key |
||||
- Check that import of a subkey revocation works, without a user id or |
||||
subkey binding signature present in the imported key |
||||
- Check that import of a primary key revocation works, without a user id |
||||
present in the imported key |
||||
|
||||
-- |
||||
|
||||
Note that this test currently fails. The following changesets will |
||||
fix gpg so that the tests pass. |
||||
|
||||
GnuPG-Bug-id: 4393 |
||||
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
||||
--- |
||||
tests/openpgp/Makefile.am | 1 + |
||||
tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ |
||||
.../import-incomplete/primary+revocation.asc | 9 +++ |
||||
.../primary+subkey+sub-revocation.asc | 10 ++++ |
||||
.../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ |
||||
.../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ |
||||
tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ |
||||
7 files changed, 118 insertions(+) |
||||
create mode 100755 tests/openpgp/import-incomplete.scm |
||||
create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc |
||||
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc |
||||
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc |
||||
create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc |
||||
create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc |
||||
|
||||
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am |
||||
index f6014c9..6423da1 100644 |
||||
--- a/tests/openpgp/Makefile.am |
||||
+++ b/tests/openpgp/Makefile.am |
||||
@@ -78,6 +78,7 @@ XTESTS = \ |
||||
gpgv-forged-keyring.scm \ |
||||
armor.scm \ |
||||
import.scm \ |
||||
+ import-incomplete.scm \ |
||||
import-revocation-certificate.scm \ |
||||
ecc.scm \ |
||||
4gb-packet.scm \ |
||||
diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm |
||||
new file mode 100755 |
||||
index 0000000..727a027 |
||||
--- /dev/null |
||||
+++ b/tests/openpgp/import-incomplete.scm |
||||
@@ -0,0 +1,68 @@ |
||||
+#!/usr/bin/env gpgscm |
||||
+ |
||||
+;; Copyright (C) 2016 g10 Code GmbH |
||||
+;; |
||||
+;; This file is part of GnuPG. |
||||
+;; |
||||
+;; GnuPG is free software; you can redistribute it and/or modify |
||||
+;; it under the terms of the GNU General Public License as published by |
||||
+;; the Free Software Foundation; either version 3 of the License, or |
||||
+;; (at your option) any later version. |
||||
+;; |
||||
+;; GnuPG is distributed in the hope that it will be useful, |
||||
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
+;; GNU General Public License for more details. |
||||
+;; |
||||
+;; You should have received a copy of the GNU General Public License |
||||
+;; along with this program; if not, see <http://www.gnu.org/licenses/>. |
||||
+ |
||||
+(load (in-srcdir "tests" "openpgp" "defs.scm")) |
||||
+(setup-environment) |
||||
+ |
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) |
||||
+ |
||||
+(info "Test import of new subkey, from a certificate without uid") |
||||
+(define keyid "573EA710367356BB") |
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) |
||||
+(tr:do |
||||
+ (tr:pipe-do |
||||
+ (pipe:gpg `(--list-keys --with-colons ,keyid))) |
||||
+ (tr:call-with-content |
||||
+ (lambda (c) |
||||
+ ;; XXX we do not have a regexp library |
||||
+ (unless (any (lambda (line) |
||||
+ (and (string-prefix? line "sub:") |
||||
+ (string-contains? line "573EA710367356BB"))) |
||||
+ (string-split-newlines c)) |
||||
+ (exit 1))))) |
||||
+ |
||||
+(info "Test import of a subkey revocation, from a certificate without uid") |
||||
+(define keyid "573EA710367356BB") |
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) |
||||
+(tr:do |
||||
+ (tr:pipe-do |
||||
+ (pipe:gpg `(--list-keys --with-colons ,keyid))) |
||||
+ (tr:call-with-content |
||||
+ (lambda (c) |
||||
+ ;; XXX we do not have a regexp library |
||||
+ (unless (any (lambda (line) |
||||
+ (and (string-prefix? line "sub:r:") |
||||
+ (string-contains? line "573EA710367356BB"))) |
||||
+ (string-split-newlines c)) |
||||
+ (exit 1))))) |
||||
+ |
||||
+(info "Test import of revocation, from a certificate without uid") |
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) |
||||
+(tr:do |
||||
+ (tr:pipe-do |
||||
+ (pipe:gpg `(--list-keys --with-colons ,keyid))) |
||||
+ (tr:call-with-content |
||||
+ (lambda (c) |
||||
+ ;; XXX we do not have a regexp library |
||||
+ (unless (any (lambda (line) |
||||
+ (and (string-prefix? line "pub:r:") |
||||
+ (string-contains? line "0843DA969AA8DAFB"))) |
||||
+ (string-split-newlines c)) |
||||
+ (exit 1))))) |
||||
+ |
||||
diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc |
||||
new file mode 100644 |
||||
index 0000000..6b7b608 |
||||
--- /dev/null |
||||
+++ b/tests/openpgp/import-incomplete/primary+revocation.asc |
||||
@@ -0,0 +1,9 @@ |
||||
+-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
+Comment: [E] primary key, revocation signature over primary (no user ID) |
||||
+ |
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ |
||||
+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ |
||||
+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 |
||||
+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== |
||||
+=tM90 |
||||
+-----END PGP PUBLIC KEY BLOCK----- |
||||
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc |
||||
new file mode 100644 |
||||
index 0000000..83a51a5 |
||||
--- /dev/null |
||||
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc |
||||
@@ -0,0 +1,10 @@ |
||||
+-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
+Comment: [D] primary key, subkey, subkey revocation (no user ID) |
||||
+ |
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ |
||||
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK |
||||
+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC |
||||
+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ |
||||
+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= |
||||
+=dwx2 |
||||
+-----END PGP PUBLIC KEY BLOCK----- |
||||
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc |
||||
new file mode 100644 |
||||
index 0000000..dc47a02 |
||||
--- /dev/null |
||||
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc |
||||
@@ -0,0 +1,10 @@ |
||||
+-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
+Comment: [B] primary key, subkey, subkey binding sig (no user ID) |
||||
+ |
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ |
||||
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK |
||||
+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC |
||||
+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR |
||||
+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= |
||||
+=xuDu |
||||
+-----END PGP PUBLIC KEY BLOCK----- |
||||
diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc |
||||
new file mode 100644 |
||||
index 0000000..134607d |
||||
--- /dev/null |
||||
+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc |
||||
@@ -0,0 +1,10 @@ |
||||
+-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
+Comment: [C] primary key and self-sig expiring in 2024 (no user ID) |
||||
+ |
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ |
||||
+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 |
||||
+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu |
||||
+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN |
||||
+9ohXOEBWvdJgVv2YAg== |
||||
+=KWIK |
||||
+-----END PGP PUBLIC KEY BLOCK----- |
||||
diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc |
||||
new file mode 100644 |
||||
index 0000000..055f300 |
||||
--- /dev/null |
||||
+++ b/tests/openpgp/import-incomplete/primary+uid.asc |
||||
@@ -0,0 +1,10 @@ |
||||
+-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
+Comment: [A] primary key, user ID, and self-sig expiring in 2021 |
||||
+ |
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ |
||||
+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC |
||||
+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja |
||||
++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI |
||||
+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= |
||||
+=1eII |
||||
+-----END PGP PUBLIC KEY BLOCK----- |
@ -0,0 +1,212 @@
@@ -0,0 +1,212 @@
|
||||
diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c |
||||
--- gnupg-2.2.20/g10/gpg.c.file-is-digest 2020-04-14 16:33:42.630269318 +0200 |
||||
+++ gnupg-2.2.20/g10/gpg.c 2020-04-14 16:34:46.455100086 +0200 |
||||
@@ -380,6 +380,7 @@ enum cmd_and_opt_values |
||||
oTTYtype, |
||||
oLCctype, |
||||
oLCmessages, |
||||
+ oFileIsDigest, |
||||
oXauthority, |
||||
oGroup, |
||||
oUnGroup, |
||||
@@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = { |
||||
ARGPARSE_s_s (oTempDir, "temp-directory", "@"), |
||||
ARGPARSE_s_s (oExecPath, "exec-path", "@"), |
||||
ARGPARSE_s_n (oExpert, "expert", "@"), |
||||
+ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"), |
||||
ARGPARSE_s_n (oNoExpert, "no-expert", "@"), |
||||
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"), |
||||
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"), |
||||
@@ -2419,6 +2421,7 @@ main (int argc, char **argv) |
||||
opt.keyid_format = KF_NONE; |
||||
opt.def_sig_expire = "0"; |
||||
opt.def_cert_expire = "0"; |
||||
+ opt.file_is_digest = 0; |
||||
opt.passphrase_repeat = 1; |
||||
opt.emit_version = 0; |
||||
opt.weak_digests = NULL; |
||||
@@ -2997,6 +3000,7 @@ main (int argc, char **argv) |
||||
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; |
||||
|
||||
case oForceAEAD: opt.force_aead = 1; break; |
||||
+ case oFileIsDigest: opt.file_is_digest = 1; break; |
||||
|
||||
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; |
||||
case oIncludeKeyBlock: opt.flags.include_key_block = 1; break; |
||||
diff -up gnupg-2.2.20/g10/options.h.file-is-digest gnupg-2.2.20/g10/options.h |
||||
--- gnupg-2.2.20/g10/options.h.file-is-digest 2020-03-14 19:54:05.000000000 +0100 |
||||
+++ gnupg-2.2.20/g10/options.h 2020-04-14 16:33:42.634269245 +0200 |
||||
@@ -202,6 +202,7 @@ struct |
||||
int no_auto_check_trustdb; |
||||
int preserve_permissions; |
||||
int no_homedir_creation; |
||||
+ int file_is_digest; |
||||
struct groupitem *grouplist; |
||||
int mangle_dos_filenames; |
||||
int enable_progress_filter; |
||||
diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c |
||||
--- gnupg-2.2.20/g10/sign.c.file-is-digest 2020-03-14 19:35:46.000000000 +0100 |
||||
+++ gnupg-2.2.20/g10/sign.c 2020-04-14 16:36:54.661751422 +0200 |
||||
@@ -40,6 +40,7 @@ |
||||
#include "pkglue.h" |
||||
#include "../common/sysutils.h" |
||||
#include "call-agent.h" |
||||
+#include "../common/host2net.h" |
||||
#include "../common/mbox-util.h" |
||||
#include "../common/compliance.h" |
||||
|
||||
@@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl, |
||||
|
||||
if (pk->version >= 5) |
||||
sig->version = 5; /* Required for v5 keys. */ |
||||
+ else if (opt.file_is_digest) |
||||
+ sig->version = 3; |
||||
else |
||||
sig->version = 4; /* Required. */ |
||||
|
||||
@@ -860,14 +863,22 @@ write_signature_packets (ctrl_t ctrl, |
||||
if (gcry_md_copy (&md, hash)) |
||||
BUG (); |
||||
|
||||
- build_sig_subpkt_from_sig (sig, pk); |
||||
- mk_notation_policy_etc (ctrl, sig, NULL, pk); |
||||
- if (opt.flags.include_key_block && IS_SIG (sig)) |
||||
- err = mk_sig_subpkt_key_block (ctrl, sig, pk); |
||||
- else |
||||
- err = 0; |
||||
- hash_sigversion_to_magic (md, sig, extrahash); |
||||
- gcry_md_final (md); |
||||
+ if (!opt.file_is_digest) |
||||
+ { |
||||
+ build_sig_subpkt_from_sig (sig, pk); |
||||
+ mk_notation_policy_etc (ctrl, sig, NULL, pk); |
||||
+ if (opt.flags.include_key_block && IS_SIG (sig)) |
||||
+ err = mk_sig_subpkt_key_block (ctrl, sig, pk); |
||||
+ else |
||||
+ err = 0; |
||||
+ |
||||
+ hash_sigversion_to_magic (md, sig, extrahash); |
||||
+ gcry_md_final (md); |
||||
+ } |
||||
+ else if (sig->version >= 4) |
||||
+ { |
||||
+ log_bug("file-is-digest doesn't work with v4 sigs\n"); |
||||
+ } |
||||
|
||||
if (!err) |
||||
err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); |
||||
@@ -924,6 +930,8 @@ sign_file (ctrl_t ctrl, strlist_t filena |
||||
SK_LIST sk_rover = NULL; |
||||
int multifile = 0; |
||||
u32 duration=0; |
||||
+ int sigclass = 0x00; |
||||
+ u32 timestamp = 0; |
||||
pt_extra_hash_data_t extrahash = NULL; |
||||
|
||||
pfx = new_progress_context (); |
||||
@@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena |
||||
fname = NULL; |
||||
|
||||
if (fname && filenames->next && (!detached || encryptflag)) |
||||
- log_bug ("multiple files can only be detached signed"); |
||||
+ log_bug ("multiple files can only be detached signed\n"); |
||||
+ |
||||
+ if (opt.file_is_digest && (multifile || !fname)) |
||||
+ log_bug ("file-is-digest only works with one file\n"); |
||||
+ if (opt.file_is_digest && !detached) |
||||
+ log_bug ("file-is-digest can only write detached signatures\n"); |
||||
+ if (opt.file_is_digest && !opt.def_digest_algo) |
||||
+ log_bug ("file-is-digest needs --digest-algo\n"); |
||||
+ if (opt.file_is_digest && opt.textmode) |
||||
+ log_bug ("file-is-digest doesn't work with --textmode\n"); |
||||
|
||||
if (encryptflag == 2 |
||||
&& (rc = setup_symkey (&efx.symkey_s2k, &efx.symkey_dek))) |
||||
@@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena |
||||
goto leave; |
||||
|
||||
/* Prepare iobufs. */ |
||||
- if (multifile) /* have list of filenames */ |
||||
+ if (multifile || opt.file_is_digest) /* have list of filenames */ |
||||
inp = NULL; /* we do it later */ |
||||
else |
||||
{ |
||||
@@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena |
||||
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) |
||||
gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); |
||||
|
||||
- if (!multifile) |
||||
+ if (!multifile && !opt.file_is_digest) |
||||
iobuf_push_filter (inp, md_filter, &mfx); |
||||
|
||||
if (detached && !encryptflag) |
||||
@@ -1155,6 +1172,8 @@ sign_file (ctrl_t ctrl, strlist_t filena |
||||
|
||||
write_status_begin_signing (mfx.md); |
||||
|
||||
+ sigclass = opt.textmode && !outfile? 0x01 : 0x00; |
||||
+ |
||||
/* Setup the inner packet. */ |
||||
if (detached) |
||||
{ |
||||
@@ -1195,6 +1214,49 @@ sign_file (ctrl_t ctrl, strlist_t filena |
||||
if (opt.verbose) |
||||
log_printf ("\n"); |
||||
} |
||||
+ else if (opt.file_is_digest) |
||||
+ { |
||||
+ byte *mdb, ts[5]; |
||||
+ size_t mdlen; |
||||
+ const char *fp; |
||||
+ int c, d; |
||||
+ |
||||
+ gcry_md_final(mfx.md); |
||||
+ /* this assumes gcry_md_read returns the same buffer */ |
||||
+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); |
||||
+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); |
||||
+ if (strlen(fname) != mdlen * 2 + 11) |
||||
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen); |
||||
+ d = -1; |
||||
+ for (fp = fname ; *fp; ) |
||||
+ { |
||||
+ c = *fp++; |
||||
+ if (c >= '0' && c <= '9') |
||||
+ c -= '0'; |
||||
+ else if (c >= 'a' && c <= 'f') |
||||
+ c -= 'a' - 10; |
||||
+ else if (c >= 'A' && c <= 'F') |
||||
+ c -= 'A' - 10; |
||||
+ else |
||||
+ log_bug("filename is not hex\n"); |
||||
+ if (d >= 0) |
||||
+ { |
||||
+ *mdb++ = d << 4 | c; |
||||
+ c = -1; |
||||
+ if (--mdlen == 0) |
||||
+ { |
||||
+ mdb = ts; |
||||
+ if (*fp++ != '@') |
||||
+ log_bug("missing time separator\n"); |
||||
+ } |
||||
+ } |
||||
+ d = c; |
||||
+ } |
||||
+ sigclass = ts[0]; |
||||
+ if (sigclass != 0x00 && sigclass != 0x01) |
||||
+ log_bug("bad cipher class\n"); |
||||
+ timestamp = buf32_to_u32(ts + 1); |
||||
+ } |
||||
else |
||||
{ |
||||
/* Read, so that the filter can calculate the digest. */ |
||||
@@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena |
||||
|
||||
/* Write the signatures. */ |
||||
rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash, |
||||
- opt.textmode && !outfile? 0x01 : 0x00, |
||||
- 0, duration, detached ? 'D':'S', NULL); |
||||
+ sigclass, |
||||
+ timestamp, duration, detached ? 'D':'S', NULL); |
||||
if (rc) |
||||
goto leave; |
||||
|
@ -0,0 +1,352 @@
@@ -0,0 +1,352 @@
|
||||
diff -up gnupg-2.2.21/common/server-help.c.coverity gnupg-2.2.21/common/server-help.c |
||||
--- gnupg-2.2.21/common/server-help.c.coverity 2019-02-11 10:59:34.000000000 +0100 |
||||
+++ gnupg-2.2.21/common/server-help.c 2020-07-20 17:09:57.416148768 +0200 |
||||
@@ -156,7 +156,7 @@ get_option_value (char *line, const char |
||||
*pend = 0; |
||||
*r_value = xtrystrdup (p); |
||||
*pend = c; |
||||
- if (!p) |
||||
+ if (!*r_value) |
||||
return my_error_from_syserror (); |
||||
return 0; |
||||
} |
||||
|
||||
|
||||
From 912e77f07d8a42d7ad001eb3df76f6932ccfa857 Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Wed, 7 Apr 2021 17:37:51 +0200 |
||||
Subject: [PATCH GnuPG 01/19] agent: Avoid memory leaks |
||||
|
||||
* agent/command.c (cmd_genkey): use goto leave instead of return |
||||
* agent/cvt-openpgp.c (convert_from_openpgp_main): use goto leave |
||||
instead of return |
||||
* agent/genkey.c (agent_ask_new_passphrase): fix typo to free correct |
||||
pointer |
||||
(agent_genkey): release memory |
||||
* agent/gpg-agent.c (check_own_socket): free sockname |
||||
* agent/protect-tool.c (read_key): free buf |
||||
(agent_askpin): free passphrase |
||||
* agent/protect.c (merge_lists): free newlist |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
agent/command.c | 2 +- |
||||
agent/cvt-openpgp.c | 5 ++++- |
||||
agent/genkey.c | 7 +++++-- |
||||
agent/gpg-agent.c | 10 ++++++++-- |
||||
agent/protect-tool.c | 6 +++++- |
||||
agent/protect.c | 5 ++++- |
||||
6 files changed, 27 insertions(+), 8 deletions(-) |
||||
|
||||
diff --git a/agent/protect.c b/agent/protect.c |
||||
index 76ead444b..50b10eb26 100644 |
||||
--- a/agent/protect.c |
||||
+++ b/agent/protect.c |
||||
@@ -949,7 +949,10 @@ merge_lists (const unsigned char *protectedkey, |
||||
/* Copy the cleartext. */ |
||||
s = cleartext; |
||||
if (*s != '(' && s[1] != '(') |
||||
- return gpg_error (GPG_ERR_BUG); /*we already checked this */ |
||||
+ { |
||||
+ xfree (newlist); |
||||
+ return gpg_error (GPG_ERR_BUG); /*we already checked this */ |
||||
+ } |
||||
s += 2; |
||||
startpos = s; |
||||
while ( *s == '(' ) |
||||
-- |
||||
2.30.2 |
||||
|
||||
|
||||
From 7a707a3eff1c3fbe17a74337776871f408377cee Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Fri, 9 Apr 2021 16:13:07 +0200 |
||||
Subject: [PATCH GnuPG 03/19] g10: Fix memory leaks |
||||
|
||||
* g10/card-util.c (change_pin): free answer on errors |
||||
(ask_card_keyattr): free answer on error |
||||
* g10/cpr.c (do_get_from_fd): free string |
||||
* g10/gpg.c (check_permissions): free dir on weird error |
||||
* g10/import.c (append_new_uid): release knode |
||||
* g10/keyedit.c (menu_set_keyserver_url): free answer |
||||
(menu_set_keyserver_url): free user |
||||
* g10/keygen.c (print_status_key_not_created): move allocation after |
||||
sanity check |
||||
(ask_expire_interval): free answer |
||||
(card_store_key_with_backup): goto leave instaed of return |
||||
* g10/keyserver.c (parse_keyserver_uri): goto fail instead of return |
||||
* g10/revoke.c (gen_desig_revoke): release kdbhd |
||||
(gen_desig_revoke): free answer |
||||
* g10/tofu.c (ask_about_binding): free sqerr and response |
||||
* g10/trustdb.c (ask_ownertrust): free pk |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
g10/card-util.c | 14 +++++++++++--- |
||||
g10/cpr.c | 6 +++++- |
||||
g10/gpg.c | 1 + |
||||
g10/import.c | 5 ++++- |
||||
g10/keyedit.c | 8 +++++++- |
||||
g10/keygen.c | 15 +++++++++++---- |
||||
g10/keyserver.c | 2 +- |
||||
g10/revoke.c | 6 +++++- |
||||
g10/tofu.c | 4 ++++ |
||||
g10/trustdb.c | 1 + |
||||
10 files changed, 50 insertions(+), 12 deletions(-) |
||||
|
||||
diff --git a/g10/card-util.c b/g10/card-util.c |
||||
index 36f096f06..c7df8380d 100644 |
||||
--- a/g10/card-util.c |
||||
+++ b/g10/card-util.c |
||||
@@ -127,7 +127,7 @@ change_pin (int unblock_v2, int allow_admin) |
||||
else |
||||
for (;;) |
||||
{ |
||||
- char *answer; |
||||
+ char *answer = NULL; |
||||
|
||||
tty_printf ("\n"); |
||||
tty_printf ("1 - change PIN\n" |
||||
diff --git a/g10/tofu.c b/g10/tofu.c |
||||
index f49083844..83786a08d 100644 |
||||
--- a/g10/tofu.c |
||||
+++ b/g10/tofu.c |
||||
@@ -1687,6 +1687,8 @@ ask_about_binding (ctrl_t ctrl, |
||||
GPGSQL_ARG_END); |
||||
if (rc) |
||||
{ |
||||
+ sqlite3_free (sqerr); |
||||
+ sqerr = NULL; |
||||
rc = gpg_error (GPG_ERR_GENERAL); |
||||
break; |
||||
} |
||||
-- |
||||
2.30.2 |
||||
|
||||
From febbe77870b51e4e1158ae9efeaa0f3aad69a495 Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Mon, 12 Apr 2021 14:48:59 +0200 |
||||
Subject: [PATCH GnuPG 05/19] tools: Avoid memory leak sfrom gpgspilt |
||||
|
||||
* tools/gpgsplit.c (write_part): free blob |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
tools/gpgsplit.c | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/tools/gpgsplit.c b/tools/gpgsplit.c |
||||
index cc7bf8ef5..93458068c 100644 |
||||
--- a/tools/gpgsplit.c |
||||
+++ b/tools/gpgsplit.c |
||||
@@ -620,6 +620,7 @@ write_part (FILE *fpin, unsigned long pktlen, |
||||
} |
||||
} |
||||
|
||||
+ xfree (blob); |
||||
goto ready; |
||||
} |
||||
|
||||
-- |
||||
2.30.2 |
||||
|
||||
|
||||
From 7c8048b686a6e811d0b24febf3c5e2528e7881f1 Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Tue, 13 Apr 2021 16:23:31 +0200 |
||||
Subject: [PATCH GnuPG 14/19] dirmgr: Avoid memory leaks |
||||
|
||||
* dirmngr/domaininfo.c (insert_or_update): free di_new |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
dirmngr/domaininfo.c | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/dirmngr/domaininfo.c b/dirmngr/domaininfo.c |
||||
index b41aef366..87782b4b1 100644 |
||||
--- a/dirmngr/domaininfo.c |
||||
+++ b/dirmngr/domaininfo.c |
||||
@@ -193,6 +193,7 @@ insert_or_update (const char *domain, |
||||
log_error ("domaininfo: error allocating helper array: %s\n", |
||||
gpg_strerror (gpg_err_code_from_syserror ())); |
||||
drop_extra = bucket; |
||||
+ xfree (di_new); |
||||
goto leave; |
||||
} |
||||
narray = 0; |
||||
-- |
||||
2.30.2 |
||||
|
||||
|
||||
From ab3b8c53993b3305088efde756a44bac6e6492d4 Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Tue, 13 Apr 2021 16:34:40 +0200 |
||||
Subject: [PATCH GnuPG 15/19] scd: Avoid memory leaks and uninitialized memory |
||||
|
||||
* scd/app-piv.c (do_decipher): goto leave, initialize outdatalen |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
scd/app-piv.c | 4 ++-- |
||||
1 file changed, 2 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/scd/app-piv.c b/scd/app-piv.c |
||||
index 143cc047a..94257f0ee 100644 |
||||
--- a/scd/app-piv.c |
||||
+++ b/scd/app-piv.c |
||||
@@ -2483,7 +2483,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, |
||||
gpg_error_t err; |
||||
data_object_t dobj; |
||||
unsigned char *outdata = NULL; |
||||
- size_t outdatalen; |
||||
+ size_t outdatalen = 0; |
||||
const unsigned char *s; |
||||
size_t n; |
||||
int keyref, mechanism; |
||||
@@ -2582,7 +2582,7 @@ do_decipher (app_t app, ctrl_t ctrl, const char *keyidstr, |
||||
/* Now verify the Application PIN. */ |
||||
err = verify_chv (app, ctrl, 0x80, 0, pincb, pincb_arg); |
||||
if (err) |
||||
- return err; |
||||
+ goto leave; |
||||
|
||||
/* Build the Dynamic Authentication Template. */ |
||||
err = concat_tlv_list (0, &apdudata, &apdudatalen, |
||||
-- |
||||
2.30.2 |
||||
|
||||
|
||||
From f182bf91443618323e34261039045a6bde269be5 Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Tue, 13 Apr 2021 16:44:48 +0200 |
||||
Subject: [PATCH GnuPG 16/19] tools: Avoid memory leaks |
||||
|
||||
* tools/wks-util.c (wks_cmd_print_wkd_url): Free addrspec on error |
||||
(wks_cmd_print_wkd_hash): Free addrspec on error |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
tools/wks-util.c | 14 ++++++++++---- |
||||
1 file changed, 10 insertions(+), 4 deletions(-) |
||||
|
||||
diff --git a/tools/wks-util.c b/tools/wks-util.c |
||||
index 516c7fe00..38dd194ff 100644 |
||||
--- a/tools/wks-util.c |
||||
+++ b/tools/wks-util.c |
||||
@@ -1192,11 +1192,14 @@ gpg_error_t |
||||
wks_cmd_print_wkd_hash (const char *userid) |
||||
{ |
||||
gpg_error_t err; |
||||
- char *addrspec, *fname; |
||||
+ char *addrspec = NULL, *fname; |
||||
|
||||
err = wks_fname_from_userid (userid, 1, &fname, &addrspec); |
||||
if (err) |
||||
- return err; |
||||
+ { |
||||
+ xfree (addrspec); |
||||
+ return err; |
||||
+ } |
||||
|
||||
es_printf ("%s %s\n", fname, addrspec); |
||||
|
||||
@@ -1211,12 +1214,15 @@ gpg_error_t |
||||
wks_cmd_print_wkd_url (const char *userid) |
||||
{ |
||||
gpg_error_t err; |
||||
- char *addrspec, *fname; |
||||
+ char *addrspec = NULL, *fname; |
||||
char *domain; |
||||
|
||||
err = wks_fname_from_userid (userid, 1, &fname, &addrspec); |
||||
if (err) |
||||
- return err; |
||||
+ { |
||||
+ xfree (addrspec); |
||||
+ return err; |
||||
+ } |
||||
|
||||
domain = strchr (addrspec, '@'); |
||||
if (domain) |
||||
-- |
||||
2.30.2 |
||||
|
||||
|
||||
From 600fabd8268c765d45d48873e7a8610e6dae0966 Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Wed, 14 Apr 2021 15:59:12 +0200 |
||||
Subject: [PATCH GnuPG 17/19] scd: Use the same allocator to free memory |
||||
|
||||
* scd/command.c (cmd_getinfo): Use free instead of gcry_free to match |
||||
the original allocator |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
scd/command.c | 3 ++- |
||||
1 file changed, 2 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/scd/command.c b/scd/command.c |
||||
index cb0dd379a..9d85c5a41 100644 |
||||
--- a/scd/command.c |
||||
+++ b/scd/command.c |
||||
@@ -1832,7 +1832,8 @@ cmd_getinfo (assuan_context_t ctx, char *line) |
||||
rc = assuan_send_data (ctx, p, strlen (p)); |
||||
else |
||||
rc = gpg_error (GPG_ERR_NO_DATA); |
||||
- xfree (p); |
||||
+ /* allocated by scd/ccid-driver.c which is not using x*alloc/gcry_* */ |
||||
+ free (p); |
||||
} |
||||
else if (!strcmp (line, "deny_admin")) |
||||
rc = opt.allow_admin? gpg_error (GPG_ERR_GENERAL) : 0; |
||||
-- |
||||
2.30.2 |
||||
|
||||
|
||||
From a94b0deab7c2ece2e512f87a52142454354d77b5 Mon Sep 17 00:00:00 2001 |
||||
From: Jakub Jelen <jjelen@redhat.com> |
||||
Date: Wed, 14 Apr 2021 18:49:03 +0200 |
||||
Subject: [PATCH GnuPG 19/19] g10: Do not allocate memory when we can't return |
||||
it |
||||
|
||||
* g10/keyid.c (fpr20_from_pk): Do not allocate memory when we can't |
||||
return it |
||||
|
||||
-- |
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com> |
||||
--- |
||||
g10/keyid.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/g10/keyid.c b/g10/keyid.c |
||||
index 522cc9cda..f1af2fd90 100644 |
||||
--- a/g10/keyid.c |
||||
+++ b/g10/keyid.c |
||||
@@ -899,7 +899,7 @@ fpr20_from_pk (PKT_public_key *pk, byte array[20]) |
||||
compute_fingerprint (pk); |
||||
|
||||
if (!array) |
||||
- array = xmalloc (pk->fprlen); |
||||
+ return; |
||||
|
||||
if (pk->fprlen == 32) /* v5 fingerprint */ |
||||
{ |
||||
-- |
||||
2.30.2 |
||||
|
@ -0,0 +1,12 @@
@@ -0,0 +1,12 @@
|
||||
diff -up gnupg-2.2.23/g10/keygen.c.large-rsa gnupg-2.2.23/g10/keygen.c |
||||
--- gnupg-2.2.23/g10/keygen.c.large-rsa 2020-09-04 13:53:42.030486671 +0200 |
||||
+++ gnupg-2.2.23/g10/keygen.c 2020-09-04 13:55:52.896669542 +0200 |
||||
@@ -2262,7 +2262,7 @@ get_keysize_range (int algo, unsigned in |
||||
|
||||
default: |
||||
*min = opt.compliance == CO_DE_VS ? 2048: 1024; |
||||
- *max = 4096; |
||||
+ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; |
||||
def = 3072; |
||||
break; |
||||
} |
@ -0,0 +1,162 @@
@@ -0,0 +1,162 @@
|
||||
From ff31dde456f32950f0df6c974b4c41f1d650d68f Mon Sep 17 00:00:00 2001 |
||||
From: Werner Koch <wk@gnupg.org> |
||||
Date: Mon, 5 Oct 2020 14:21:31 +0200 |
||||
Subject: [PATCH GnuPG] gpg: Switch to ed25519+cv25519 as default algo. |
||||
|
||||
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future |
||||
default ago. |
||||
(ask_algo): Change default and also the way we indicate the default |
||||
algo in the list of algos. |
||||
(ask_curve): Indicate the default curve. |
||||
|
||||
Signed-off-by: Werner Koch <wk@gnupg.org> |
||||
--- |
||||
g10/keygen.c | 57 ++++++++++++++++++++++++++-------------------------- |
||||
1 file changed, 29 insertions(+), 28 deletions(-) |
||||
|
||||
diff --git a/g10/keygen.c b/g10/keygen.c |
||||
index 16e4e58ea..b510525e3 100644 |
||||
--- a/g10/keygen.c |
||||
+++ b/g10/keygen.c |
||||
@@ -47,10 +47,11 @@ |
||||
#include "../common/mbox-util.h" |
||||
|
||||
|
||||
-/* The default algorithms. If you change them, you should ensure the value |
||||
- is inside the bounds enforced by ask_keysize and gen_xxx. See also |
||||
- get_keysize_range which encodes the allowed ranges. */ |
||||
-#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr" |
||||
+/* The default algorithms. If you change them, you should ensure the |
||||
+ value is inside the bounds enforced by ask_keysize and gen_xxx. |
||||
+ See also get_keysize_range which encodes the allowed ranges. The |
||||
+ default answer in ask_algo also needs to be adjusted. */ |
||||
+#define DEFAULT_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" |
||||
#define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" |
||||
|
||||
/* When generating keys using the streamlined key generation dialog, |
||||
@@ -2112,50 +2113,49 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage, |
||||
|
||||
#if GPG_USE_RSA |
||||
if (!addmode) |
||||
- tty_printf (_(" (%d) RSA and RSA (default)\n"), 1 ); |
||||
+ tty_printf (_(" (%d) RSA and RSA%s\n"), 1, ""); |
||||
#endif |
||||
|
||||
if (!addmode && opt.compliance != CO_DE_VS) |
||||
- tty_printf (_(" (%d) DSA and Elgamal\n"), 2 ); |
||||
+ tty_printf (_(" (%d) DSA and Elgamal%s\n"), 2, ""); |
||||
|
||||
if (opt.compliance != CO_DE_VS) |
||||
- tty_printf (_(" (%d) DSA (sign only)\n"), 3 ); |
||||
+ tty_printf (_(" (%d) DSA (sign only)%s\n"), 3, ""); |
||||
#if GPG_USE_RSA |
||||
- tty_printf (_(" (%d) RSA (sign only)\n"), 4 ); |
||||
+ tty_printf (_(" (%d) RSA (sign only)%s\n"), 4, ""); |
||||
#endif |
||||
|
||||
if (addmode) |
||||
{ |
||||
if (opt.compliance != CO_DE_VS) |
||||
- tty_printf (_(" (%d) Elgamal (encrypt only)\n"), 5 ); |
||||
+ tty_printf (_(" (%d) Elgamal (encrypt only)%s\n"), 5, ""); |
||||
#if GPG_USE_RSA |
||||
- tty_printf (_(" (%d) RSA (encrypt only)\n"), 6 ); |
||||
+ tty_printf (_(" (%d) RSA (encrypt only)%s\n"), 6, ""); |
||||
#endif |
||||
} |
||||
if (opt.expert) |
||||
{ |
||||
if (opt.compliance != CO_DE_VS) |
||||
- tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 ); |
||||
+ tty_printf (_(" (%d) DSA (set your own capabilities)%s\n"), 7, ""); |
||||
#if GPG_USE_RSA |
||||
- tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 ); |
||||
+ tty_printf (_(" (%d) RSA (set your own capabilities)%s\n"), 8, ""); |
||||
#endif |
||||
} |
||||
|
||||
#if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA |
||||
- if (opt.expert && !addmode) |
||||
- tty_printf (_(" (%d) ECC and ECC\n"), 9 ); |
||||
- if (opt.expert) |
||||
- tty_printf (_(" (%d) ECC (sign only)\n"), 10 ); |
||||
+ if (!addmode) |
||||
+ tty_printf (_(" (%d) ECC (sign and encrypt)%s\n"), 9, _(" *default*") ); |
||||
+ tty_printf (_(" (%d) ECC (sign only)\n"), 10 ); |
||||
if (opt.expert) |
||||
- tty_printf (_(" (%d) ECC (set your own capabilities)\n"), 11 ); |
||||
- if (opt.expert && addmode) |
||||
- tty_printf (_(" (%d) ECC (encrypt only)\n"), 12 ); |
||||
+ tty_printf (_(" (%d) ECC (set your own capabilities)%s\n"), 11, ""); |
||||
+ if (addmode) |
||||
+ tty_printf (_(" (%d) ECC (encrypt only)%s\n"), 12, ""); |
||||
#endif |
||||
|
||||
if (opt.expert && r_keygrip) |
||||
- tty_printf (_(" (%d) Existing key\n"), 13 ); |
||||
+ tty_printf (_(" (%d) Existing key%s\n"), 13, ""); |
||||
if (r_keygrip) |
||||
- tty_printf (_(" (%d) Existing key from card\n"), 14 ); |
||||
+ tty_printf (_(" (%d) Existing key from card%s\n"), 14, ""); |
||||
|
||||
for (;;) |
||||
{ |
||||
@@ -2164,7 +2164,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage, |
||||
xfree (answer); |
||||
answer = cpr_get ("keygen.algo", _("Your selection? ")); |
||||
cpr_kill_prompt (); |
||||
- algo = *answer? atoi (answer) : 1; |
||||
+ algo = *answer? atoi (answer) : 9; /* Default algo is 9 */ |
||||
|
||||
if (opt.compliance == CO_DE_VS |
||||
&& (algo == 2 || algo == 3 || algo == 5 || algo == 7)) |
||||
@@ -2220,13 +2220,13 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage, |
||||
break; |
||||
} |
||||
else if ((algo == 9 || !strcmp (answer, "ecc+ecc")) |
||||
- && opt.expert && !addmode) |
||||
+ && !addmode) |
||||
{ |
||||
algo = PUBKEY_ALGO_ECDSA; |
||||
*r_subkey_algo = PUBKEY_ALGO_ECDH; |
||||
break; |
||||
} |
||||
- else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert) |
||||
+ else if ((algo == 10 || !strcmp (answer, "ecc/s"))) |
||||
{ |
||||
algo = PUBKEY_ALGO_ECDSA; |
||||
*r_usage = PUBKEY_USAGE_SIG; |
||||
@@ -2239,7 +2239,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage, |
||||
break; |
||||
} |
||||
else if ((algo == 12 || !strcmp (answer, "ecc/e")) |
||||
- && opt.expert && addmode) |
||||
+ && addmode) |
||||
{ |
||||
algo = PUBKEY_ALGO_ECDH; |
||||
*r_usage = PUBKEY_USAGE_ENC; |
||||
@@ -2616,7 +2616,7 @@ ask_curve (int *algo, int *subkey_algo, const char *current) |
||||
{ "NIST P-256", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 }, |
||||
{ "NIST P-384", NULL, NULL, MY_USE_ECDSADH, 0, 0, 0 }, |
||||
{ "NIST P-521", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 }, |
||||
- { "brainpoolP256r1", NULL, "Brainpool P-256", MY_USE_ECDSADH, 1, 1, 0 }, |
||||
+ { "brainpoolP256r1", NULL, "Brainpool P-256", MY_USE_ECDSADH, 1, 0, 0 }, |
||||
{ "brainpoolP384r1", NULL, "Brainpool P-384", MY_USE_ECDSADH, 1, 1, 0 }, |
||||
{ "brainpoolP512r1", NULL, "Brainpool P-512", MY_USE_ECDSADH, 1, 1, 0 }, |
||||
{ "secp256k1", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 }, |
||||
@@ -2672,9 +2672,10 @@ ask_curve (int *algo, int *subkey_algo, const char *current) |
||||
} |
||||
|
||||
curves[idx].available = 1; |
||||
- tty_printf (" (%d) %s\n", idx + 1, |
||||
+ tty_printf (" (%d) %s%s\n", idx + 1, |
||||
curves[idx].pretty_name? |
||||
- curves[idx].pretty_name:curves[idx].name); |
||||
+ curves[idx].pretty_name:curves[idx].name, |
||||
+ idx == 0? _(" *default*"):""); |
||||
} |
||||
gcry_sexp_release (keyparms); |
||||
|
||||
-- |
||||
2.31.1 |
||||
|
@ -0,0 +1,884 @@
@@ -0,0 +1,884 @@
|
||||
%if 0%{?fedora} && 0%{?fedora} < 30 |
||||
%bcond_with unversioned_gpg |
||||
%else |
||||
%bcond_without unversioned_gpg |
||||
%endif |
||||
|
||||
Summary: Utility for secure communication and data storage |
||||
Name: gnupg2 |
||||
Version: 2.3.3 |
||||
Release: 1%{?dist} |
||||
|
||||
License: GPLv3+ |
||||
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2 |
||||
Source1: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig |
||||
# needed for compatibility with system FIPS mode |
||||
Patch3: gnupg-2.1.10-secmem.patch |
||||
# non-upstreamable patch adding file-is-digest option needed for Copr |
||||
# https://dev.gnupg.org/T1646 |
||||
Patch4: gnupg-2.2.20-file-is-digest.patch |
||||
Patch6: gnupg-2.1.1-fips-algo.patch |
||||
# allow 8192 bit RSA keys in keygen UI with large RSA |
||||
Patch9: gnupg-2.2.23-large-rsa.patch |
||||
# fix missing uid on refresh from keys.openpgp.org |
||||
# https://salsa.debian.org/debian/gnupg2/commit/f292beac1171c6c77faf41d1f88c2e0942ed4437 |
||||
Patch20: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch |
||||
Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch |
||||
Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch |
||||
# Fixes for issues found in Coverity scan - reported upstream |
||||
Patch30: gnupg-2.2.21-coverity.patch |
||||
# Revert default EdDSA key types |
||||
Patch31: gnupg-2.3.1-revert-default-eddsa.patch |
||||
|
||||
|
||||
URL: https://www.gnupg.org/ |
||||
|
||||
#BuildRequires: automake libtool texinfo transfig |
||||
BuildRequires: gcc |
||||
BuildRequires: bzip2-devel |
||||
BuildRequires: curl-devel |
||||
BuildRequires: docbook-utils |
||||
BuildRequires: gettext |
||||
BuildRequires: libassuan-devel >= 2.1.0 |
||||
BuildRequires: libgcrypt-devel >= 1.9.1 |
||||
BuildRequires: libgpg-error-devel >= 1.38 |
||||
BuildRequires: libksba-devel >= 1.3.0 |
||||
BuildRequires: openldap-devel |
||||
BuildRequires: libusb-devel |
||||
BuildRequires: pcsc-lite-libs |
||||
BuildRequires: npth-devel |
||||
BuildRequires: readline-devel ncurses-devel |
||||
BuildRequires: zlib-devel |
||||
BuildRequires: gnutls-devel |
||||
BuildRequires: sqlite-devel |
||||
BuildRequires: fuse |
||||
BuildRequires: make |
||||
|
||||
Requires: libgcrypt >= 1.7.0 |
||||
Requires: libgpg-error >= 1.38 |
||||
|
||||
Suggests: pinentry |
||||
|
||||
Suggests: gnupg2-smime |
||||
|
||||
# for USB smart card support |
||||
Suggests: pcsc-lite-ccid |
||||
|
||||
%if %{with unversioned_gpg} |
||||
# pgp-tools, perl-GnuPG-Interface requires 'gpg' (not sure why) -- Rex |
||||
Provides: gpg = %{version}-%{release} |
||||
# Obsolete GnuPG-1 package |
||||
Provides: gnupg = %{version}-%{release} |
||||
Obsoletes: gnupg < 1.4.24 |
||||
%endif |
||||
|
||||
Provides: dirmngr = %{version}-%{release} |
||||
Obsoletes: dirmngr < 1.2.0-1 |
||||
|
||||
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} |
||||
|
||||
%package smime |
||||
Summary: CMS encryption and signing tool and smart card support for GnuPG |
||||
Requires: gnupg2%{?_isa} = %{version}-%{release} |
||||
|
||||
|
||||
%description |
||||
GnuPG is GNU's tool for secure communication and data storage. It can |
||||
be used to encrypt data and to create digital signatures. It includes |
||||
an advanced key management facility and is compliant with the proposed |
||||
OpenPGP Internet standard as described in RFC2440 and the S/MIME |
||||
standard as described by several RFCs. |
||||
|
||||
GnuPG 2.0 is a newer version of GnuPG with additional support for |
||||
S/MIME. It has a different design philosophy that splits |
||||
functionality up into several modules. The S/MIME and smartcard functionality |
||||
is provided by the gnupg2-smime package. |
||||
|
||||
%description smime |
||||
GnuPG is GNU's tool for secure communication and data storage. This |
||||
package adds support for smart cards and S/MIME encryption and signing |
||||
to the base GnuPG package |
||||
|
||||
%prep |
||||
%setup -q -n gnupg-%{version} |
||||
|
||||
%patch3 -p1 -b .secmem |
||||
%patch4 -p1 -b .file-is-digest |
||||
%patch6 -p1 -b .fips |
||||
%patch9 -p1 -b .large-rsa |
||||
|
||||
%patch20 -p1 -b .test_missing_uid |
||||
%patch21 -p1 -b .prev_known_key |
||||
%patch22 -p1 -b .good_revoc |
||||
|
||||
%patch30 -p1 -b .coverity |
||||
%patch31 -p1 -R -b .eddsa |
||||
|
||||
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) |
||||
# Note: this is just the name of the default shared lib to load in scdaemon, |
||||
# it can use other implementations too (including non-pcsc ones). |
||||
%global pcsclib %(basename $(ls -1 %{_libdir}/libpcsclite.so.? 2>/dev/null ) 2>/dev/null ) |
||||
|
||||
sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c |
||||
|
||||
|
||||
%build |
||||
# can not regenerate makefiles because of automake-1.16.3 requirement |
||||
# ./autogen.sh |
||||
%configure \ |
||||
%if %{without unversioned_gpg} |
||||
--enable-gpg-is-gpg2 \ |
||||
%endif |
||||
--disable-rpath \ |
||||
--enable-g13 \ |
||||
--disable-ccid-driver \ |
||||
--enable-large-secmem |
||||
|
||||
# need scratch gpg database for tests |
||||
mkdir -p $HOME/.gnupg |
||||
|
||||
%make_build |
||||
|
||||
|
||||
%install |
||||
%make_install \ |
||||
docdir=%{_pkgdocdir} |
||||
|
||||
%if %{without unversioned_gpg} |
||||
# rename file conflicting with gnupg-1.x |
||||
rename gnupg.7 gnupg2.7 %{buildroot}%{_mandir}/man7/gnupg.7* |
||||
%endif |
||||
|
||||
%find_lang %{name} |
||||
|
||||
# gpgconf.conf |
||||
mkdir -p %{buildroot}%{_sysconfdir}/gnupg |
||||
touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf |
||||
|
||||
# more docs |
||||
install -m644 -p AUTHORS NEWS THANKS TODO \ |
||||
%{buildroot}%{_pkgdocdir} |
||||
|
||||
%if %{with unversioned_gpg} |
||||
# compat symlinks |
||||
ln -sf gpg %{buildroot}%{_bindir}/gpg2 |
||||
ln -sf gpgv %{buildroot}%{_bindir}/gpgv2 |
||||
ln -sf gpg.1 %{buildroot}%{_mandir}/man1/gpg2.1 |
||||
ln -sf gpgv.1 %{buildroot}%{_mandir}/man1/gpgv2.1 |
||||
ln -sf gnupg.7 %{buildroot}%{_mandir}/man7/gnupg2.7 |
||||
%endif |
||||
|
||||
# info dir |
||||
rm -f %{buildroot}%{_infodir}/dir |
||||
|
||||
# drop the gpg scheme interpreter |
||||
rm -f %{buildroot}%{_bindir}/gpgscm |
||||
|
||||
# Move the systemd user units to appropriate directory |
||||
install -d -m755 %{buildroot}%{_userunitdir} |
||||
mv %{buildroot}%{_pkgdocdir}/examples/systemd-user/*.socket %{buildroot}%{_userunitdir} |
||||
mv %{buildroot}%{_pkgdocdir}/examples/systemd-user/*.service %{buildroot}%{_userunitdir} |
||||
|
||||
%check |
||||
# need scratch gpg database for tests |
||||
mkdir -p $HOME/.gnupg |
||||
make -k check |
||||
|
||||
|
||||
%files -f %{name}.lang |
||||
%license COPYING |
||||
#doc AUTHORS NEWS README THANKS TODO |
||||
%{_pkgdocdir} |
||||
%dir %{_sysconfdir}/gnupg |
||||
%ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf |
||||
## docs say to install suid root, but fedora/rh security folk say not to |
||||
%{_bindir}/gpg2 |
||||
%{_bindir}/gpgv2 |
||||
%{_bindir}/gpg-card |
||||
%{_bindir}/gpg-connect-agent |
||||
%{_bindir}/gpg-agent |
||||
%{_bindir}/gpg-wks-client |
||||
%{_bindir}/gpgconf |
||||
%{_bindir}/gpgparsemail |
||||
%{_bindir}/gpgtar |
||||
%{_bindir}/g13 |
||||
%{_bindir}/dirmngr |
||||
%{_bindir}/dirmngr-client |
||||
%if %{with unversioned_gpg} |
||||
%{_bindir}/gpg |
||||
%{_bindir}/gpgv |
||||
%{_bindir}/gpgsplit |
||||
%endif |
||||
%{_bindir}/watchgnupg |
||||
%{_bindir}/gpg-wks-server |
||||
%{_sbindir}/* |
||||
%{_datadir}/gnupg/ |
||||
%{_libexecdir}/* |
||||
%{_infodir}/*.info* |
||||
%{_mandir}/man?/* |
||||
%{_userunitdir}/* |
||||
%exclude %{_mandir}/man?/gpgsm* |
||||
|
||||
%files smime |
||||
%{_bindir}/gpgsm* |
||||
%{_bindir}/kbxutil |
||||
%{_mandir}/man?/gpgsm* |
||||
|
||||
|
||||
%changelog |
||||
* Fri Nov 19 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.3-1 |
||||
- Rebase to 2.3.1 to address random tests failures (#1984842) |
||||
|
||||
* Thu Nov 18 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-4 |
||||
- Fix --file-is-digest patch (#2024710) |
||||
|
||||
* Wed Sep 08 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-3 |
||||
- Revernt default key type back to RSA for FIPS compatibility (#2001937) |
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.1-2 |
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags |
||||
Related: rhbz#1991688 |
||||
|
||||
* Wed Apr 21 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-1 |
||||
- New upstream release (#1947159) |
||||
|
||||
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.27-5 |
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 |
||||
|
||||
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.27-4 |
||||
- Add a configuration to not require exclusive access to PCSC |
||||
|
||||
* Thu Feb 18 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.27-3 |
||||
- Bump required libgpg-error version (#1930110) |
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.27-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild |
||||
|
||||
* Tue Jan 12 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.27-1 |
||||
- New upstream release (#1909825) |
||||
|
||||
* Mon Jan 04 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.26-1 |
||||
- New upstream release (#1909825) |
||||
|
||||
* Tue Nov 24 2020 Jakub Jelen <jjelen@redhat.com> - 2.2.25-2 |
||||
- Enable gpgtar (#1901103) |
||||
|
||||
* Tue Nov 24 2020 Jakub Jelen <jjelen@redhat.com> - 2.2.25-1 |
||||
- Update to 2.2.25 (#1900815) |
||||
|
||||
* Thu Nov 19 2020 Jakub Jelen <jjelen@redhat.com> - 2.2.24-1 |
||||
- Update to 2.2.24 (#1898504) |
||||
|
||||
* Fri Sep 4 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.23-1 |
||||
- upgrade to 2.2.23 |
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.21-4 |
||||
- Second attempt - Rebuilt for |
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild |
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.21-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild |
||||
|
||||
* Tue Jul 21 2020 Tom Stellard <tstellar@redhat.com> - 2.2.21-2 |
||||
- Use make macros |
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro |
||||
|
||||
* Mon Jul 20 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.21-1 |
||||
- upgrade to 2.2.21 |
||||
|
||||
* Mon May 4 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.20-3 |
||||
- fixes for issues found in Coverity scan |
||||
|
||||
* Thu Apr 30 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.20-2 |
||||
- move systemd user units to _userunitdir (no activation by default) |
||||
|
||||
* Tue Apr 14 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.20-1 |
||||
- upgrade to 2.2.20 |
||||
|
||||
* Wed Jan 29 2020 Tomáš Mráz <tmraz@redhat.com> - 2.2.19-1 |
||||
- upgrade to 2.2.19 |
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.18-4 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild |
||||
|
||||
* Sat Jan 4 2020 Marcel Härry <mh+fedora@scrit.ch> - 2.2.18-3 |
||||
- Add patches to be able to deal with keys without uids (#1787708) |
||||
|
||||
* Fri Dec 6 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.18-2 |
||||
- fix abort when decrypting data with anonymous recipient (#1780057) |
||||
|
||||
* Tue Dec 3 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.18-1 |
||||
- upgrade to 2.2.18 |
||||
|
||||
* Wed Nov 6 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.17-3 |
||||
- fix the gnupg(7) manual page (#1769072) |
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.17-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild |
||||
|
||||
* Mon Jul 15 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.17-1 |
||||
- upgrade to 2.2.17 |
||||
|
||||
* Mon Jul 1 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.16-1 |
||||
- upgrade to 2.2.16 |
||||
|
||||
* Tue Feb 26 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.13-1 |
||||
- upgrade to 2.2.13 |
||||
|
||||
* Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.2.12-3 |
||||
- Rebuild for readline 8.0 |
||||
|
||||
* Mon Feb 4 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.12-2 |
||||
- make it build with gcc-9 |
||||
|
||||
* Tue Jan 8 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.12-1 |
||||
- upgrade to 2.2.12 |
||||
|
||||
* Sat Dec 08 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.2.11-2 |
||||
- Provide unversioned GPG on F30+ |
||||
|
||||
* Fri Nov 30 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.11-1 |
||||
- upgrade to 2.2.11 |
||||
|
||||
* Wed Aug 1 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.9-1 |
||||
- upgrade to 2.2.9 |
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.8-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||
|
||||
* Mon Jun 11 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.8-1 |
||||
- upgrade to 2.2.8 fixing CVE 2018-12020 |
||||
|
||||
* Wed Apr 11 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.6-1 |
||||
- upgrade to 2.2.6 |
||||
|
||||
* Fri Mar 2 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.5-1 |
||||
- upgrade to 2.2.5 |
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||
|
||||
* Fri Jan 12 2018 Tomáš Mráz <tmraz@redhat.com> - 2.2.4-1 |
||||
- upgrade to 2.2.4 |
||||
|
||||
* Tue Nov 21 2017 Tomáš Mráz <tmraz@redhat.com> - 2.2.3-1 |
||||
- upgrade to 2.2.3 |
||||
|
||||
* Wed Nov 8 2017 Tomáš Mráz <tmraz@redhat.com> - 2.2.2-1 |
||||
- upgrade to 2.2.2 |
||||
|
||||
* Tue Oct 3 2017 Tomáš Mráz <tmraz@redhat.com> - 2.2.1-1 |
||||
- upgrade to 2.2.1 |
||||
|
||||
* Tue Sep 5 2017 Tomáš Mráz <tmraz@redhat.com> - 2.2.0-1 |
||||
- upgrade to 2.2.0 |
||||
|
||||
* Wed Aug 9 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.22-1 |
||||
- upgrade to 2.1.22 |
||||
|
||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.21-5 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild |
||||
|
||||
* Fri Jul 28 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.21-4 |
||||
- explictly remove gpgscm from the buildroot |
||||
|
||||
* Tue Jul 18 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.21-3 |
||||
- rebase the insttools patch |
||||
- enable large secure memory support |
||||
|
||||
* Tue May 16 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.21-2 |
||||
- scdaemon is now needed by gpg |
||||
|
||||
* Tue May 16 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.21-1 |
||||
- upgrade to 2.1.21 |
||||
|
||||
* Tue Apr 25 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.20-2 |
||||
- libdns aliasing issues fixed |
||||
|
||||
* Mon Apr 24 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.20-1 |
||||
- upgrade to 2.1.20 |
||||
- disable bundled libdns for now (#1444352) |
||||
|
||||
* Fri Mar 24 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.19-1 |
||||
- upgrade to 2.1.19 |
||||
- shorten time waiting on gpg-agent/dirmngr to start by exponential |
||||
backoff (#1431749) |
||||
|
||||
* Wed Mar 1 2017 Tomáš Mráz <tmraz@redhat.com> - 2.1.18-2 |
||||
- upgrade to 2.1.18 |
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.17-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild |
||||
|
||||
* Thu Jan 12 2017 Igor Gnatenko <ignatenko@redhat.com> - 2.1.17-2 |
||||
- Rebuild for readline 7.x |
||||
|
||||
* Thu Dec 22 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.17-1 |
||||
- upgrade to 2.1.17 |
||||
|
||||
* Mon Nov 28 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.16-1 |
||||
- upgrade to 2.1.16 |
||||
|
||||
* Mon Aug 22 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.13-2 |
||||
- avoid using libgcrypt without initialization (#1366909) |
||||
|
||||
* Tue Jul 12 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.13-1 |
||||
- upgrade to 2.1.13 |
||||
|
||||
* Thu May 5 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.12-1 |
||||
- upgrade to 2.1.12 |
||||
|
||||
* Tue Apr 12 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.11-4 |
||||
- make the pinentry dependency weak as for the public-key operations it |
||||
is not needed (#1324595) |
||||
|
||||
* Mon Mar 7 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.11-3 |
||||
- add recommends weak dependency for gnupg2-smime |
||||
|
||||
* Sat Mar 5 2016 Peter Robinson <pbrobinson@fedoraproject.org> 2.1.11-2 |
||||
- Don't ship ChangeLog, core details already covered in NEWS |
||||
|
||||
* Tue Feb 16 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.11-1 |
||||
- upgrade to 2.1.11 |
||||
|
||||
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.10-4 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild |
||||
|
||||
* Wed Jan 13 2016 Dan Horák <dan[at]danny.cz> - 2.1.10-3 |
||||
- fix the insttools patch |
||||
|
||||
* Wed Jan 13 2016 Tomáš Mráz <tmraz@redhat.com> - 2.1.10-2 |
||||
- rebase the insttools patch needed for full gpgv1 replacement |
||||
|
||||
* Mon Dec 7 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.10-1 |
||||
- upgrade to 2.1.10 |
||||
|
||||
* Mon Oct 12 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.9-1 |
||||
- upgrade to 2.1.9 |
||||
|
||||
* Fri Sep 11 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.8-1 |
||||
- upgrade to 2.1.8 |
||||
|
||||
* Thu Aug 13 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.7-1 |
||||
- upgrade to 2.1.7 |
||||
|
||||
* Tue Aug 11 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.6-1 |
||||
- upgrade to 2.1.6 |
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.5-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild |
||||
|
||||
* Fri Jun 12 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.5-1 |
||||
- upgrade to 2.1.5 |
||||
|
||||
* Tue May 26 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.4-2 |
||||
- use gnutls for TLS support in dirmngr (#1224816) |
||||
|
||||
* Fri May 15 2015 Robert Scheck <robert@fedoraproject.org> - 2.1.4-1 |
||||
- upgrade to 2.1.4 (#1192353) |
||||
|
||||
* Thu Apr 16 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.3-1 |
||||
- new upstream release fixing minor bugs |
||||
|
||||
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.1.2-2 |
||||
- Rebuilt for Fedora 23 Change |
||||
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code |
||||
|
||||
* Wed Feb 18 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.2-1 |
||||
- new upstream release fixing two minor security issues |
||||
|
||||
* Fri Jan 30 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.1-2 |
||||
- resolve conflict with gnupg by renaming conflicting manual page (#1187472) |
||||
|
||||
* Thu Jan 29 2015 Tomáš Mráz <tmraz@redhat.com> - 2.1.1-1 |
||||
- new upstream release |
||||
- this release now includes the dirmngr which is obsoleted as separate package |
||||
|
||||
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.25-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild |
||||
|
||||
* Tue Aug 5 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.25-1 |
||||
- new upstream release fixing a minor regression introduced by the previous one |
||||
- add --file-is-digest option needed for copr |
||||
|
||||
* Sat Jul 12 2014 Tom Callaway <spot@fedoraproject.org> - 2.0.24-2 |
||||
- fix license handling |
||||
|
||||
* Wed Jun 25 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.24-1 |
||||
- new upstream release fixing CVE-2014-4617 |
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.22-4 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild |
||||
|
||||
* Wed May 7 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-3 |
||||
- do not dump core if hash algorithm not available in the FIPS mode |
||||
|
||||
* Tue Mar 4 2014 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-2 |
||||
- rebuilt against new libgcrypt |
||||
|
||||
* Tue Oct 8 2013 Tomáš Mráz <tmraz@redhat.com> - 2.0.22-1 |
||||
- new upstream release fixing CVE-2013-4402 |
||||
|
||||
* Fri Aug 23 2013 Tomáš Mráz <tmraz@redhat.com> - 2.0.21-1 |
||||
- new upstream release |
||||
|
||||
* Wed Aug 7 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.20-3 |
||||
- adjust to the unversioned docdir change (#993785) |
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.20-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild |
||||
|
||||
* Wed May 15 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.20-1 |
||||
- new upstream release |
||||
|
||||
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-8 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||
|
||||
* Wed Jan 2 2013 Tomas Mraz <tmraz@redhat.com> - 2.0.19-7 |
||||
- fix CVE-2012-6085 - skip invalid key packets (#891142) |
||||
|
||||
* Thu Nov 22 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-6 |
||||
- use AES as default crypto algorithm in FIPS mode (#879047) |
||||
|
||||
* Fri Nov 16 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 2.0.19-5 |
||||
- rebuild for <f18 (#877106) |
||||
|
||||
* Fri Jul 27 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-4 |
||||
- fix negated condition (#843842) |
||||
|
||||
* Thu Jul 26 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-3 |
||||
- add compat symlinks and provides if built on RHEL |
||||
|
||||
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.19-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||
|
||||
* Tue Apr 24 2012 Tomas Mraz <tmraz@redhat.com> - 2.0.19-1 |
||||
- new upstream release |
||||
- set environment in protect-tool (#548528) |
||||
- do not reject OCSP signing certs without keyUsage (#720174) |
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.18-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||
|
||||
* Wed Oct 12 2011 Rex Dieter <rdieter@fedoraproject.org> 2.0.18-2 |
||||
- build with --enable-standard-socket |
||||
|
||||
* Wed Aug 17 2011 Tomas Mraz <tmraz@redhat.com> - 2.0.18-1 |
||||
- new upstream release (#728481) |
||||
|
||||
* Mon Jul 25 2011 Tomas Mraz <tmraz@redhat.com> - 2.0.17-2 |
||||
- fix a bug that shows up with the new libgcrypt release (#725369) |
||||
|
||||
* Thu Jan 20 2011 Tomas Mraz <tmraz@redhat.com> - 2.0.17-1 |
||||
- new upstream release (#669611) |
||||
|
||||
* Tue Aug 17 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.16-3 |
||||
- drop the provides/obsoletes for gnupg |
||||
- drop the man page file conflicting with gnupg-1.x |
||||
|
||||
* Fri Aug 13 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.16-2 |
||||
- drop the compat symlinks as gnupg-1.x is revived |
||||
|
||||
* Tue Jul 27 2010 Rex Dieter <rdieter@fedoraproject.org> - 2.0.16-1 |
||||
- gnupg-2.0.16 |
||||
|
||||
* Fri Jul 23 2010 Rex Dieter <rdieter@fedoraproject.org> - 2.0.14-4 |
||||
- gpgsm realloc patch (#617706) |
||||
|
||||
* Fri Jun 18 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-3 |
||||
- initialize small amount of secmem for list of algorithms in help (#598847) |
||||
(necessary in the FIPS mode of libgcrypt) |
||||
|
||||
* Tue Feb 9 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-2 |
||||
- disable selinux support - it is too rudimentary and restrictive (#562982) |
||||
|
||||
* Mon Jan 11 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-1 |
||||
- new upstream version |
||||
- fix a few tests so they do not need to execute gpg-agent |
||||
|
||||
* Tue Dec 8 2009 Michael Schwendt <mschwendt@fedoraproject.org> - 2.0.13-4 |
||||
- Explicitly BR libassuan-static in accordance with the Packaging |
||||
Guidelines (libassuan-devel is still static-only). |
||||
|
||||
* Fri Oct 23 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.13-3 |
||||
- drop s390 specific ifnarchs as all the previously missing dependencies |
||||
are now there |
||||
- split out gpgsm into a smime subpackage to reduce main package dependencies |
||||
|
||||
* Wed Oct 21 2009 Tomas Mraz <tmraz@redhat.com> - 2.0.13-2 |
||||
- provide/obsolete gnupg-1 and add compat symlinks to be able to drop |
||||
gnupg-1 |
||||
|
||||
* Fri Sep 04 2009 Rex Dieter <rdieter@fedoraproject.org> - 2.0.13-1 |
||||
- gnupg-2.0.13 |
||||
- Unable to use gpg-agent + input methods (#228953) |
||||
|
||||
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.12-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||
|
||||
* Wed Jun 17 2009 Rex Dieter <rdieter@fedoraproject.org> - 2.0.12-1 |
||||
- gnupg-2.0.12 |
||||
|
||||
* Wed Mar 04 2009 Rex Dieter <rdieter@fedoraproject.org> - 2.0.11-1 |
||||
- gnupg-2.0.11 |
||||
|
||||
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.10-2 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
||||
|
||||
* Sat Jan 31 2009 Karsten Hopp <karsten@redhat.com> 2.0.10-1 |
||||
- don't require pcsc-lite-libs and libusb on mainframe where |
||||
we don't have those packages as there's no hardware for that |
||||
|
||||
* Tue Jan 13 2009 Rex Dieter <rdieter@fedoraproject.org> 2.0.10-1 |
||||
- gnupg-2.0.10 |
||||
|
||||
* Mon Aug 04 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.9-3 |
||||
- workaround rpm quirks |
||||
|
||||
* Sat May 24 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.9-2 |
||||
- Patch from upstream to fix curl 7.18.1+ and gcc4.3+ compile error |
||||
|
||||
* Mon May 19 2008 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.9-1.1 |
||||
- minor release bump for sparc rebuild |
||||
|
||||
* Wed Mar 26 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.9-1 |
||||
- gnupg2-2.0.9 |
||||
- drop Provides: openpgp |
||||
- versioned Provides: gpg |
||||
- own %%_sysconfdir/gnupg |
||||
|
||||
* Fri Feb 08 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.8-3 |
||||
- respin (gcc43) |
||||
|
||||
* Wed Jan 23 2008 Rex Dieter <rdieter@fedoraproject.org> 2.0.8-2 |
||||
- avoid kde-filesystem dep (#427316) |
||||
|
||||
* Thu Dec 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.8-1 |
||||
- gnupg2-2.0.8 |
||||
|
||||
* Mon Dec 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.8-0.1.rc1 |
||||
- gnupg2-2.0.8rc1 |
||||
|
||||
* Tue Dec 04 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-5 |
||||
- respin for openldap |
||||
|
||||
* Mon Nov 12 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-4 |
||||
- Requires: kde-filesystem (#377841) |
||||
|
||||
* Wed Oct 03 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-3 |
||||
- %%build: (re)add mkdir -p $HOME/.gnupg |
||||
|
||||
* Wed Oct 03 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-2 |
||||
- Requires: dirmngr (#312831) |
||||
|
||||
* Mon Sep 10 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.7-1 |
||||
- gnupg-2.0.7 |
||||
|
||||
* Fri Aug 24 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.6-2 |
||||
- respin (libassuan) |
||||
|
||||
* Thu Aug 16 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.6-1 |
||||
- gnupg-2.0.6 |
||||
- License: GPLv3+ |
||||
|
||||
* Thu Aug 02 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.5-4 |
||||
- License: GPLv3 |
||||
|
||||
* Mon Jul 16 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.5-3 |
||||
- 2.0.5 too many open files fix |
||||
|
||||
* Fri Jul 06 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.5-2 |
||||
- gnupg-2.0.5 |
||||
- gpg-agent not restarted after kde session crash/killed (#196327) |
||||
- BR: libassuan-devel > 1.0.2, libksba-devel > 1.0.2 |
||||
|
||||
* Fri May 18 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.4-1 |
||||
- gnupg-2.0.4 |
||||
|
||||
* Thu Mar 08 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.3-1 |
||||
- gnupg-2.0.3 |
||||
|
||||
* Fri Feb 02 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 2.0.2-1 |
||||
- gnupg-2.0.2 |
||||
|
||||
* Wed Dec 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-2 |
||||
- CVE-2006-6235 (#219934) |
||||
|
||||
* Wed Nov 29 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-1 |
||||
- gnupg-2.0.1 |
||||
- CVE-2006-6169 (#217950) |
||||
|
||||
* Sat Nov 25 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.1-0.3.rc1 |
||||
- gnupg-2.0.1rc1 |
||||
|
||||
* Thu Nov 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.0-4 |
||||
- update %%description |
||||
- drop dearmor patch |
||||
|
||||
* Mon Nov 13 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.0-3 |
||||
- BR: libassuan-static >= 1.0.0 |
||||
|
||||
* Mon Nov 13 2006 Rex Dieter <rexdieter[AT]users.sf.net> 2.0.0-2 |
||||
- gnupg-2.0.0 |
||||
|
||||
* Fri Nov 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.95-3 |
||||
- upstream 64bit patch |
||||
|
||||
* Mon Nov 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.95-2 |
||||
- fix (more) file conflicts with gnupg |
||||
|
||||
* Mon Nov 06 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.95-1 |
||||
- 1.9.95 |
||||
|
||||
* Wed Oct 25 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.94-1 |
||||
- 1.9.94 |
||||
|
||||
* Wed Oct 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.93-1 |
||||
- 1.9.93 |
||||
|
||||
* Wed Oct 11 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.92-2 |
||||
- fix file conflicts with gnupg |
||||
|
||||
* Wed Oct 11 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.92-1 |
||||
- 1.9.92 |
||||
|
||||
* Tue Oct 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.91-4 |
||||
- make check ||: (apparently checks return err even on success?) |
||||
|
||||
* Tue Oct 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.91-3 |
||||
- --enable-selinux-support |
||||
- x86_64: --disable-optimization (to avoid gpg2 segfaults), for now |
||||
|
||||
* Thu Oct 05 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.91-1 |
||||
- 1.9.91 |
||||
|
||||
* Wed Oct 04 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-8 |
||||
- respin |
||||
|
||||
* Tue Sep 26 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.90-1 |
||||
- 1.9.90 (doesn't build, not released) |
||||
|
||||
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.23-1 |
||||
- 1.9.23 (doesn't build, not released) |
||||
|
||||
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-7 |
||||
- gpg-agent-startup.sh: fix case where valid .gpg-agent-info exists |
||||
|
||||
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-6 |
||||
- fix "syntax error in gpg-agent-startup.sh" (#206887) |
||||
|
||||
* Thu Sep 07 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-3 |
||||
- fc6 respin (for libksba-1.0) |
||||
|
||||
* Tue Aug 29 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-2 |
||||
- fc6 respin |
||||
|
||||
* Fri Jul 28 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.22-1 |
||||
- 1.9.22 |
||||
|
||||
* Thu Jun 22 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.21-3 |
||||
- fix "gpg-agent not restarted after kde session crash/killed (#196327) |
||||
|
||||
* Thu Jun 22 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.21-2 |
||||
- 1.9.21 |
||||
- omit gpg2 binary to address CVS-2006-3082 (#196190) |
||||
|
||||
* Mon Mar 6 2006 Ville Skyttä <ville.skytta at iki.fi>> 1.9.20-3 |
||||
- Don't hardcode pcsc-lite lib name (#184123) |
||||
|
||||
* Thu Feb 16 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.20-2 |
||||
- fc4+: use /etc/kde/(env|shutdown) for scripts (#175744) |
||||
|
||||
* Fri Feb 10 2006 Rex Dieter <rexdieter[AT]users.sf.net> |
||||
- fc5: gcc/glibc respin |
||||
|
||||
* Tue Dec 20 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.20-1 |
||||
- 1.9.20 |
||||
|
||||
* Thu Dec 01 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-8 |
||||
- include gpg-agent-(startup|shutdown) scripts (#136533) |
||||
- BR: libksba-devel >= 1.9.12 |
||||
- %%check: be permissive about failures (for now) |
||||
|
||||
* Wed Nov 30 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-3 |
||||
- BR: libksba-devel >= 1.9.13 |
||||
|
||||
* Tue Oct 11 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-2 |
||||
- back to BR: libksba-devel = 1.9.11 |
||||
|
||||
* Tue Oct 11 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.19-1 |
||||
- 1.9.19 |
||||
|
||||
* Fri Aug 26 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-9 |
||||
- configure: NEED_KSBA_VERSION=0.9.12 -> 0.9.11 |
||||
|
||||
* Fri Aug 26 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-7 |
||||
- re-enable 'make check', rebuild against (older) libksba-0.9.11 |
||||
|
||||
* Tue Aug 9 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-6 |
||||
- don't 'make check' by default (regular builds pass, but FC4/5+plague fails) |
||||
|
||||
* Mon Aug 8 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.18-5 |
||||
- 1.9.18 |
||||
- drop pth patch (--enable-gpg build fixed) |
||||
- update description (from README) |
||||
|
||||
* Fri Jul 1 2005 Ville Skyttä <ville.skytta at iki.fi> - 1.9.17-1 |
||||
- 1.9.17, signal info patch applied upstream (#162264). |
||||
- Patch to fix lvalue build error with gcc4 (upstream #485). |
||||
- Patch scdaemon and pcsc-wrapper to load the versioned (non-devel) |
||||
pcsc-lite lib by default. |
||||
|
||||
* Fri May 13 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.9.16-3 |
||||
- Include upstream's patch for signal.c. |
||||
|
||||
* Tue May 10 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.9.16-1 |
||||
- Merge changes from Rex's 1.9.16-1 (Thu Apr 21): |
||||
- opensc support unconditional |
||||
- remove hard-coded .gz from %%post/%%postun |
||||
- add %%check section |
||||
- add pth patch |
||||
- Put back patch modified from 1.9.15-4 to make tests verbose |
||||
and change signal.c to describe received signals better. |
||||
|
||||
* Sun May 8 2005 Michael Schwendt <mschwendt[AT]users.sf.net> |
||||
- Drop patch0 again. |
||||
|
||||
* Sun May 8 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 1.9.15-4 |
||||
- Add patch0 temporarily to get some output from failing test. |
||||
|
||||
* Sat May 7 2005 David Woodhouse <dwmw2@infradead.org> 1.9.15-3 |
||||
- Rebuild. |
||||
|
||||
* Thu Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net> |
||||
- rebuilt |
||||
|
||||
* Tue Feb 1 2005 Michael Schwendt <mschwendt[AT]users.sf.net> - 0:1.9.15-1 |
||||
- Make install-info in scriptlets less noisy. |
||||
|
||||
* Tue Jan 18 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.15-0.fdr.1 |
||||
- 1.9.15 |
||||
|
||||
* Fri Jan 07 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.14-0.fdr.2 |
||||
- note patch/hack to build against older ( <1.0) libgpg-error-devel |
||||
|
||||
* Thu Jan 06 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.14-0.fdr.1 |
||||
- 1.9.14 |
||||
- enable opensc support |
||||
- BR: libassuan-devel >= 0.6.9 |
||||
|
||||
* Thu Oct 21 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.4 |
||||
- remove suid. |
||||
|
||||
* Thu Oct 21 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.3 |
||||
- remove Provides: newpg |
||||
|
||||
* Wed Oct 20 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.2 |
||||
- Requires: pinentry |
||||
- gpg2 suid |
||||
- update description |
||||
|
||||
* Tue Oct 19 2004 Rex Dieter <rexdieter[AT]users.sf.net> 1.9.11-0.fdr.1 |
||||
- first try |
||||
- leave out opensc support (for now), enable --with-opensc |
||||
|
Loading…
Reference in new issue