rpms
/
gnupg2
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
...
pull from: rpms:i10cs
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8

No commits in common. 'c9' and 'i10cs' have entirely different histories.
c9 ... i10cs

14 changed files with 1821 additions and 381 deletions
Show Stats

4
.gitignore vendored
Unescape View File

@ -1,2 +1,2 @@
SOURCES/gnupg-2.3.3.tar.bz2
SOURCES/gnupg-2.3.3.tar.bz2.sig
SOURCES/gnupg-2.4.5.tar.bz2
SOURCES/gnupg-2.4.5.tar.bz2.sig

4
.gnupg2.metadata
Unescape View File

@ -1,2 +1,2 @@
b19a407076424704f1b00e8265254de1b3061659 SOURCES/gnupg-2.3.3.tar.bz2
38fed91a8c4b3ba09977ab06567395448b6f1242 SOURCES/gnupg-2.3.3.tar.bz2.sig
ae0935ead29a2dfa34d6b48d70808652bc3ca73b SOURCES/gnupg-2.4.5.tar.bz2
408af6802382e453953dac599f851c5c1415fa9b SOURCES/gnupg-2.4.5.tar.bz2.sig

112
SOURCES/gnupg-2.2.21-coverity.patch
Unescape View File

@ -11,55 +11,6 @@ diff -up gnupg-2.2.21/common/server-help.c.coverity gnupg-2.2.21/common/server-h
return 0;
}
From 912e77f07d8a42d7ad001eb3df76f6932ccfa857 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 7 Apr 2021 17:37:51 +0200
Subject: [PATCH GnuPG 01/19] agent: Avoid memory leaks
* agent/command.c (cmd_genkey): use goto leave instead of return
* agent/cvt-openpgp.c (convert_from_openpgp_main): use goto leave
instead of return
* agent/genkey.c (agent_ask_new_passphrase): fix typo to free correct
pointer
(agent_genkey): release memory
* agent/gpg-agent.c (check_own_socket): free sockname
* agent/protect-tool.c (read_key): free buf
(agent_askpin): free passphrase
* agent/protect.c (merge_lists): free newlist
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
agent/command.c | 2 +-
agent/cvt-openpgp.c | 5 ++++-
agent/genkey.c | 7 +++++--
agent/gpg-agent.c | 10 ++++++++--
agent/protect-tool.c | 6 +++++-
agent/protect.c | 5 ++++-
6 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/agent/protect.c b/agent/protect.c
index 76ead444b..50b10eb26 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -949,7 +949,10 @@ merge_lists (const unsigned char *protectedkey,
/* Copy the cleartext. */
s = cleartext;
if (*s != '(' && s[1] != '(')
- return gpg_error (GPG_ERR_BUG); /*we already checked this */
+ {
+ xfree (newlist);
+ return gpg_error (GPG_ERR_BUG); /*we already checked this */
+ }
s += 2;
startpos = s;
while ( *s == '(' )
--
2.30.2
From 7a707a3eff1c3fbe17a74337776871f408377cee Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 9 Apr 2021 16:13:07 +0200
@ -127,35 +78,6 @@ index f49083844..83786a08d 100644
--
2.30.2
From febbe77870b51e4e1158ae9efeaa0f3aad69a495 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 12 Apr 2021 14:48:59 +0200
Subject: [PATCH GnuPG 05/19] tools: Avoid memory leak sfrom gpgspilt
* tools/gpgsplit.c (write_part): free blob
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tools/gpgsplit.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/gpgsplit.c b/tools/gpgsplit.c
index cc7bf8ef5..93458068c 100644
--- a/tools/gpgsplit.c
+++ b/tools/gpgsplit.c
@@ -620,6 +620,7 @@ write_part (FILE *fpin, unsigned long pktlen,
}
}
+ xfree (blob);
goto ready;
}
--
2.30.2
From 7c8048b686a6e811d0b24febf3c5e2528e7881f1 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
@ -316,37 +238,3 @@ index cb0dd379a..9d85c5a41 100644
rc = opt.allow_admin? gpg_error (GPG_ERR_GENERAL) : 0;
--
2.30.2
From a94b0deab7c2ece2e512f87a52142454354d77b5 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 14 Apr 2021 18:49:03 +0200
Subject: [PATCH GnuPG 19/19] g10: Do not allocate memory when we can't return
it
* g10/keyid.c (fpr20_from_pk): Do not allocate memory when we can't
return it
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
g10/keyid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/g10/keyid.c b/g10/keyid.c
index 522cc9cda..f1af2fd90 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -899,7 +899,7 @@ fpr20_from_pk (PKT_public_key *pk, byte array[20])
compute_fingerprint (pk);
if (!array)
- array = xmalloc (pk->fprlen);
+ return;
if (pk->fprlen == 32) /* v5 fingerprint */
{
--
2.30.2

50
SOURCES/gnupg-2.3.3-CVE-2022-34903.patch
Unescape View File

@ -1,50 +0,0 @@
From 34c649b3601383cd11dbc76221747ec16fd68e1b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 14 Jun 2022 11:33:27 +0200
Subject: [PATCH GnuPG] g10: Fix garbled status messages in NOTATION_DATA
* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one
--
Depending on the escaping and line wrapping the computed remaining
buffer length could be wrong. Fixed by always using a break to
terminate the escape detection loop. Might have happened for all
status lines which may wrap.
GnuPG-bug-id: T6027
---
g10/cpr.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/g10/cpr.c b/g10/cpr.c
index 9bfdd3c34..fa8005d6f 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -372,20 +372,15 @@ write_status_text_and_buffer (int no, const char *string,
}
first = 0;
}
- for (esc=0, s=buffer, n=len; n && !esc; s++, n--)
+ for (esc=0, s=buffer, n=len; n; s++, n--)
{
if (*s == '%' || *(const byte*)s <= lower_limit
|| *(const byte*)s == 127 )
esc = 1;
if (wrap && ++count > wrap)
- {
- dowrap=1;
- break;
- }
- }
- if (esc)
- {
- s--; n++;
+ dowrap=1;
+ if (esc || dowrap)
+ break;
}
if (s != buffer)
es_fwrite (buffer, s-buffer, 1, statusfp);
--
2.37.1

30
SOURCES/gnupg-2.3.3-aead-packet.patch
Unescape View File

@ -1,30 +0,0 @@
commit eadf12a52c2e230174e076a0dcae68132094cefe
Author: Jakub Jelen <jjelen@redhat.com>
Date: Thu Feb 24 09:02:53 2022 +0100
sign: Construct valid AEAD packets.
* g10/sign.c (sign_symencrypt_file): Insert correct version and AEAD
information into symkey packet.
--
GnuPG-bug-id: 5856
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
diff --git a/g10/sign.c b/g10/sign.c
index bbcfabdb7..2ab76c99b 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1660,8 +1660,9 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
{
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
- enc->version = 4;
+ enc->version = cfx.dek->use_aead ? 5 : 4;
enc->cipher_algo = cfx.dek->algo;
+ enc->aead_algo = cfx.dek->use_aead;
enc->s2k = *s2k;
pkt.pkttype = PKT_SYMKEY_ENC;
pkt.pkt.symkey_enc = enc;

42
SOURCES/gnupg-2.3.3-ssh-fips.patch
Unescape View File

@ -1,42 +0,0 @@
From c4436ebfa58f219190f1244928001b4293293343 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 12 Apr 2022 16:26:58 +0200
Subject: [PATCH GnuPG] agent: Ignore MD5 Fingerprints for ssh keys
--
* agent/command-ssh.c (add_control_entry): Ignore failure of the MD5
digest
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
agent/command-ssh.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index a7784e728..46821e3c8 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1095,8 +1095,9 @@ add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
time_t atime = time (NULL);
err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr_md5);
+ /* ignore the errors as MD5 is not available in FIPS mode */
if (err)
- goto out;
+ fpr_md5 = NULL;
err = ssh_get_fingerprint_string (key, GCRY_MD_SHA256, &fpr_sha256);
if (err)
@@ -1113,7 +1114,8 @@ add_control_entry (ctrl_t ctrl, ssh_key_type_spec_t *spec,
spec->name,
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec,
- fpr_md5, fpr_sha256, hexgrip, ttl, confirm? " confirm":"");
+ fpr_md5? fpr_md5:"", fpr_sha256, hexgrip, ttl,
+ confirm? " confirm":"");
}
out:
--
2.39.2

21
SOURCES/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch → SOURCES/gnupg-2.4.0-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
Unescape View File

@ -1,3 +1,4 @@
From c9485d59f735dbf7509a0136a896fe76f9cc915a Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 13 Jun 2019 21:27:42 +0200
Subject: gpg: allow import of previously known keys, even without UIDs
@ -13,14 +14,14 @@ This fixes two of the three broken tests in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
g10/import.c | 44 +++++++++++---------------------------------
1 file changed, 11 insertions(+), 33 deletions(-)
g10/import.c | 45 +++++++++++----------------------------------
1 file changed, 11 insertions(+), 34 deletions(-)
diff --git a/g10/import.c b/g10/import.c
index 5d3162c..f9acf95 100644
index 9fab46ca6..c70a6221c 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl,
@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
@ -28,7 +29,7 @@ index 5d3162c..f9acf95 100644
KEYDB_HANDLE hd = NULL;
if (r_valid)
@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl,
@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n");
}
@ -43,12 +44,12 @@ index 5d3162c..f9acf95 100644
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
@@ -1907,18 +1898,10 @@ import_one_real (ctrl_t ctrl,
@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl,
}
}
- /* Delete invalid parts and bail out if there are no user ids left. */
- if (!delete_inv_parts (ctrl, keyblock, keyid, options))
- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
- {
- if (!silent)
- {
@ -62,11 +63,11 @@ index 5d3162c..f9acf95 100644
+ /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains
+ * no valid uids. */
+ delete_inv_parts (ctrl, keyblock, keyid, options);
+ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
/* Get rid of deleted nodes. */
commit_kbnode (&keyblock);
@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl,
@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl,
{
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
@ -91,7 +92,7 @@ index 5d3162c..f9acf95 100644
}
/* The keyblock is valid and ready for real import. */
@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl,
@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl,
err = 0;
stats->skipped_new_keys++;
}

106
SOURCES/gnupg-2.2.20-file-is-digest.patch → SOURCES/gnupg-2.4.1-file-is-digest.patch
Unescape View File

@ -1,7 +1,19 @@
diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
--- gnupg-2.2.20/g10/gpg.c.file-is-digest 2020-04-14 16:33:42.630269318 +0200
+++ gnupg-2.2.20/g10/gpg.c 2020-04-14 16:34:46.455100086 +0200
@@ -380,6 +380,7 @@ enum cmd_and_opt_values
From cdd5082a9e3bdfc8de4aee4835dbdd607b4510be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= <tmraz@fedoraproject.org>
Date: Tue, 5 Aug 2014 17:04:08 +0200
Subject: [PATCH gnupg] add --file-is-digest option needed for copr
---
g10/gpg.c | 4 +++
g10/options.h | 1 +
g10/sign.c | 93 ++++++++++++++++++++++++++++++++++++++++++++-------
3 files changed, 85 insertions(+), 13 deletions(-)
diff --git a/g10/gpg.c b/g10/gpg.c
index f9bc8395f..dcab0a11a 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -395,6 +395,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
@ -9,7 +21,7 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
oXauthority,
oGroup,
oUnGroup,
@@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = {
@@ -656,6 +657,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_s (oTempDir, "temp-directory", "@"),
ARGPARSE_s_s (oExecPath, "exec-path", "@"),
ARGPARSE_s_n (oExpert, "expert", "@"),
@ -17,7 +29,7 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
@@ -2419,6 +2421,7 @@ main (int argc, char **argv)
@@ -2484,6 +2486,7 @@ main (int argc, char **argv)
opt.keyid_format = KF_NONE;
opt.def_sig_expire = "0";
opt.def_cert_expire = "0";
@ -25,7 +37,7 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
opt.passphrase_repeat = 1;
opt.emit_version = 0;
opt.weak_digests = NULL;
@@ -2997,6 +3000,7 @@ main (int argc, char **argv)
@@ -3111,6 +3114,7 @@ main (int argc, char **argv)
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
case oForceAEAD: opt.force_aead = 1; break;
@ -33,10 +45,11 @@ diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
case oIncludeKeyBlock: opt.flags.include_key_block = 1; break;
diff -up gnupg-2.2.20/g10/options.h.file-is-digest gnupg-2.2.20/g10/options.h
--- gnupg-2.2.20/g10/options.h.file-is-digest 2020-03-14 19:54:05.000000000 +0100
+++ gnupg-2.2.20/g10/options.h 2020-04-14 16:33:42.634269245 +0200
@@ -202,6 +202,7 @@ struct
diff --git a/g10/options.h b/g10/options.h
index 9015e321f..10852046c 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -219,6 +219,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@ -44,9 +57,10 @@ diff -up gnupg-2.2.20/g10/options.h.file-is-digest gnupg-2.2.20/g10/options.h
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
--- gnupg-2.2.20/g10/sign.c.file-is-digest 2020-03-14 19:35:46.000000000 +0100
+++ gnupg-2.2.20/g10/sign.c 2020-04-14 16:36:54.661751422 +0200
diff --git a/g10/sign.c b/g10/sign.c
index b5e9d422d..7ad143649 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -40,6 +40,7 @@
#include "pkglue.h"
#include "../common/sysutils.h"
@ -55,7 +69,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
#include "../common/mbox-util.h"
#include "../common/compliance.h"
@@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl,
@@ -945,6 +946,8 @@ write_signature_packets (ctrl_t ctrl,
if (pk->version >= 5)
sig->version = 5; /* Required for v5 keys. */
@ -64,11 +78,11 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
else
sig->version = 4; /* Required. */
@@ -860,14 +863,22 @@ write_signature_packets (ctrl_t ctrl,
@@ -962,14 +965,22 @@ write_signature_packets (ctrl_t ctrl,
if (gcry_md_copy (&md, hash))
BUG ();
- build_sig_subpkt_from_sig (sig, pk);
- build_sig_subpkt_from_sig (sig, pk, 0);
- mk_notation_policy_etc (ctrl, sig, NULL, pk);
- if (opt.flags.include_key_block && IS_SIG (sig))
- err = mk_sig_subpkt_key_block (ctrl, sig, pk);
@ -78,7 +92,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
- gcry_md_final (md);
+ if (!opt.file_is_digest)
+ {
+ build_sig_subpkt_from_sig (sig, pk);
+ build_sig_subpkt_from_sig (sig, pk, 0);
+ mk_notation_policy_etc (ctrl, sig, NULL, pk);
+ if (opt.flags.include_key_block && IS_SIG (sig))
+ err = mk_sig_subpkt_key_block (ctrl, sig, pk);
@ -95,7 +109,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
if (!err)
err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
@@ -924,6 +930,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1034,6 +1045,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
@ -104,7 +118,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
pt_extra_hash_data_t extrahash = NULL;
pfx = new_progress_context ();
@@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1056,7 +1069,16 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
fname = NULL;
if (fname && filenames->next && (!detached || encryptflag))
@ -122,7 +136,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
if (encryptflag == 2
&& (rc = setup_symkey (&efx.symkey_s2k, &efx.symkey_dek)))
@@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1077,7 +1099,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
goto leave;
/* Prepare iobufs. */
@ -131,7 +145,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
inp = NULL; /* we do it later */
else
{
@@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1240,7 +1262,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@ -140,7 +154,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
iobuf_push_filter (inp, md_filter, &mfx);
if (detached && !encryptflag)
@@ -1155,6 +1172,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1306,6 +1328,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
write_status_begin_signing (mfx.md);
@ -149,13 +163,13 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
/* Setup the inner packet. */
if (detached)
{
@@ -1195,6 +1214,49 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1353,6 +1377,49 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
if (opt.verbose)
log_printf ("\n");
}
+ else if (opt.file_is_digest)
+ {
+ byte *mdb, ts[5];
+ byte *mdb, ts[5] = {0};
+ size_t mdlen;
+ const char *fp;
+ int c, d;
@ -165,31 +179,31 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
+ mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
+ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
+ if (strlen(fname) != mdlen * 2 + 11)
+ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
+ log_bug("digests must be %zu + '@' + 5 bytes\n", mdlen);
+ d = -1;
+ for (fp = fname ; *fp; )
+ {
+ c = *fp++;
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'f')
+ c -= 'a' - 10;
+ else if (c >= 'A' && c <= 'F')
+ c -= 'A' - 10;
+ else
+ log_bug("filename is not hex\n");
+ if (d >= 0)
+ c = *fp++;
+ if (c >= '0' && c <= '9')
+ c -= '0';
+ else if (c >= 'a' && c <= 'f')
+ c -= 'a' - 10;
+ else if (c >= 'A' && c <= 'F')
+ c -= 'A' - 10;
+ else
+ log_bug("filename is not hex\n");
+ if (d >= 0)
+ {
+ *mdb++ = d << 4 | c;
+ c = -1;
+ if (--mdlen == 0)
+ *mdb++ = d << 4 | c;
+ c = -1;
+ if (--mdlen == 0)
+ {
+ mdb = ts;
+ if (*fp++ != '@')
+ log_bug("missing time separator\n");
+ }
+ }
+ d = c;
+ mdb = ts;
+ if (*fp++ != '@')
+ log_bug("missing time separator\n");
+ }
+ }
+ d = c;
+ }
+ sigclass = ts[0];
+ if (sigclass != 0x00 && sigclass != 0x01)
@ -199,7 +213,7 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
else
{
/* Read, so that the filter can calculate the digest. */
@@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1374,8 +1441,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
/* Write the signatures. */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md, extrahash,

275
SOURCES/gnupg-2.4.3-restore-systemd-sockets.patch
Unescape View File

@ -0,0 +1,275 @@
From eae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 23 Jan 2023 16:34:19 +0100
Subject: [PATCH] doc: Remove profile and systemd example files.
--
The profiles are not any longer useful because global options are way
more powerful (/etc/gnupg/gpg.conf et al.). The use of systemd is
deprecated because of additional complexity and the race between
systemd based autolaunching and the explicit gnupg based and lockfile
protected autolaunching.
GnuPG-bug-id: 6336
---
diff --git b/doc/Makefile.am a/doc/Makefile.am
index 390153c76..0093c43a8 100644
--- b/doc/Makefile.am
+++ a/doc/Makefile.am
@@ -22,6 +22,14 @@ AM_CPPFLAGS =
examples/qualified.txt \
examples/common.conf \
examples/gpgconf.rnames examples/gpgconf.conf \
+ examples/systemd-user/README \
+ examples/systemd-user/dirmngr.service \
+ examples/systemd-user/dirmngr.socket \
+ examples/systemd-user/gpg-agent.service \
+ examples/systemd-user/gpg-agent.socket \
+ examples/systemd-user/gpg-agent-ssh.socket \
+ examples/systemd-user/gpg-agent-browser.socket \
+ examples/systemd-user/gpg-agent-extra.socket \
examples/pwpattern.list
helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
diff --git b/doc/Makefile.in a/doc/Makefile.in
index 390153c76..0093c43a8 100644
--- b/doc/Makefile.in
+++ a/doc/Makefile.in
@@ -475,6 +475,14 @@ AM_CPPFLAGS =
examples/qualified.txt \
examples/common.conf \
examples/gpgconf.rnames examples/gpgconf.conf \
+ examples/systemd-user/README \
+ examples/systemd-user/dirmngr.service \
+ examples/systemd-user/dirmngr.socket \
+ examples/systemd-user/gpg-agent.service \
+ examples/systemd-user/gpg-agent.socket \
+ examples/systemd-user/gpg-agent-ssh.socket \
+ examples/systemd-user/gpg-agent-browser.socket \
+ examples/systemd-user/gpg-agent-extra.socket \
examples/pwpattern.list
helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \
diff --git b/doc/examples/README a/doc/examples/README
index cd341ab57..67508c471 100644
--- b/doc/examples/README
+++ a/doc/examples/README
@@ -8,6 +8,8 @@ trustlist.txt A list of trustworthy root certificates
gpgconf.conf A sample configuration file for gpgconf.
+systemd-user Sample files for a Linux-only init system.
+
qualified.txt Sample file for qualified.txt.
common.conf Sample file for common options.
diff --git b/doc/examples/gpgconf.conf a/doc/examples/gpgconf.conf
index 314b955b9..a61d4d453 100644
--- b/doc/examples/gpgconf.conf
+++ a/doc/examples/gpgconf.conf
@@ -1,9 +1,5 @@
# gpgconf.conf - configuration for gpgconf
#----------------------------------------------------------------------
-#
-# === The use of this feature is deprecated ===
-# == Please use the more powerful global options. ==
-#
# This file is read by gpgconf(1) to setup defaults for all or
# specified users and groups. It may be used to change the hardwired
# defaults in gpgconf and to enforce certain values for the various
diff --git b/doc/examples/systemd-user/README a/doc/examples/systemd-user/README
new file mode 100644
index 000000000..43122f568
--- /dev/null
+++ a/doc/examples/systemd-user/README
@@ -0,0 +1,66 @@
+Socket-activated dirmngr and gpg-agent with systemd
+===================================================
+
+When used on a GNU/Linux system supervised by systemd, you can ensure
+that the GnuPG daemons dirmngr and gpg-agent are launched
+automatically the first time they're needed, and shut down cleanly at
+session logout. This is done by enabling user services via
+socket-activation.
+
+System distributors
+-------------------
+
+The *.service and *.socket files (from this directory) should be
+placed in /usr/lib/systemd/user/ alongside other user-session services
+and sockets.
+
+To enable socket-activated dirmngr for all accounts on the system,
+use:
+
+ systemctl --user --global enable dirmngr.socket
+
+To enable socket-activated gpg-agent for all accounts on the system,
+use:
+
+ systemctl --user --global enable gpg-agent.socket
+
+Additionally, you can enable socket-activated gpg-agent ssh-agent
+emulation for all accounts on the system with:
+
+ systemctl --user --global enable gpg-agent-ssh.socket
+
+You can also enable restricted ("--extra-socket"-style) gpg-agent
+sockets for all accounts on the system with:
+
+ systemctl --user --global enable gpg-agent-extra.socket
+
+Individual users
+----------------
+
+A user on a system with systemd where this has not been installed
+system-wide can place these files in ~/.config/systemd/user/ to make
+them available.
+
+If a given service isn't installed system-wide, or if it's installed
+system-wide but not globally enabled, individual users will still need
+to enable them. For example, to enable socket-activated dirmngr for
+all future sessions:
+
+ systemctl --user enable dirmngr.socket
+
+To enable socket-activated gpg-agent with ssh support, do:
+
+ systemctl --user enable gpg-agent.socket gpg-agent-ssh.socket
+
+These changes won't take effect until your next login after you've
+fully logged out (be sure to terminate any running daemons before
+logging out).
+
+If you'd rather try a socket-activated GnuPG daemon in an
+already-running session without logging out (with or without enabling
+it for all future sessions), kill any existing daemon and start the
+user socket directly. For example, to set up socket-activated dirmgnr
+in the current session:
+
+ gpgconf --kill dirmngr
+ systemctl --user start dirmngr.socket
diff --git b/doc/examples/systemd-user/dirmngr.service a/doc/examples/systemd-user/dirmngr.service
new file mode 100644
index 000000000..3c060cde5
--- /dev/null
+++ a/doc/examples/systemd-user/dirmngr.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=GnuPG network certificate management daemon
+Documentation=man:dirmngr(8)
+Requires=dirmngr.socket
+
+[Service]
+ExecStart=/usr/bin/dirmngr --supervised
+ExecReload=/usr/bin/gpgconf --reload dirmngr
diff --git b/doc/examples/systemd-user/dirmngr.socket a/doc/examples/systemd-user/dirmngr.socket
new file mode 100644
index 000000000..ebabf896a
--- /dev/null
+++ a/doc/examples/systemd-user/dirmngr.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=GnuPG network certificate management daemon
+Documentation=man:dirmngr(8)
+
+[Socket]
+ListenStream=%t/gnupg/S.dirmngr
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git b/doc/examples/systemd-user/gpg-agent-browser.socket a/doc/examples/systemd-user/gpg-agent-browser.socket
new file mode 100644
index 000000000..bc8d344e1
--- /dev/null
+++ a/doc/examples/systemd-user/gpg-agent-browser.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (access for web browsers)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.browser
+FileDescriptorName=browser
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git b/doc/examples/systemd-user/gpg-agent-extra.socket a/doc/examples/systemd-user/gpg-agent-extra.socket
new file mode 100644
index 000000000..5b87d09df
--- /dev/null
+++ a/doc/examples/systemd-user/gpg-agent-extra.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache (restricted)
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.extra
+FileDescriptorName=extra
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git b/doc/examples/systemd-user/gpg-agent-ssh.socket a/doc/examples/systemd-user/gpg-agent-ssh.socket
new file mode 100644
index 000000000..798c1d967
--- /dev/null
+++ a/doc/examples/systemd-user/gpg-agent-ssh.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=GnuPG cryptographic agent (ssh-agent emulation)
+Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent.ssh
+FileDescriptorName=ssh
+Service=gpg-agent.service
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
diff --git b/doc/examples/systemd-user/gpg-agent.service a/doc/examples/systemd-user/gpg-agent.service
new file mode 100644
index 000000000..a050fccdc
--- /dev/null
+++ a/doc/examples/systemd-user/gpg-agent.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+Requires=gpg-agent.socket
+
+[Service]
+ExecStart=/usr/bin/gpg-agent --supervised
+ExecReload=/usr/bin/gpgconf --reload gpg-agent
diff --git b/doc/examples/systemd-user/gpg-agent.socket a/doc/examples/systemd-user/gpg-agent.socket
new file mode 100644
index 000000000..4257c2c80
--- /dev/null
+++ a/doc/examples/systemd-user/gpg-agent.socket
@@ -0,0 +1,12 @@
+[Unit]
+Description=GnuPG cryptographic agent and passphrase cache
+Documentation=man:gpg-agent(1)
+
+[Socket]
+ListenStream=%t/gnupg/S.gpg-agent
+FileDescriptorName=std
+SocketMode=0600
+DirectoryMode=0700
+
+[Install]
+WantedBy=sockets.target
--
2.41.0

0
SOURCES/gnupg-2.3.1-revert-default-eddsa.patch → SOURCES/gnupg-2.4.5-revert-default-eddsa.patch
Unescape View File

1016
SOURCES/gnupg-2.4.5-sast.patch
View File

File diff suppressed because it is too large Load Diff

200
SOURCES/gnupg2-revert-rfc4880bis.patch
Unescape View File

@ -0,0 +1,200 @@
From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 9 Feb 2023 16:38:58 +0100
Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into
defaults
This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into
--gnupg, 2022-10-31).
---
g10/gpg.c | 35 ++++++++++++++++++++++++++++++++---
g10/keygen.c | 30 ++++++++++++++++++------------
2 files changed, 50 insertions(+), 15 deletions(-)
diff --git a/g10/gpg.c b/g10/gpg.c
index dcab0a11a..796888013 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -247,6 +247,7 @@ enum cmd_and_opt_values
oGnuPG,
oRFC2440,
oRFC4880,
+ oRFC4880bis,
oOpenPGP,
oPGP7,
oPGP8,
@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] =
{
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
- { "rfc4880bis", oGnuPG },
+ { "rfc4880bis", oRFC4880bis },
{ "rfc4880", oRFC4880 },
{ "rfc2440", oRFC2440 },
{ "pgp6", oPGP7 },
@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] =
static void
set_compliance_option (enum cmd_and_opt_values option)
{
+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
+
switch (option)
{
+ case oRFC4880bis:
+ opt.flags.rfc4880bis = 1;
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 1;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
+ break;
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option)
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG:
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
break;
case oDE_VS:
@@ -2491,6 +2513,7 @@ main (int argc, char **argv)
opt.emit_version = 0;
opt.weak_digests = NULL;
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
/* Check special options given on the command line. */
orig_argc = argc;
@@ -3033,6 +3056,7 @@ main (int argc, char **argv)
case oOpenPGP:
case oRFC2440:
case oRFC4880:
+ case oRFC4880bis:
case oPGP7:
case oPGP8:
case oGnuPG:
@@ -3862,6 +3886,11 @@ main (int argc, char **argv)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
+ if (!opt.flags.rfc4880bis)
+ {
+ opt.mimemode = 0; /* This will use text mode instead. */
+ }
+
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
@@ -4078,7 +4107,7 @@ main (int argc, char **argv)
/* Check our chosen algorithms against the list of legal
algorithms. */
- if(!GNUPG)
+ if(!GNUPG && !opt.flags.rfc4880bis)
{
const char *badalg=NULL;
preftype_t badtype=PREFTYPE_NONE;
diff --git a/g10/keygen.c b/g10/keygen.c
index a2cfe3ccf..2a1dd1f81 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal)
strcat(dummy_string,"S7 ");
strcat(dummy_string,"S2 "); /* 3DES */
- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
strcat(dummy_string,"A2 ");
if (personal)
@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
/* Make sure that the MDC feature flag is set if needed. */
add_feature_mdc (sig,mdc_available);
add_feature_aead (sig, aead_available);
- add_feature_v5 (sig, 1);
+ add_feature_v5 (sig, opt.flags.rfc4880bis);
add_keyserver_modify (sig,ks_modify);
keygen_add_keyserver_url(sig,NULL);
@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
}
}
else if (!ascii_strcasecmp (s, "v5"))
- keyversion = 5;
+ {
+ if (opt.flags.rfc4880bis)
+ keyversion = 5;
+ }
else if (!ascii_strcasecmp (s, "v4"))
keyversion = 4;
else
@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
* ecdsa := Use algorithm ECDSA.
* eddsa := Use algorithm EdDSA.
* ecdh := Use algorithm ECDH.
- * v5 := Create version 5 key
+ * v5 := Create version 5 key (requires option --rfc4880bis)
*
* There are several defaults and fallbacks depending on the
* algorithm. PART can be used to select which part of STRING is
@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname )
}
}
- if ((keywords[i].key == pVERSION
- || keywords[i].key == pSUBVERSION))
- ; /* Ignore version. */
+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
+ || keywords[i].key == pSUBVERSION))
+ ; /* Ignore version unless --rfc4880bis is active. */
else
{
r = xmalloc_clear( sizeof *r + strlen( value ) );
@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
para = r;
}
- r = xmalloc_clear (sizeof *r + 20);
- r->key = for_subkey? pSUBVERSION : pVERSION;
- snprintf (r->u.value, 20, "%d", version);
- r->next = para;
- para = r;
+ if (opt.flags.rfc4880bis)
+ {
+ r = xmalloc_clear (sizeof *r + 20);
+ r->key = for_subkey? pSUBVERSION : pVERSION;
+ snprintf (r->u.value, 20, "%d", version);
+ r->next = para;
+ para = r;
+ }
if (keytime)
{

86
SOURCES/signature_key.asc
Unescape View File

@ -0,0 +1,86 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBFjLuq4BDACnM7zNSIaVMAacTwjXa5TGYe13i6ilHe4VL0NShzrgzjcQg531
3cRgiiiNA7OSOypMqVs73Jez6ZUctn2GVsHBrS/io9NcuC9pVwf8a61WlcEa+EtB
a3G7HlBmEWnwaUdAtWKNuAi9Xn+Ir7H2xEdksmmd5a0/QnL+sX705boVPF/tpYtb
LGpPxa78tNrtxDkSwy8Wmi0IADYLI5yI7/yUGeJd8RSCU/fLRKC9fG7YOZRq0tsO
MhVNWmtUjbG6e73Lu8LKnCZgs1/fC8hvPyARieSV5mdN8s1oWd7oYctfgL4uBleD
ItAA8GhjKejutzHN8Ei/APw6AiiSyEjnPg+cTX8OgvLGJWjks0H6mPZeB1v/kGyZ
hBS9vm540h2/MmlVN2ntiCK5TZGeSWpqddiqusfVXotMRpN4HeLKoZh4RAncaCbZ
F/S+YLeN+kMXY4k3Fqt1fjTX6veFCbthI9pDdHzU9LfUVNp9D/5ktC/tYMORMegV
+wSMxi9G2YWKJkMAEQEAAYkBzgQfAQgAOBYhBFuAxXVCmPDLVdjtarzvfilLCS4o
BQJYy8DdFwyAAZSlyaA8L+XKOwldjh/fcjz0YraxAgcAAAoJELzvfilLCS4oNgoL
/0+K1xIx8JW7Lk5M6bYCvNA4fdlEcwQIT4UidJFM9m+suxYFWIGfebvHpRlEuJTg
dBjkEit8uLAoJXU0BRkKTLrzTF+qDUE79Wfx/R+0nOgJ7aMykQOi0AvuwzMYz4dg
xIVS2Daou4DF7bh/KF8+fqrmq8P8W1ZrkuFDanMWpHeAPx1uj2skYbo7uPqFdvlJ
hlNHrcxlcCkjf1InAt0Xt5lMvEsCRUPf9xAH4mNEhs0lh9c+200YPRmtnLWAzc1K
ckLIC8Q+mUR3DjZDqBlDBEPegXkrI0+MlvRA+9AnAm4YPqTMUfpZ6ZOAWeFjC/6Z
QYxG/AdWGkb4WFindzklQfybEuiekP8vU07ACQwSwH8PYe0UCom1YrlRUjX7QLkn
ZLWoeZg8BZy9GTM1Ut7Q1Q2uTw6mxxISuef+RFgYOHjWwLpFWZpqC88xERl7o/iz
iERJRt/593IctbjO9wenWt2peIAwzR4nz7LqM6ZFTdRAETmcdSvYRhg2Qt8hUE47
CbQkQW5kcmUgSGVpbmVja2UgKFJlbGVhc2UgU2lnbmluZyBLZXkpiQHUBBMBCAA+
FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLuq4CGwMFCRLMAwAFCwkIBwIGFQgJ
CgsCBBYCAwECHgECF4AACgkQvO9+KUsJLihC/QwAhCC+SEvcFLcutgZ8HfcCtoZs
IoVzZEy7DjqIvGgnTssD8HCLnIAHCDvnP7dJW3uMuLCdSqym3cjlEIiQMsaGywkl
fzJISAwJrGQdWSKRd535jXpEXQlXDKal/IwMKAUt0PZtlCc9S3gwixQryxdJ28lJ
6h2T9fVDr8ZswMmTAFG91uctfhjKOMgPt8UhSPGW484WsIsQgkbOvf+Kfswl0eHu
ywX+pKAB5ZQ/9GVC6Ug4xfrdiJL0azJTPnvjMY5JYp6/L9RURs5hP5AnHR2j/PPo
sAtsFCjmbRbOMiASzklnUJPbSz5kfLloDWZmrUScjbzmsXehGyt433JGyRhZJl4x
/jPbzKhaaAHsGd+fRao6vlLOwFywDDVMp6JuyK7UeUb7I8ekTbSkGFA+l2Oa3O6/
Y7PYhq7hwwAFuZckYI98IpHNCG1fS9W07FyKdvQbK1PbF1JFRKfsUCWYMKqDnbqE
o5jivPEHZImw6iYhhXcyEYl8fjcb9T6/S+wOP7aviQGzBBABCAAdFiEElKXJoDwv
5co7CV2OH99yPPRitrEFAljLv5sACgkQH99yPPRitrFw4gv/XFMFN+/LHsn9hJOP
4rCwl1yUuxXuYmZgc0sRoY3EpeQkJVyKurQuqqKoy2VuoMiF0O1kAQmGoFtVPUk7
b8hCoutqB5GyeyKcoLP+WINgVhB2gXg7TSp3MPLBKkgqvSDvPitgRxBqFb4LW8LJ
bDbfwGrzIvXfDV3WvsrHVPbc2fhlWdL8d+3AE6mFiXF3eTpgmV3ApSBQV12MkkCk
icLIPmp+ZxZON+OP52ZXkRtfMgOy4Oa/41agrViDAZdMOGeGkhPertQheQZgXzmo
GF5Wz498HPM80Kv35X91l3iGzL+icEtO+tWea2YscsZ6qpRe2lfVPHk3B+anlmCj
m4kM4cBd39xa4HHSVh/bRHbZNtgVr7slQCKxlHgQOGVI5vCxPCwEsgJ2KBk03Nk/
IA9EKO+czfh3/bHW6uMbEqrYDCnt+hmzZrpKDSGcwS/KOhvMUIMlb7/8vDKum6mp
/8xAtVZ6IAxYZNt3qg7Y7aLRtzCTyqm8rJQrZPtRaQcgLoEimDMEX0PliRYJKwYB
BAHaRw8BAQdAz75Hlekc16JhhfI0MKdEVxLdkxhcMCO0ZG6WMBAmNpe0H1dlcm5l
ciBLb2NoIChkaXN0IHNpZ25pbmcgMjAyMCmImgQTFgoAQhYhBG2qbmSnbShAVxtJ
AlKIl7gmQDraBQJfQ+w1AhsDBQkShccRBQsJCAcCAyICAQYVCgkICwIEFgIDAQIe
BwIXgAAKCRBSiJe4JkA62nmuAP9uL/HOdB0gvwWrH+FpURJLs4bnaZaPIk9ARrU0
EXRgJgD/YCGfHQXpIPT0ZaXuwJexK04Z+qMFR/bM1q1Leo5CjgaIbQQQEQsAHRYh
BIBhWHD1utaQMzaG0PKthaweQrNnBQJfQ/HmAAoJEPKthaweQrNnIZkA3jG6LcZv
V/URn8Y8OJqsyYa4C3NI4nN+OhEvYhgA4PHzMnALeXIpA2gblvjFIPJPAhDBAU37
c5PA6+6IdQQQFggAHRYhBK6oTtzwGthsRwHIXGMROuhmWH0KBQJfQ/IlAAoJEGMR
OuhmWH0K1+MA/0uJ5AHcnSfIBEWHNJwwVVLGyrxAWtS2U+zeymp/UvlPAQDErCLZ
l0dBiPG3vlowFx5TNep7tanBs6ZJn8F1ao1tAIkBMwQQAQgAHRYhBNhpISPEBl3q
Xg86tSSbOdJPJeO2BQJfQ/OuAAoJECSbOdJPJeO2DVoH/0o9if66ph6FJrgr+A/W
HNVeHxmM5tUQhpL1wpRS70SKcsJgolf5CxO5iTQf3HlZe544xGbIU/aCTJsWw9zi
UE8KmhAtKV4eL/7oQ7xx4nxPnABLpudtM8A44nsM1x/XiYrJnnDm29QjYEGd2Hi8
7npc7VWKzLoj+I/WcXquynJi5O9TUxW9Bknd1pjpxFkf8v+msjBzCD5VKJgr0CR8
wA6peQBWeGZX2HacosMIZH4TfL0r0TFla6LJIkNBz9DyIm1yL4L8oRH0950hQljP
C7TM3L7aRpX+4Kph6llFz6g7MALGFP95kyJ6o+XED9ORuuQVZMBMIkNC0tXOu10V
bdqIdQQQFgoAHRYhBMHTS2khnkruwLocIeP9/yGORbcrBQJfQ/P8AAoJEOP9/yGO
Rbcr3lQBAMas8Vl3Hdl3g2I283lz1uHiGvlwcnk2TLeB+U4zIwC9AQCy0nnazVNt
VQPID1ZCMoaOX7AzOjaqQDLf4j+dVTxgBJgzBGCkgocWCSsGAQQB2kcPAQEHQJmd
fwp8jEN5P3eEjhQiWk6zQi8utvgOvYD57XmE+H8+tCBOaWliZSBZdXRha2EgKEdu
dVBHIFJlbGVhc2UgS2V5KYiaBBMWCgBCFiEErI4RW/c+LY1H+pkI6Y6bLRnGyL0F
AmCkgocCGwMFCQsNBpkFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEOmO
my0Zxsi9/4IA/1rvSr3MU+Sv4jhNDzD+CeC3gmHkPew6pi9VHEsEwdgmAQD2BtiX
7w1sJL/CBylGWv5jxj4345mP9YfZm0RsgzPjDIh1BBAWCAAdFiEEJJyzdxdQdF1c
3TI84mewUjZPAo0FAmFAQ54ACgkQ4mewUjZPAo1CiAD+KTT1UVdQTGHMyvHwZocS
QjU8xhcZrTet+dvvjrE5+4MA/RBdJPZgFevUKu68NEy0Lo+RbkeCtmQJ/c8v5ieF
vW0AiQEzBBABCAAdFiEEEkEkvTtIYq96CkLxALRevUynur4FAmFAQ7cACgkQALRe
vUynur4kaAgAolPR8TNWVS0vXMKrr0k0l2M/8QkZTaLZx1GT9Nx1yb4WJKY7ElPM
YkhGDxetvFBETx0pH/6R3jtj6Crmur+NKHVSRY+rCYpFPDn6ciIOryssRx2G4kCZ
t+nFB9JyDbBOZAR8DK4pN1mAxG/yLDt4oKcUQsP2xlEFum+phxyR8KyYCpkwKRxY
eK+6lfilQuveoUwp/Xx5wXPNUy6q4eOOovCW7gS7I7288NGHCa2ul8sD6vA9C4mM
4Zxaole9P9wwJe1zZFtCIy88zHM9vqv+YM9DxMCaW24+rUztr7eD4bCRdG+QlSh+
7R/TaqSxY1eAAd1J5tma9CNJO73pTKU+/JhTBGFpSqMTCSskAwMCCAEBBwIDBF6X
D9NmUQDgiyYNbhs1DMJ14mIw812wY1HVx/4QWYWiBunhrvSFxVbzsjD7/Wv+v3bm
MPrL+M2DLyFiSewNmcS0JEdudVBHLmNvbSAoUmVsZWFzZSBTaWduaW5nIEtleSAy
MDIxKYiaBBMTCABCFiEEAvON/3Mf+XywOaHaVJ5pXpBboggFAmFpSqMCGwMFCQ9x
14oFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFSeaV6QW6IITkoA/RYa
jaTl1eEBU/Gdm12o3jrI55N5xZK2XTqSx25clVyjAP0XwMW/Og5+ND1ri3bAqADV
WlBDUswz8wYxsb0C4kYBkoh1BBAWCgAdFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoF
AmFpTvEACgkQUoiXuCZAOtrJQAEAh7YyykjAy/Qs1yC3ji8iBfIVnPXvblrIx3SR
RyDwRC8BAKtZbEuKTtPlgkLUgMleTcZJ/vEhJE+GvfQ9o5gWCqEFiHUEEBYKAB0W
IQTB00tpIZ5K7sC6HCHj/f8hjkW3KwUCYWlPWgAKCRDj/f8hjkW3Kx4eAQDp6aGS
N/fU4xLl8RSvQUVjVA+aCTrMQR3hRwqw8liF2wEA3O3ECxz6e1+DoItYoJBBLKLw
eiInsGZ/+h5XYrpXTgA=
=4+Sn
-----END PGP PUBLIC KEY BLOCK-----

244
SPECS/gnupg2.spec
Unescape View File

@ -1,84 +1,84 @@
%if 0%{?fedora} && 0%{?fedora} < 30
%bcond_with unversioned_gpg
%else
%bcond_without unversioned_gpg
%endif
%bcond_with bootstrap
Summary: Utility for secure communication and data storage
Name: gnupg2
Version: 2.3.3
Release: 4%{?dist}
Version: 2.4.5
Release: 2%{?dist}
License: GPLv3+
License: CC0-1.0 AND GPL-2.0-or-later AND GPL-3.0-or-later AND LGPL-2.1-or-later AND LGPL-3.0-or-later AND (BSD-3-Clause OR LGPL-3.0-or-later OR GPL-2.0-or-later) AND CC-BY-4.0 AND MIT
Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
Source1: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2.sig
Source2: https://gnupg.org/signature_key.asc
# needed for compatibility with system FIPS mode
Patch3: gnupg-2.1.10-secmem.patch
# non-upstreamable patch adding file-is-digest option needed for Copr
# https://dev.gnupg.org/T1646
Patch4: gnupg-2.2.20-file-is-digest.patch
Patch4: gnupg-2.4.1-file-is-digest.patch
Patch6: gnupg-2.1.1-fips-algo.patch
# allow 8192 bit RSA keys in keygen UI with large RSA
Patch9: gnupg-2.2.23-large-rsa.patch
# fix missing uid on refresh from keys.openpgp.org
# https://salsa.debian.org/debian/gnupg2/commit/f292beac1171c6c77faf41d1f88c2e0942ed4437
Patch20: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
Patch21: gnupg-2.4.0-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
# Fixes for issues found in Coverity scan - reported upstream
Patch30: gnupg-2.2.21-coverity.patch
# Revert default EdDSA key types
Patch31: gnupg-2.3.1-revert-default-eddsa.patch
# Revert default EdDSA key types
Patch32: gnupg-2.3.3-CVE-2022-34903.patch
# Fix AEAD packet construction
# https://dev.gnupg.org/T5856
Patch34: gnupg-2.3.3-aead-packet.patch
# Fix ssh-agent behavior in FIPS mode
# https://dev.gnupg.org/T5929
Patch35: gnupg-2.3.3-ssh-fips.patch
# Revert the introduction of the RFC4880bis draft into defaults
Patch31: gnupg2-revert-rfc4880bis.patch
# Mostly reverts https://dev.gnupg.org/rGeae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed
Patch33: gnupg-2.4.3-restore-systemd-sockets.patch
# Revert default EdDSA key types -- they do not work in FIPS Mode
Patch34: gnupg-2.4.5-revert-default-eddsa.patch
# https://dev.gnupg.org/T7129
Patch35: gnupg-2.4.5-sast.patch
URL: https://www.gnupg.org/
#BuildRequires: automake libtool texinfo transfig
BuildRequires: gcc
BuildRequires: bzip2-devel
BuildRequires: curl-devel
BuildRequires: docbook-utils
BuildRequires: gettext
BuildRequires: libassuan-devel >= 2.1.0
%if %{without bootstrap}
# Require gnupg2 to verify sources, unless bootstrapping
BuildRequires: gnupg2
%endif
BuildRequires: libassuan-devel >= 2.5.0
BuildRequires: libgcrypt-devel >= 1.9.1
BuildRequires: libgpg-error-devel >= 1.38
BuildRequires: libksba-devel >= 1.3.0
BuildRequires: libgpg-error-devel >= 1.46
BuildRequires: libksba-devel >= 1.6.3
BuildRequires: openldap-devel
BuildRequires: libusb-devel
BuildRequires: pcsc-lite-libs
BuildRequires: ncurses-devel
BuildRequires: npth-devel
BuildRequires: readline-devel ncurses-devel
BuildRequires: readline-devel
BuildRequires: zlib-devel
BuildRequires: gnutls-devel
BuildRequires: sqlite-devel
BuildRequires: fuse
BuildRequires: make
BuildRequires: systemd-rpm-macros
BuildRequires: tpm2-tss-devel
# for tests
BuildRequires: openssh-clients
BuildRequires: swtpm
Requires: libgcrypt >= 1.7.0
Requires: libgpg-error >= 1.38
Requires: libgcrypt >= 1.9.1
Requires: libgpg-error >= 1.46
Suggests: pinentry
Recommends: pinentry
Suggests: gnupg2-smime
Recommends: gnupg2-smime
# for USB smart card support
Suggests: pcsc-lite-ccid
Recommends: pcsc-lite-ccid
%if %{with unversioned_gpg}
# pgp-tools, perl-GnuPG-Interface requires 'gpg' (not sure why) -- Rex
Provides: gpg = %{version}-%{release}
# Obsolete GnuPG-1 package
Provides: gnupg = %{version}-%{release}
Obsoletes: gnupg < 1.4.24
%endif
Provides: dirmngr = %{version}-%{release}
Obsoletes: dirmngr < 1.2.0-1
@ -108,22 +108,25 @@ package adds support for smart cards and S/MIME encryption and signing
to the base GnuPG package
%prep
%if ! %{with bootstrap}
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%endif
%setup -q -n gnupg-%{version}
%patch3 -p1 -b .secmem
%patch4 -p1 -b .file-is-digest
%patch6 -p1 -b .fips
%patch9 -p1 -b .large-rsa
%patch 3 -p1 -b .secmem
%patch 4 -p1 -b .file-is-digest
%patch 6 -p1 -b .fips
%patch 9 -p1 -b .large-rsa
%patch20 -p1 -b .test_missing_uid
%patch21 -p1 -b .prev_known_key
%patch22 -p1 -b .good_revoc
%patch 20 -p1 -b .test_missing_uid
%patch 21 -p1 -b .prev_known_key
%patch 22 -p1 -b .good_revoc
%patch30 -p1 -b .coverity
%patch31 -p1 -R -b .eddsa
%patch32 -p1 -b .CVE-2022-34903
%patch34 -p1 -b .aead
%patch35 -p1 -b .ssh-fips
%patch 30 -p1 -b .coverity
%patch 31 -p1 -b .revert-rfc4880bis
%patch 33 -p1 -b .restore-systemd-sockets
%patch 34 -p1 -R -b .eddsa
%patch 35 -p1 -b .sast
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon,
@ -134,15 +137,11 @@ sed -i -e 's/"libpcsclite\.so"/"%{pcsclib}"/' scd/scdaemon.c
%build
# can not regenerate makefiles because of automake-1.16.3 requirement
# ./autogen.sh
%configure \
%if %{without unversioned_gpg}
--enable-gpg-is-gpg2 \
%endif
--disable-rpath \
--enable-g13 \
--disable-ccid-driver \
--with-tss=intel \
--enable-large-secmem
# need scratch gpg database for tests
@ -155,29 +154,25 @@ mkdir -p $HOME/.gnupg
%make_install \
docdir=%{_pkgdocdir}
%if %{without unversioned_gpg}
# rename file conflicting with gnupg-1.x
rename gnupg.7 gnupg2.7 %{buildroot}%{_mandir}/man7/gnupg.7*
%endif
%find_lang %{name}
# gpgconf.conf
mkdir -p %{buildroot}%{_sysconfdir}/gnupg
touch %{buildroot}%{_sysconfdir}/gnupg/gpgconf.conf
mkdir -p %{buildroot}%{_sysconfdir}/profile.d
echo "export GPG_TTY=\$(tty)" > %{buildroot}%{_sysconfdir}/profile.d/gnupg2.sh
echo "setenv GPG_TTY \`tty\`" > %{buildroot}%{_sysconfdir}/profile.d/gnupg2.csh
# more docs
install -m644 -p AUTHORS NEWS THANKS TODO \
%{buildroot}%{_pkgdocdir}
%if %{with unversioned_gpg}
# compat symlinks
ln -sf gpg %{buildroot}%{_bindir}/gpg2
ln -sf gpgv %{buildroot}%{_bindir}/gpgv2
ln -sf gpg.1 %{buildroot}%{_mandir}/man1/gpg2.1
ln -sf gpgv.1 %{buildroot}%{_mandir}/man1/gpgv2.1
ln -sf gnupg.7 %{buildroot}%{_mandir}/man7/gnupg2.7
%endif
# info dir
rm -f %{buildroot}%{_infodir}/dir
@ -202,6 +197,8 @@ make -k check
%{_pkgdocdir}
%dir %{_sysconfdir}/gnupg
%ghost %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
%{_sysconfdir}/profile.d/gnupg2.sh
%{_sysconfdir}/profile.d/gnupg2.csh
## docs say to install suid root, but fedora/rh security folk say not to
%{_bindir}/gpg2
%{_bindir}/gpgv2
@ -215,14 +212,14 @@ make -k check
%{_bindir}/g13
%{_bindir}/dirmngr
%{_bindir}/dirmngr-client
%if %{with unversioned_gpg}
%{_bindir}/gpg
%{_bindir}/gpgv
%{_bindir}/gpgsplit
%endif
%{_bindir}/watchgnupg
%{_bindir}/gpg-wks-server
%{_sbindir}/*
%{_sbindir}/addgnupghome
%{_sbindir}/applygnupgdefaults
%{_sbindir}/g13-syshelp
%{_datadir}/gnupg/
%{_libexecdir}/*
%{_infodir}/*.info*
@ -237,36 +234,121 @@ make -k check
%changelog
* Wed Apr 19 2023 Jakub Jelen <jjelen@redhat.com> - 2.3.3-4
- Revert marking the SHA-1 digest as weak (#2184640)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.4.5-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.4.5-1
- Rebuilt for MSVSphere 10
* Thu Jul 04 2024 Jakub Jelen <jjelen@redhat.com> - 2.4.5-1
- New upstream release (#2268461)
- Set GPG_TTY in profile.d (#2264985)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.4.4-2
- Bump release for June 2024 mass rebuild
* Fri Jan 26 2024 Jakub Jelen <jjelen@redhat.com> - 2.4.4-1
- New upstream release (#2260333)
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Nov 10 2023 Jakub Jelen <jjelen@redhat.com> - 2.4.3-4
- Avoid creation of development versions (#2249037)
* Mon Nov 06 2023 Jakub Jelen <jjelen@redhat.com> - 2.4.3-3
- Restore systemd units and sockets (#2158627)
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jul 10 2023 Jakub Jelen <jjelen@redhat.com> - 2.4.3-1
- New upstream release (#2193503)
* Thu Mar 30 2023 Jakub Jelen <jjelen@redhat.com> - 2.3.3-3
- Mark SHA-1 digest as weak to follow SHA-1 disablement in RHEL9 (#2070722)
- Fix interaction with SSH by not requiring the MD5 digest (#2073567)
- Fix creation of AEAD packets (#2128058)
* Thu Jun 01 2023 Michael J Gruber <mjg@fedoraproject.org> - 2.4.2-2
- fix emacs usage (rhbz#2212090)
* Wed Aug 03 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.3-2
- Fix CVE-2022-34903 (#2108449)
* Wed May 31 2023 Jakub Jelen <jjelen@redhat.com> - 2.4.2-1
- New upstream release
- Build with TPM2 support
* Fri Nov 19 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.3-1
- Rebase to 2.3.1 to address random tests failures (#1984842)
* Fri Apr 28 2023 Todd Zullinger <tmz@pobox.com> - 2.4.1-1
- update to 2.4.1 (#2193503)
* Thu Nov 18 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-4
- Fix --file-is-digest patch (#2024710)
* Fri Apr 28 2023 Todd Zullinger <tmz@pobox.com> - 2.4.0-4
- remove %%skip_verify, brainpool signatures are supported now
* Wed Sep 08 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-3
- Revernt default key type back to RSA for FIPS compatibility (#2001937)
* Fri Mar 03 2023 Jakub Jelen <jjelen@redhat.com> - 2.4.0-3
- Revert introduction of the RFC4880bis draft into defaults
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.1-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Dec 20 2022 Todd Zullinger <tmz@pobox.com> - 2.4.0-1
- update to 2.4.0 (#2155170)
* Mon Oct 17 2022 Todd Zullinger <tmz@pobox.com> - 2.3.8-1
- update to 2.3.8
- BR systemd-rpm-macros for %%{_userunitdir}
* Mon Oct 17 2022 Todd Zullinger <tmz@pobox.com> - 2.3.7-5
- verify upstream signatures in %%prep, unless bootstrapping
* Wed Oct 05 2022 Todd Zullinger <tmz@pobox.com> - 2.3.7-4
- update BR/R versions for libassuan, libgpg-error, and libksba
- drop with/without unversioned_gpg, last used with fedora-29
* Mon Aug 01 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.7-3
- Fix yubikey 5 detection (#2107766)
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 12 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.7-1
- New upstream release (#2106045)
* Mon Jul 04 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.6-2
- Fix for CVE-2022-34903 (#2103242)
- Fix focing AEAD through configuration files (#2093760)
* Mon Apr 25 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.6-1
- New upstream release (#2078550)
* Mon Apr 25 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.5-1
- New upstream release (#2077616)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Dec 21 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.4-1
- New upstream release (#2034437)
* Mon Nov 15 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.3-2
- Fix file-is-digest patch (#2022904)
* Wed Oct 13 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.3-1
- New upstream release (2013388)
* Wed Oct 06 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.2-3
- Fix crash in agent when deciphering (#2009978)
- Recommend pcsc-lite-ccid to support USB smart cards (#2007923)
* Mon Sep 20 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.2-2
- Disable ccid driver to avoid clash with pcscd (#2005714)
* Wed Aug 25 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.2-1
- New upstream relase (#1997276)
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Apr 21 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-1
- New upstream release (#1947159)
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.2.27-5
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 2.2.27-4
- Add a configuration to not require exclusive access to PCSC

Write Preview
Loading…
Cancel
Save