From 921e417e4f8ee193e399a3113bec6a6812579139 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Nov 15 2021 08:36:26 +0000 Subject: [PATCH 1/2] Fix file-is-digest patch (#2022904) --- diff --git a/gnupg-2.2.20-file-is-digest.patch b/gnupg-2.2.20-file-is-digest.patch index a85c9bd..c2bf7c3 100644 --- a/gnupg-2.2.20-file-is-digest.patch +++ b/gnupg-2.2.20-file-is-digest.patch @@ -64,17 +64,34 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c else sig->version = 4; /* Required. */ -@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl, - err = mk_sig_subpkt_key_block (ctrl, sig, pk); - else - err = 0; +@@ -860,14 +863,22 @@ write_signature_packets (ctrl_t ctrl, + if (gcry_md_copy (&md, hash)) + BUG (); + +- build_sig_subpkt_from_sig (sig, pk); +- mk_notation_policy_etc (ctrl, sig, NULL, pk); +- if (opt.flags.include_key_block && IS_SIG (sig)) +- err = mk_sig_subpkt_key_block (ctrl, sig, pk); +- else +- err = 0; - hash_sigversion_to_magic (md, sig, extrahash); - gcry_md_final (md); ++ if (!opt.file_is_digest) ++ { ++ build_sig_subpkt_from_sig (sig, pk); ++ mk_notation_policy_etc (ctrl, sig, NULL, pk); ++ if (opt.flags.include_key_block && IS_SIG (sig)) ++ err = mk_sig_subpkt_key_block (ctrl, sig, pk); ++ else ++ err = 0; + -+ if (!opt.file_is_digest) { -+ hash_sigversion_to_magic (md, sig, extrahash); -+ gcry_md_final (md); -+ } ++ hash_sigversion_to_magic (md, sig, extrahash); ++ gcry_md_final (md); ++ } ++ else if (sig->version >= 4) ++ { ++ log_bug("file-is-digest doesn't work with v4 sigs\n"); ++ } if (!err) err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); @@ -152,27 +169,27 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c + d = -1; + for (fp = fname ; *fp; ) + { -+ c = *fp++; -+ if (c >= '0' && c <= '9') ++ c = *fp++; ++ if (c >= '0' && c <= '9') + c -= '0'; -+ else if (c >= 'a' && c <= 'f') ++ else if (c >= 'a' && c <= 'f') + c -= 'a' - 10; -+ else if (c >= 'A' && c <= 'F') ++ else if (c >= 'A' && c <= 'F') + c -= 'A' - 10; -+ else ++ else + log_bug("filename is not hex\n"); -+ if (d >= 0) ++ if (d >= 0) + { -+ *mdb++ = d << 4 | c; -+ c = -1; -+ if (--mdlen == 0) ++ *mdb++ = d << 4 | c; ++ c = -1; ++ if (--mdlen == 0) + { -+ mdb = ts; -+ if (*fp++ != '@') -+ log_bug("missing time separator\n"); -+ } -+ } -+ d = c; ++ mdb = ts; ++ if (*fp++ != '@') ++ log_bug("missing time separator\n"); ++ } ++ } ++ d = c; + } + sigclass = ts[0]; + if (sigclass != 0x00 && sigclass != 0x01) From c60da4587769ffa1d347dab71acf9d2b1cbbac8b Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Nov 15 2021 08:36:26 +0000 Subject: [PATCH 2/2] gnupg2-2.3.3-2 --- diff --git a/gnupg2.spec b/gnupg2.spec index 9b174da..31b7b9f 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -7,7 +7,7 @@ Summary: Utility for secure communication and data storage Name: gnupg2 Version: 2.3.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv3+ Source0: https://gnupg.org/ftp/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2 @@ -223,6 +223,9 @@ make -k check %changelog +* Mon Nov 15 2021 Jakub Jelen - 2.3.3-2 +- Fix file-is-digest patch (#2022904) + * Wed Oct 13 2021 Jakub Jelen - 2.3.3-1 - New upstream release (2013388)