clean code

2020-01-10 14:49:39 +08:00 · 2020-01-10 14:49:39 +08:00 · 916242993b
commit 916242993b
parent db2a3168a3
7 changed files with 4 additions and 335 deletions
--- a/gnupg-2.1.1-fips-algo.patch
+++ b/gnupg-2.1.1-fips-algo.patch
@ -1,13 +0,0 @@
-diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c
--- gnupg-2.1.1/g10/mainproc.c.fips	2015-01-29 17:19:49.266031504 +0100
-+++ gnupg-2.1.1/g10/mainproc.c	2015-01-29 17:27:13.938088122 +0100
-@@ -719,7 +719,8 @@ proc_plaintext( CTX c, PACKET *pkt )
-          according to 2440, so hopefully it won't come up that often.
-          There is no good way to specify what algorithms to use in
-          that case, so these there are the historical answer. */
-	gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
-+	if (!gcry_fips_mode_active())
-+            gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
- 	gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
-     }
-   if (DBG_HASHING)
--- a/gnupg-2.1.10-secmem.patch
+++ b/gnupg-2.1.10-secmem.patch
@ -1,33 +0,0 @@
-diff -up gnupg-2.1.10/g10/gpg.c.secmem gnupg-2.1.10/g10/gpg.c
--- gnupg-2.1.10/g10/gpg.c.secmem	2015-12-04 10:53:27.000000000 +0100
-+++ gnupg-2.1.10/g10/gpg.c	2015-12-07 15:32:38.922812652 +0100
-@@ -889,7 +889,7 @@ make_libversion (const char *libname, co
- 
-   if (maybe_setuid)
-     {
-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
-+      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
-       maybe_setuid = 0;
-     }
-   s = getfnc (NULL);
-@@ -1041,7 +1041,7 @@ build_list (const char *text, char lette
-   char *string;
- 
-   if (maybe_setuid)
-    gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
-+    gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
- 
-   indent = utf8_charcount (text, -1);
-   len = 0;
-diff -up gnupg-2.1.10/sm/gpgsm.c.secmem gnupg-2.1.10/sm/gpgsm.c
--- gnupg-2.1.10/sm/gpgsm.c.secmem	2015-11-30 17:39:52.000000000 +0100
-+++ gnupg-2.1.10/sm/gpgsm.c	2015-12-07 15:31:17.226884207 +0100
-@@ -530,7 +530,7 @@ make_libversion (const char *libname, co
- 
-   if (maybe_setuid)
-     {
-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
-+      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
-       maybe_setuid = 0;
-     }
-   s = getfnc (NULL);
--- a/gnupg-2.1.21-insttools.patch
+++ b/gnupg-2.1.21-insttools.patch
@ -1,62 +0,0 @@
-diff -up gnupg-2.1.21/tools/Makefile.am.insttools gnupg-2.1.21/tools/Makefile.am
--- gnupg-2.1.21/tools/Makefile.am.insttools	2017-04-03 17:13:56.000000000 +0200
-+++ gnupg-2.1.21/tools/Makefile.am	2017-07-18 12:10:59.431729640 +0200
-@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER
- sbin_SCRIPTS = addgnupghome applygnupgdefaults
- 
- if HAVE_USTAR
-# bin_SCRIPTS += gpg-zip
-noinst_SCRIPTS = gpg-zip
-+bin_PROGRAMS += gpg-zip
-+#noinst_SCRIPTS = gpg-zip
- endif
- 
- if BUILD_SYMCRYPTRUN
-@@ -53,7 +53,7 @@ endif
- 
- libexec_PROGRAMS = gpg-wks-client
- 
-bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun}
-+bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} gpgsplit
- if !HAVE_W32_SYSTEM
- bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server}
- endif
-@@ -63,7 +63,7 @@ libexec_PROGRAMS += gpg-check-pattern
- endif
- 
- if !HAVE_W32CE_SYSTEM
-noinst_PROGRAMS = clean-sat make-dns-cert gpgsplit
-+noinst_PROGRAMS = clean-sat make-dns-cert
- endif
- 
- if !HAVE_W32CE_SYSTEM
-diff -up gnupg-2.1.21/tools/Makefile.in.insttools gnupg-2.1.21/tools/Makefile.in
--- gnupg-2.1.21/tools/Makefile.in.insttools	2017-05-15 16:15:04.000000000 +0200
-+++ gnupg-2.1.21/tools/Makefile.in	2017-07-18 12:12:17.907734745 +0200
-@@ -137,13 +137,13 @@ DIST_COMMON = $(top_srcdir)/am/cmacros.a
- @GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\""
- @HAVE_W32_SYSTEM_TRUE@am__append_8 = gpg-connect-agent-w32info.o
- libexec_PROGRAMS = gpg-wks-client$(EXEEXT) $(am__EXEEXT_5)
-bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \
-+bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) gpgsplit$(EXEEXT) \
- 	$(am__EXEEXT_1) $(am__EXEEXT_3) $(am__EXEEXT_4)
- @HAVE_W32_SYSTEM_FALSE@am__append_9 = watchgnupg gpgparsemail ${gpg_wks_server}
- @DISABLE_REGEX_FALSE@am__append_10 = gpg-check-pattern
- @HAVE_W32CE_SYSTEM_FALSE@noinst_PROGRAMS = clean-sat$(EXEEXT) \
- @HAVE_W32CE_SYSTEM_FALSE@	make-dns-cert$(EXEEXT) \
-@HAVE_W32CE_SYSTEM_FALSE@	gpgsplit$(EXEEXT) $(am__EXEEXT_6)
-+@HAVE_W32CE_SYSTEM_FALSE@	$(am__EXEEXT_6)
- @BUILD_GPGTAR_TRUE@@HAVE_W32CE_SYSTEM_FALSE@am__append_11 = gpgtar
- @BUILD_GPGTAR_FALSE@@HAVE_W32CE_SYSTEM_FALSE@am__append_12 = gpgtar
- subdir = tools
-@@ -582,8 +582,8 @@ libcommontlsnpth = ../common/libcommontl
- AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
- sbin_SCRIPTS = addgnupghome applygnupgdefaults
- 
-# bin_SCRIPTS += gpg-zip
-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
-+@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip
-+#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip
- @BUILD_SYMCRYPTRUN_FALSE@symcryptrun = 
- @BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun
- @BUILD_WKS_TOOLS_FALSE@gpg_wks_server = 
--- a/gnupg-2.1.21-large-rsa.patch
+++ b/gnupg-2.1.21-large-rsa.patch
@ -1,12 +0,0 @@
-diff -up gnupg-2.1.21/g10/keygen.c.large-rsa gnupg-2.1.21/g10/keygen.c
--- gnupg-2.1.21/g10/keygen.c.large-rsa	2017-05-15 14:13:22.000000000 +0200
-+++ gnupg-2.1.21/g10/keygen.c	2017-07-18 16:12:37.738895016 +0200
-@@ -2091,7 +2091,7 @@ get_keysize_range (int algo, unsigned in
- 
-     default:
-       *min = opt.compliance == CO_DE_VS ? 2048: 1024;
-      *max = 4096;
-+      *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
-       def = 2048;
-       break;
-     }
--- a/gnupg-2.2.17-ocsp-keyusage.patch
+++ b/gnupg-2.2.17-ocsp-keyusage.patch
@ -1,17 +0,0 @@
-diff -up gnupg-2.1.1/sm/certlist.c.keyusage gnupg-2.1.1/sm/certlist.c
--- gnupg-2.1.1/sm/certlist.c.keyusage	2014-11-27 11:51:36.000000000 +0100
-+++ gnupg-2.1.1/sm/certlist.c	2015-01-29 17:30:57.117135497 +0100
-@@ -146,10 +146,9 @@ cert_usage_p (ksba_cert_t cert, int mode
- 
-   if (mode == 5)
-     {
-      if (use != ~0
-          && (have_ocsp_signing
-              || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
-                         |KSBA_KEYUSAGE_CRL_SIGN))))
-+      if (have_ocsp_signing
-+          || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
-+                     |KSBA_KEYUSAGE_CRL_SIGN)))
-         return 0;
-       if (!silent)
-         log_info (_("certificate should not have "
--- a/gnupg-2.2.8-file-is-digest.patch
+++ b/gnupg-2.2.8-file-is-digest.patch
@ -1,190 +0,0 @@
-diff -up gnupg-2.2.8/g10/gpg.c.file-is-digest gnupg-2.2.8/g10/gpg.c
--- gnupg-2.2.8/g10/gpg.c.file-is-digest	2018-06-11 10:15:33.755167428 +0200
-+++ gnupg-2.2.8/g10/gpg.c	2018-06-11 10:17:36.352063501 +0200
-@@ -376,6 +376,7 @@ enum cmd_and_opt_values
-     oTTYtype,
-     oLCctype,
-     oLCmessages,
-+    oFileIsDigest,
-     oXauthority,
-     oGroup,
-     oUnGroup,
-@@ -821,6 +822,7 @@ static ARGPARSE_OPTS opts[] = {
-   ARGPARSE_s_s (oPersonalCompressPreferences,
-                                          "personal-compress-preferences", "@"),
-   ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
-+  ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"),
-   ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
-   ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
-   ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
-@@ -2390,6 +2392,7 @@ main (int argc, char **argv)
-     opt.keyid_format = KF_NONE;
-     opt.def_sig_expire = "0";
-     opt.def_cert_expire = "0";
-+    opt.file_is_digest = 0;
-     gnupg_set_homedir (NULL);
-     opt.passphrase_repeat = 1;
-     opt.emit_version = 0;
-@@ -2963,6 +2966,7 @@ main (int argc, char **argv)
- 	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
- 	    break;
- 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
-+	  case oFileIsDigest: opt.file_is_digest = 1; break;
- 
-           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
- 
-diff -up gnupg-2.2.8/g10/options.h.file-is-digest gnupg-2.2.8/g10/options.h
--- gnupg-2.2.8/g10/options.h.file-is-digest	2018-05-31 12:03:06.000000000 +0200
-+++ gnupg-2.2.8/g10/options.h	2018-06-11 10:15:33.757167476 +0200
-@@ -210,6 +210,7 @@ struct
-   int no_auto_check_trustdb;
-   int preserve_permissions;
-   int no_homedir_creation;
-+  int file_is_digest;
-   struct groupitem *grouplist;
-   int mangle_dos_filenames;
-   int enable_progress_filter;
-diff -up gnupg-2.2.8/g10/sign.c.file-is-digest gnupg-2.2.8/g10/sign.c
--- gnupg-2.2.8/g10/sign.c.file-is-digest	2017-08-28 12:22:54.000000000 +0200
-+++ gnupg-2.2.8/g10/sign.c	2018-06-11 10:15:33.757167476 +0200
-@@ -40,6 +40,7 @@
- #include "pkglue.h"
- #include "../common/sysutils.h"
- #include "call-agent.h"
-+#include "../common/host2net.h"
- #include "../common/mbox-util.h"
- #include "../common/compliance.h"
- 
-@@ -727,6 +728,8 @@ write_signature_packets (ctrl_t ctrl,
-       if (duration || opt.sig_policy_url
-           || opt.sig_notations || opt.sig_keyserver_url)
-         sig->version = 4;
-+	  else if (opt.file_is_digest)
-+        sig->version = 3;
-       else
-         sig->version = pk->version;
- 
-@@ -750,8 +753,10 @@ write_signature_packets (ctrl_t ctrl,
-           mk_notation_policy_etc (sig, NULL, pk);
-         }
- 
-      hash_sigversion_to_magic (md, sig);
-      gcry_md_final (md);
-+      if (!opt.file_is_digest) {
-+	hash_sigversion_to_magic (md, sig);
-+	gcry_md_final (md);
-+      }
- 
-       rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce);
-       gcry_md_close (md);
-@@ -813,6 +818,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
-     SK_LIST sk_rover = NULL;
-     int multifile = 0;
-     u32 duration=0;
-+    int sigclass = 0x00;
-+    u32 timestamp = 0;
- 
-     pfx = new_progress_context ();
-     afx = new_armor_context ();
-@@ -830,7 +837,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 	fname = NULL;
- 
-     if( fname && filenames->next && (!detached || encryptflag) )
-	log_bug("multiple files can only be detached signed");
-+	log_bug("multiple files can only be detached signed\n");
-+
-+    if (opt.file_is_digest && (multifile || !fname))
-+	log_bug("file-is-digest only works with one file\n");
-+    if (opt.file_is_digest && !detached)
-+	log_bug("file-is-digest can only write detached signatures\n");
-+    if (opt.file_is_digest && !opt.def_digest_algo)
-+	log_bug("file-is-digest needs --digest-algo\n");
-+    if (opt.file_is_digest && opt.textmode)
-+	log_bug("file-is-digest doesn't work with --textmode\n");
- 
-     if(encryptflag==2
-        && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -851,7 +867,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
-       goto leave;
- 
-     /* prepare iobufs */
-    if( multifile )  /* have list of filenames */
-+    if( multifile || opt.file_is_digest)  /* have list of filenames */
- 	inp = NULL; /* we do it later */
-     else {
-       inp = iobuf_open(fname);
-@@ -989,7 +1005,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
-     for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
-       gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
- 
-    if( !multifile )
-+    if( !multifile && !opt.file_is_digest )
- 	iobuf_push_filter( inp, md_filter, &mfx );
- 
-     if( detached && !encryptflag)
-@@ -1044,6 +1060,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 
-     write_status_begin_signing (mfx.md);
- 
-+    sigclass = opt.textmode && !outfile? 0x01 : 0x00;
-+
-     /* Setup the inner packet. */
-     if( detached ) {
- 	if( multifile ) {
-@@ -1084,6 +1102,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 	    if( opt.verbose )
-               log_printf ("\n");
- 	}
-+	else if (opt.file_is_digest) {
-+	    byte *mdb, ts[5];
-+	    size_t mdlen;
-+	    const char *fp;
-+	    int c, d;
-+
-+	    gcry_md_final(mfx.md);
-+	    /* this assumes gcry_md_read returns the same buffer */
-+	    mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
-+		mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
-+	    if (strlen(fname) != mdlen * 2 + 11)
-+	        log_bug("digests must be %zu + @ + 5 bytes\n", mdlen);
-+	    d = -1;
-+	    for (fp = fname ; *fp; ) {
-+		c = *fp++;
-+		if (c >= '0' && c <= '9')
-+		    c -= '0';
-+		else if (c >= 'a' && c <= 'f')
-+		    c -= 'a' - 10;
-+		else if (c >= 'A' && c <= 'F')
-+		    c -= 'A' - 10;
-+		else
-+		    log_bug("filename is not hex\n");
-+		if (d >= 0) {
-+		    *mdb++ = d << 4 | c;
-+		    c = -1;
-+		    if (--mdlen == 0) {
-+			mdb = ts;
-+			if (*fp++ != '@')
-+			    log_bug("missing time separator\n");
-+		    }
-+		}
-+		d = c;
-+	    }
-+	    sigclass = ts[0];
-+	    if (sigclass != 0x00 && sigclass != 0x01)
-+		log_bug("bad cipher class\n");
-+	    timestamp = buf32_to_u32(ts + 1);
-+	}
- 	else {
- 	    /* read, so that the filter can calculate the digest */
- 	    while( iobuf_get(inp) != -1 )
-@@ -1102,8 +1159,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
- 
-     /* write the signatures */
-     rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
-                                  opt.textmode && !outfile? 0x01 : 0x00,
-				  0, duration, detached ? 'D':'S', NULL);
-+                                  sigclass,
-+				  timestamp, duration, detached ? 'D':'S', NULL);
-     if( rc )
-         goto leave;
- 
--- a/gnupg2.spec
+++ b/gnupg2.spec
@ -1,6 +1,6 @@
 Name: gnupg2
 Version: 2.2.17
-Release: 3
+Release: 4
 Summary: Utility for secure communication and data storage

 License: GPLv3+
@ -8,13 +8,6 @@ URL: https://gnupg.org/
 Source0: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2
 Source1: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig

-Patch1:  gnupg-2.1.21-insttools.patch
-Patch3:  gnupg-2.1.10-secmem.patch
-Patch4:  gnupg-2.2.8-file-is-digest.patch
-Patch5:  gnupg-2.2.17-ocsp-keyusage.patch
-Patch6:  gnupg-2.1.1-fips-algo.patch
-Patch9:  gnupg-2.1.21-large-rsa.patch
-
 BuildRequires: zlib-devel, npth-devel
 BuildRequires: libgpg-error-devel >= 1.31
 BuildRequires: libgcrypt-devel >= 1.7.0
@ -108,6 +101,9 @@ make check


 %changelog
+* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.2.17-4
+- clean code
+
 * Fri Oct 25 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.2.17-3
 - add gpg and gpgv