[Buildroot] [PATCH v1] package/gnupg2: bump version to 2.2.32
Peter Seiderer
ps.report at gmx.net
Sun Oct 17 20:03:41 UTC 2021
- removed 0001-dirmngr-Fix-build-with--disable-ldap.patch
(from upstream [1])
- fix/update signature check key hash
For details (since 2.2.28) see [2], [3], [4] and [5].
[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6900f5723b4edc899aaea267ed599b5ad724142
[2] https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html
[3] https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000463.html
[4] https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000464.html
[5] https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000465.html
Signed-off-by: Peter Seiderer <ps.report at gmx.net>
---
Notes:
- signature check key hash: do not know where the original one comes from,
not mentioned on the GnuPG signature key web site [6], opposed to the
new one referenced as:
pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
uid Werner Koch (dist signing 2020)
The old one is used in the following location in buildroot
$ git grep D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 | cat
package/libassuan/libassuan.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
package/libgpg-error/libgpg-error.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
package/libgpgme/libgpgme.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
package/libnpth/libnpth.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
Doing the signature check on the last old version:
$ wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.28.tar.bz2.sig
$ gpg --verify gnupg-2.2.28.tar.bz2.sig gnupg-2.2.28.tar.bz2
gpg: Signature made Do 10 Jun 2021 19:28:12 CEST
gpg: using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
gpg: Can't check signature: No public key
But googeling the old key gives some evidence it is an old one:
https://lists.gnupg.org/pipermail/gnupg-users/2016-December/057354.html
2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
And the old key is known to keyserver.ubuntu.com:
$ gpg --keyserver keyserver.ubuntu.com --recv-keys D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
gpg: key 249B39D24F25E3B6: public key "Werner Koch (dist sig)" imported
gpg: Total number processed: 1
gpg: imported: 1
As is the new one:
$ gpg --keyserver keyserver.ubuntu.com --recv-keys 6DAA6E64A76D2840571B4902528897B826403ADA
gpg: key 528897B826403ADA: public key "Werner Koch (dist signing 2020)" imported
gpg: Total number processed: 1
gpg: imported: 1
With expiration dates (different from the one mentioned above):
pub rsa2048 2011-01-12 [SC] [expires: 2021-12-31]
D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
uid [ unknown] Werner Koch (dist sig)
pub ed25519 2020-08-24 [SC] [expires: 2030-06-30]
6DAA6E64A76D2840571B4902528897B826403ADA
uid [ unknown] Werner Koch (dist signing 2020)
[6] https://gnupg.org/signature_key.html
---
...dirmngr-Fix-build-with--disable-ldap.patch | 43 -------------------
package/gnupg2/gnupg2.hash | 8 ++--
package/gnupg2/gnupg2.mk | 2 +-
3 files changed, 5 insertions(+), 48 deletions(-)
delete mode 100644 package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch
diff --git a/package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch b/package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch
deleted file mode 100644
index fbdd7fa4a7..0000000000
--- a/package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c6900f5723b4edc899aaea267ed599b5ad724142 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 11 Jun 2021 10:30:02 +0900
-Subject: [PATCH] dirmngr: Fix build with --disable-ldap.
-
-* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
-Conditionalize.
-
---
-
-Reported-by: Phil Pennock
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083)
-[Retrieved from:
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6900f5723b4edc899aaea267ed599b5ad724142]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
----
- dirmngr/dirmngr.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 915e0e601..330983f3f 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -770,6 +770,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
- case oRecursiveResolver: enable_recursive_resolver (1); break;
-
- case oLDAPServer:
-+#if USE_LDAP
- {
- ldap_server_t server;
- char *p;
-@@ -791,6 +792,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
- opt.ldapservers = server;
- }
- }
-+#endif
- break;
-
- case oKeyServer:
---
-2.11.0
-
diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
index 023ec9bb1e..caf5dcc883 100644
--- a/package/gnupg2/gnupg2.hash
+++ b/package/gnupg2/gnupg2.hash
@@ -1,7 +1,7 @@
# From https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000460.html
-sha1 5f92b7b32d594cf21ea2b48cdaa2e460daccd6e3 gnupg-2.2.28.tar.bz2
+sha1 81684626720c91060ae9920936c768df9fc8b2f6 gnupg-2.2.32.tar.bz2
# Calculated based on the hash above and signature
-# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.28.tar.bz2.sig
-# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
-sha256 6ff891fc7583a9c3fb9f097ee0d1de0a12469d4b53997e7ba5064950637dfaec gnupg-2.2.28.tar.bz2
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.32.tar.bz2.sig
+# using key 6DAA6E64A76D2840571B4902528897B826403ADA
+sha256 b2571b35f82c63e7d278aa6a1add0d73453dc14d3f0854be490c844fca7e0614 gnupg-2.2.32.tar.bz2
sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
index 6bd957683b..32c22b8257 100644
--- a/package/gnupg2/gnupg2.mk
+++ b/package/gnupg2/gnupg2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GNUPG2_VERSION = 2.2.28
+GNUPG2_VERSION = 2.2.32
GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
GNUPG2_LICENSE = GPL-3.0+
--
2.33.0
More information about the buildroot
mailing list