[Buildroot] [PATCH v1] package/gnupg2: bump version to 2.2.32

Peter Seiderer ps.report at gmx.net
Sun Oct 17 20:03:41 UTC 2021 

- removed 0001-dirmngr-Fix-build-with--disable-ldap.patch
  (from upstream [1])

- fix/update signature check key hash

For details (since 2.2.28) see [2], [3], [4] and [5].

[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6900f5723b4edc899aaea267ed599b5ad724142
[2] https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000461.html
[3] https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000463.html
[4] https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000464.html
[5] https://lists.gnupg.org/pipermail/gnupg-announce/2021q4/000465.html

Signed-off-by: Peter Seiderer <ps.report at gmx.net>
---
Notes:

  - signature check key hash: do not know where the original one comes from,
    not mentioned on the GnuPG signature key web site [6], opposed to the
    new one referenced as:

	pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
	      6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
	uid   Werner Koch (dist signing 2020)

    The old one is used in the following location in buildroot

	$ git grep D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 | cat
	package/libassuan/libassuan.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
	package/libgpg-error/libgpg-error.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
	package/libgpgme/libgpgme.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
	package/libnpth/libnpth.hash:# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6

   Doing the signature check on the last old version:

	$ wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.28.tar.bz2.sig
	$ gpg --verify gnupg-2.2.28.tar.bz2.sig gnupg-2.2.28.tar.bz2
	gpg: Signature made Do 10 Jun 2021 19:28:12 CEST
	gpg:                using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA
	gpg: Can't check signature: No public key

   But googeling the old key gives some evidence it is an old one:

	https://lists.gnupg.org/pipermail/gnupg-users/2016-December/057354.html

	2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
	Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
	Werner Koch (dist sig)

    And the old key is known to keyserver.ubuntu.com:

	$ gpg --keyserver keyserver.ubuntu.com --recv-keys D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
	gpg: key 249B39D24F25E3B6: public key "Werner Koch (dist sig)" imported
	gpg: Total number processed: 1
	gpg:               imported: 1

    As is the new one:

	$ gpg --keyserver keyserver.ubuntu.com --recv-keys 6DAA6E64A76D2840571B4902528897B826403ADA
	gpg: key 528897B826403ADA: public key "Werner Koch (dist signing 2020)" imported
	gpg: Total number processed: 1
	gpg:               imported: 1

    With expiration dates (different from the one mentioned above):

	pub   rsa2048 2011-01-12 [SC] [expires: 2021-12-31]
	      D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
	uid           [ unknown] Werner Koch (dist sig)

	pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
	      6DAA6E64A76D2840571B4902528897B826403ADA
	uid           [ unknown] Werner Koch (dist signing 2020)

[6] https://gnupg.org/signature_key.html
---
 ...dirmngr-Fix-build-with--disable-ldap.patch | 43 -------------------
 package/gnupg2/gnupg2.hash                    |  8 ++--
 package/gnupg2/gnupg2.mk                      |  2 +-
 3 files changed, 5 insertions(+), 48 deletions(-)
 delete mode 100644 package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch

diff --git a/package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch b/package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch
deleted file mode 100644
index fbdd7fa4a7..0000000000
--- a/package/gnupg2/0001-dirmngr-Fix-build-with--disable-ldap.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c6900f5723b4edc899aaea267ed599b5ad724142 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe at fsij.org>
-Date: Fri, 11 Jun 2021 10:30:02 +0900
-Subject: [PATCH] dirmngr: Fix build with --disable-ldap.
-
-* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
-Conditionalize.
-
---
-
-Reported-by: Phil Pennock
-Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
-(cherry picked from commit c8b2162c0e7eb42b74811b7ed225fa0f56be4083)
-[Retrieved from:
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6900f5723b4edc899aaea267ed599b5ad724142]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
----
- dirmngr/dirmngr.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 915e0e601..330983f3f 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -770,6 +770,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
-     case oRecursiveResolver: enable_recursive_resolver (1); break;
- 
-     case oLDAPServer:
-+#if USE_LDAP
-       {
-         ldap_server_t server;
-         char *p;
-@@ -791,6 +792,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread)
-             opt.ldapservers = server;
-           }
-       }
-+#endif
-       break;
- 
-     case oKeyServer:
--- 
-2.11.0
-
diff --git a/package/gnupg2/gnupg2.hash b/package/gnupg2/gnupg2.hash
index 023ec9bb1e..caf5dcc883 100644
--- a/package/gnupg2/gnupg2.hash
+++ b/package/gnupg2/gnupg2.hash
@@ -1,7 +1,7 @@
 # From https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000460.html
-sha1  5f92b7b32d594cf21ea2b48cdaa2e460daccd6e3 gnupg-2.2.28.tar.bz2
+sha1  81684626720c91060ae9920936c768df9fc8b2f6  gnupg-2.2.32.tar.bz2
 # Calculated based on the hash above and signature
-# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.28.tar.bz2.sig
-# using key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
-sha256  6ff891fc7583a9c3fb9f097ee0d1de0a12469d4b53997e7ba5064950637dfaec  gnupg-2.2.28.tar.bz2
+# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.32.tar.bz2.sig
+# using key 6DAA6E64A76D2840571B4902528897B826403ADA
+sha256  b2571b35f82c63e7d278aa6a1add0d73453dc14d3f0854be490c844fca7e0614  gnupg-2.2.32.tar.bz2
 sha256  bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357  COPYING
diff --git a/package/gnupg2/gnupg2.mk b/package/gnupg2/gnupg2.mk
index 6bd957683b..32c22b8257 100644
--- a/package/gnupg2/gnupg2.mk
+++ b/package/gnupg2/gnupg2.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GNUPG2_VERSION = 2.2.28
+GNUPG2_VERSION = 2.2.32
 GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
 GNUPG2_SITE = https://gnupg.org/ftp/gcrypt/gnupg
 GNUPG2_LICENSE = GPL-3.0+
-- 
2.33.0

More information about the buildroot mailing list