Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2014-12-29 00:31:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2014-12-16 14:50:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2014-12-29 00:32:01.000000000 +0100 @@ -1,0 +2,10 @@ +Thu Dec 25 18:09:11 UTC 2014 - [email protected] + +- Support for large RSA keys + This involves compiling with --enable-large-rsa and + --enable-large-secmem, as well as patching the number + of secmem bytes and IPC bytes to slightly larger values. + See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 + * added gnupg-large_keys.patch + +------------------------------------------------------------------- New: ---- gnupg-large_keys.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.xHGNir/_old 2014-12-29 00:32:02.000000000 +0100 +++ /var/tmp/diff_new_pack.xHGNir/_new 2014-12-29 00:32:02.000000000 +0100 @@ -36,6 +36,7 @@ Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch +Patch14: gnupg-large_keys.patch BuildRequires: automake >= 1.10 BuildRequires: expect BuildRequires: fdupes @@ -87,6 +88,7 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build autoreconf -fi @@ -110,6 +112,8 @@ --enable-gpgsm=yes \ --enable-gpg \ --enable-gpgtar \ + --enable-large-rsa \ + --enable-large-secmem \ --with-gnu-ld make %{?_smp_mflags} ++++++ gnupg-large_keys.patch ++++++ From: Lorenz Hüdepohl <[email protected]> Date: 2014-11-27 17:01:07 +0000 Subject: Continue to support existing large RSA keys References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 Upstream: no For RSA keys up to probably 8192 bits it seems to be enough to call configure with the additional options --enable-large-secmem --enable-large-rsa However, there are existing keys out there that are even larger. Werner Koch thinks that it is silly to use keys that are this large. He is probably even right with this, which is why this patch still does not allow to create new keys larger than the set maximum (4096/8192 depending on whether enable-large-rsa is set in gpg.conf). I still want to continue to use my existing 10k bits key, though. --- diff -ur gnupg-2.1.0.org/agent/command.c gnupg-2.1.0/agent/command.c --- gnupg-2.1.0.org/agent/command.c 2014-11-04 17:10:44.000000000 +0200 +++ gnupg-2.1.0/agent/command.c 2014-11-26 18:04:11.548271074 +0200 @@ -47,7 +47,7 @@ /* Maximum allowed size of the key parameters. */ #define MAXLEN_KEYPARAM 1024 /* Maximum allowed size of key data as used in inquiries (bytes). */ -#define MAXLEN_KEYDATA 4096 +#define MAXLEN_KEYDATA 8192 /* The size of the import/export KEK key (in bytes). */ #define KEYWRAP_KEYSIZE (128/8) diff -ur gnupg-2.1.0.org/configure.ac gnupg-2.1.0/configure.ac --- gnupg-2.1.0.org/configure.ac 2014-11-04 17:09:28.000000000 +0200 +++ gnupg-2.1.0/configure.ac 2014-11-17 19:40:28.632527090 +0200 @@ -230,7 +230,7 @@ large_secmem=$enableval, large_secmem=no) AC_MSG_RESULT($large_secmem) if test "$large_secmem" = yes ; then - SECMEM_BUFFER_SIZE=65536 + SECMEM_BUFFER_SIZE=262144 else SECMEM_BUFFER_SIZE=32768 fi -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
