Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2015-12-09 20:33:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2015-12-01 09:16:52.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2015-12-09 22:18:33.000000000 +0100 @@ -1,0 +2,38 @@ +Fri Dec 4 13:35:40 UTC 2015 - [email protected] + +- GnuPG 2.1.10 adds TOFU (Trust-On-First-USe) and anonymous key + retrival via Tor. + * gpg: New trust models "tofu" and "tofu+pgp". + * gpg: New command --tofu-policy. New options --tofu-default-policy + and --tofu-db-format. + * gpg: New option --weak-digest to specify hash algorithms which + should be considered weak. + * gpg: Allow the use of multiple --default-key options; take the last + available key. + * gpg: New option --encrypt-to-default-key. + * gpg: New option --unwrap to only strip the encryption layer. + * gpg: New option --only-sign-text-ids to exclude photo IDs from key + signing. + * gpg: Check for ambigious or non-matching key specification in the + config file or given to --encrypt-to. + * gpg: Show the used card reader with --card-status. + * gpg: Print export statistics and an EXPORTED status line. + * gpg: Allow selecting subkeys by keyid in --edit-key. + * gpg: Allow updating the expiration time of multiple subkeys at + once. + * dirmngr: New option --use-tor. For full support this requires + libassuan version 2.4.2 and a patched version of libadns + (e.g. adns-1.4-g10-7 as used by the standard Windows installer). + * dirmngr: New option --nameserver to specify the nameserver used in + Tor mode. + * dirmngr: Keyservers may again be specified by IP address. + * dirmngr: Fixed problems in resolving keyserver pools. + * dirmngr: Fixed handling of premature termination of TLS streams so + that large numbers of keys can be refreshed via hkps. + * gpg: Fixed a regression in --locate-key [since 2.1.9]. + * gpg: Fixed another bug for keyrings with legacy keys. + * gpgsm: Allow combinations of usage flags in --gen-key. + * Make tilde expansion work with most options. + * Many other cleanups and bug fixes. + +------------------------------------------------------------------- @@ -5,0 +44,6 @@ + +------------------------------------------------------------------- +Fri Nov 20 16:03:03 UTC 2015 - [email protected] + +- Improve upgrade to gpg2 from security:privacy w.r.t. libassuan + run-time dependencies (boo#955982) Old: ---- gnupg-2.1.9.tar.bz2 gnupg-2.1.9.tar.bz2.sig New: ---- gnupg-2.1.10.tar.bz2 gnupg-2.1.10.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:34.000000000 +0100 +++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:34.000000000 +0100 @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.9 +Version: 2.1.10 Release: 0 Summary: GnuPG 2 License: GPL-3.0+ @@ -38,7 +38,7 @@ BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 BuildRequires: libadns-devel -BuildRequires: libassuan-devel >= 2.1.0 +BuildRequires: libassuan-devel >= 2.4.1 BuildRequires: libbz2-devel BuildRequires: libcurl-devel >= 7.10 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG @@ -52,7 +52,10 @@ BuildRequires: openldap2-devel BuildRequires: pkg-config BuildRequires: readline-devel +BuildRequires: sqlite3-devel >= 3.7 BuildRequires: zlib-devel +# Add an explicit runtime dependency to match boo#955982 +Requires: libassuan0 >= 2.4.1 Requires: pinentry # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{install_info_prereq} ++++++ gnupg-2.0.18-files-are-digests.patch ++++++ --- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:34.000000000 +0100 +++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:34.000000000 +0100 @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.3/g10/gpg.c +Index: gnupg-2.1.10/g10/gpg.c =================================================================== ---- gnupg-2.1.3.orig/g10/gpg.c 2015-04-06 14:03:32.000000000 +0200 -+++ gnupg-2.1.3/g10/gpg.c 2015-04-11 20:45:24.000000000 +0200 -@@ -352,6 +352,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:25:25.749577555 +0100 ++++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:26:04.777192262 +0100 +@@ -355,6 +355,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,23 +16,23 @@ oXauthority, oGroup, oUnGroup, -@@ -738,6 +739,7 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_s (oPersonalCompressPreferences, - "personal-compress-preferences", "@"), - ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), +@@ -757,6 +758,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), + ARGPARSE_s_n (oUnwrap, "unwrap", "@"), + ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), + ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"), /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2148,6 +2150,7 @@ main (int argc, char **argv) +@@ -2483,6 +2485,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; set_homedir (default_homedir ()); opt.passphrase_repeat = 1; + opt.files_are_digests=0; opt.emit_version = 1; /* Limit to the major number. */ - - /* Check whether we have a config file on the command line. */ -@@ -2661,6 +2664,7 @@ main (int argc, char **argv) + opt.weak_digests = NULL; + additional_weak_digest("MD5"); +@@ -3022,6 +3025,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.3/g10/options.h +Index: gnupg-2.1.10/g10/options.h =================================================================== ---- gnupg-2.1.3.orig/g10/options.h 2015-04-06 13:41:53.000000000 +0200 -+++ gnupg-2.1.3/g10/options.h 2015-04-11 20:45:24.000000000 +0200 -@@ -194,6 +194,7 @@ struct +--- gnupg-2.1.10.orig/g10/options.h 2015-12-04 14:25:25.749577555 +0100 ++++ gnupg-2.1.10/g10/options.h 2015-12-04 14:25:28.472550675 +0100 +@@ -205,6 +205,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.3/g10/sign.c +Index: gnupg-2.1.10/g10/sign.c =================================================================== ---- gnupg-2.1.3.orig/g10/sign.c 2015-04-05 19:43:32.000000000 +0200 -+++ gnupg-2.1.3/g10/sign.c 2015-04-11 20:45:24.000000000 +0200 +--- gnupg-2.1.10.orig/g10/sign.c 2015-12-04 14:25:25.750577545 +0100 ++++ gnupg-2.1.10/g10/sign.c 2015-12-04 14:25:28.473550666 +0100 @@ -41,7 +41,7 @@ #include "pkglue.h" #include "sysutils.h" @@ -65,7 +65,7 @@ #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" -@@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list +@@ -681,8 +681,12 @@ write_signature_packets (SK_LIST sk_list mk_notation_policy_etc (sig, NULL, pk); } @@ -78,7 +78,7 @@ rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -765,6 +769,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -740,6 +744,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -87,7 +87,7 @@ pfx = new_progress_context (); afx = new_armor_context (); -@@ -781,7 +787,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -756,7 +762,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -105,7 +105,7 @@ if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -802,7 +817,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -777,7 +792,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -114,7 +114,7 @@ inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -940,7 +955,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -915,7 +930,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -123,7 +123,7 @@ iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -995,6 +1010,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -970,6 +985,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -132,7 +132,7 @@ /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1010,6 +1027,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -178,7 +178,7 @@ else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1052,8 +1108,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1027,8 +1083,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, ++++++ gnupg-2.1.9.tar.bz2 -> gnupg-2.1.10.tar.bz2 ++++++ ++++ 227358 lines of diff (skipped) ++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++ --- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:38.000000000 +0100 +++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:38.000000000 +0100 @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.9/doc/gpg.texi +Index: gnupg-2.1.10/doc/gpg.texi =================================================================== ---- gnupg-2.1.9.orig/doc/gpg.texi -+++ gnupg-2.1.9/doc/gpg.texi -@@ -1778,6 +1778,24 @@ implies, this option is for experts only +--- gnupg-2.1.10.orig/doc/gpg.texi 2015-12-04 14:28:28.840769433 +0100 ++++ gnupg-2.1.10/doc/gpg.texi 2015-12-04 14:28:33.784720588 +0100 +@@ -1875,6 +1875,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ @end table -Index: gnupg-2.1.9/g10/gpg.c +Index: gnupg-2.1.10/g10/gpg.c =================================================================== ---- gnupg-2.1.9.orig/g10/gpg.c -+++ gnupg-2.1.9/g10/gpg.c -@@ -386,6 +386,7 @@ enum cmd_and_opt_values - oNoAutostart, - oPrintPKARecords, - oPrintDANERecords, +--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:28:28.843769403 +0100 ++++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:29:04.084421214 +0100 +@@ -394,6 +394,7 @@ enum cmd_and_opt_values + oWeakDigest, + oUnwrap, + oOnlySignTextIDs, + oSetLegacyFips, oNoop }; -@@ -780,6 +781,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -796,6 +797,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common -@@ -3188,6 +3190,13 @@ main (int argc, char **argv) +@@ -3556,6 +3558,13 @@ main (int argc, char **argv) case oNoAutostart: opt.autostart = 0; break; ++++++ gnupg-set_umask_before_open_outfile.patch ++++++ --- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:38.000000000 +0100 +++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:38.000000000 +0100 @@ -1,7 +1,7 @@ -Index: gnupg-2.1.0/g10/plaintext.c +Index: gnupg-2.1.10/g10/plaintext.c =================================================================== ---- gnupg-2.1.0.orig/g10/plaintext.c 2014-11-07 11:35:18.100563974 +0100 -+++ gnupg-2.1.0/g10/plaintext.c 2014-11-07 16:51:59.919347340 +0100 +--- gnupg-2.1.10.orig/g10/plaintext.c 2015-11-30 17:39:52.000000000 +0100 ++++ gnupg-2.1.10/g10/plaintext.c 2015-12-04 14:26:56.876677813 +0100 @@ -25,6 +25,7 @@ #include <errno.h> #include <assert.h> @@ -18,9 +18,9 @@ +#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR) +#define GPG_SAFE_UMASK (0777 & ~GPG_SAFE_PERMS) - /* Handle a plaintext packet. If MFX is not NULL, update the MDs - * Note: We should have used the filter stuff here, but we have to add -@@ -169,11 +173,15 @@ handle_plaintext (PKT_plaintext * pt, md + /* Get the output filename. On success, the actual filename that is + used is set in *FNAMEP and a filepointer is returned in *FP. +@@ -146,11 +150,15 @@ get_output_file (const byte *embedded_na log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err)); goto leave; }
