Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2022-08-10 17:12:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.1521 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Wed Aug 10 17:12:29 2022 rev:162 rq:993850 version:2.3.7 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2022-07-31 23:00:28.827610941 +0200 +++ /work/SRC/openSUSE:Factory/.gpg2.new.1521/gpg2.changes 2022-08-10 17:12:37.949603455 +0200 @@ -1,0 +2,6 @@ +Mon Aug 8 18:00:44 UTC 2022 - Andreas Stieger <[email protected]> + +- Fix YubiKey 5 Nano support (boo#1202201), add + gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch + +------------------------------------------------------------------- New: ---- gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.axRsrW/_old 2022-08-10 17:12:38.785605637 +0200 +++ /var/tmp/diff_new_pack.axRsrW/_new 2022-08-10 17:12:38.789605648 +0200 @@ -39,6 +39,7 @@ Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +Patch11: gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: ibmswtpm2 ++++++ gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ++++++ >From f34b9147eb3070bce80d53febaa564164cd6c977 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka <[email protected]> Date: Wed, 13 Jul 2022 10:40:55 +0900 Subject: [PATCH] scd:openpgp: Fix workaround for Yubikey heuristics. References: https://bugzilla.opensuse.org/show_bug.cgi?id=1202201 * scd/app-openpgp.c (parse_algorithm_attribute): Handle the case of firmware 5.4, too. -- GnuPG-bug-id: 6070 Signed-off-by: NIIBE Yutaka <[email protected]> --- scd/app-openpgp.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 8bb346a86..4667416df 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -6259,15 +6259,28 @@ parse_algorithm_attribute (app_t app, int keyno) app->app_local->keyattr[keyno].ecc.algo = *buffer; app->app_local->keyattr[keyno].ecc.flags = 0; - if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY - || buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) - { /* Found "pubkey required"-byte for private key template. */ - oidlen--; - if (buffer[buflen-1] == 0xff) - app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; + if (APP_CARD(app)->cardtype == CARDTYPE_YUBIKEY) + { + /* Yubikey implementations vary. + * Firmware version 5.2 returns "pubkey required"-byte with + * 0x00, but after removal and second time insertion, it + * returns bogus value there. + * Firmware version 5.4 returns none. + */ + curve = ecc_curve (buffer + 1, oidlen); + if (!curve) + curve = ecc_curve (buffer + 1, oidlen - 1); + } + else + { + if (buffer[buflen-1] == 0x00 || buffer[buflen-1] == 0xff) + { /* Found "pubkey required"-byte for private key template. */ + oidlen--; + if (buffer[buflen-1] == 0xff) + app->app_local->keyattr[keyno].ecc.flags |= ECC_FLAG_PUBKEY; + } + curve = ecc_curve (buffer + 1, oidlen); } - - curve = ecc_curve (buffer + 1, oidlen); if (!curve) { -- 2.37.1
