Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2023-05-17 10:52:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Wed May 17 10:52:48 2023 rev:165 rq:1087520 version:2.3.8 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2023-05-16 14:27:04.471621239 +0200 +++ /work/SRC/openSUSE:Factory/.gpg2.new.1533/gpg2.changes 2023-05-17 10:53:05.219333121 +0200 @@ -2,164 +1,0 @@ -Sat Apr 29 08:25:46 UTC 2023 - Pedro Monreal <[email protected]> - -- Temporarily revert back to the pre-2.4 default for key generation. - The new rfc4880bis has been set as the default in 2.4 version and - might create incompatible keys. Note that, rfc4880bis can still - be used with the option flag --rfc4880bis as in previous versions. - * More info in the gnupg-devel ML: - https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html - * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 - * Add gnupg-revert-rfc4880bis.patch - -------------------------------------------------------------------- -Sat Apr 29 08:12:32 UTC 2023 - Pedro Monreal <[email protected]> - -- Allow 8192 bit RSA keys in keygen UI when large_rsa is set - * Add gnupg-allow-large-rsa.patch - -------------------------------------------------------------------- -Sat Apr 29 08:01:16 UTC 2023 - Pedro Monreal <[email protected]> - -- Enable the regression tests: Fix the regression test suite that - fails with the IBM TPM Software stack. Builds fine using the Intel - TPM; use the swtpm and tpm2-0-tss-devel packages instead of - ibmswtpm2 and ibmtss-devel. - -------------------------------------------------------------------- -Fri Apr 28 17:32:11 UTC 2023 - David Anes <[email protected]> - -- Rebased patches: - * gnupg-add_legacy_FIPS_mode_option.patch - -- Removed patches (already upstream): - * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - -- Don't ship systemd examples, as they are removed from upstream - release tarball. - -- Update to 2.4.1: - * If the ~/.gnupg directory does not exist, the keyboxd is now - automagically enabled. - * gpg: New option --add-desig-revoker. - * gpg: New option --assert-signer. - * gpg: New command --quick-add-adsk and other ADSK features. - * gpg: New list-option "show-unusable-sigs". Also show - "[self-signature]" instead of the user-id in key signature - listings. - * gpg: For symmetric encryption the default S2K hash is now SHA256. - * gpg: Detect already compressed data also when using a pipe. Also - detect JPEG and PNG file formats. - * gpg: New subcommand "openpgp" for --card-edit. - * gpgsm: Verification of detached signatures does now strip trailing - zeroes from the input if --assume-binary is used. - * gpgsm: Non-armored detached signature are now created without - using indefinite form length octets. This improves compatibility - with some PDF signature verification software. - * gpgtar: Emit progress status lines in create mode. - * dirmngr: The LDAP modifyTimestamp is now returned by some - keyserver commands. - * ssh: Allow specification of the order keys are presented to ssh. - See the man page entry for --enable-ssh-support. - * gpg: Make list-options "show-sig-subpackets" work again. - Fixes regression in 2.4.0. - * gpg: Fix the keytocard command for Yubikeys. - * gpg: Do not continue an export after a cancel for the primary key. - * gpg: Replace the --override-compliance-check hack by a real fix. - * gpgtar: Fix decryption with input taken from stdin. - -------------------------------------------------------------------- -Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <[email protected]> - -- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 - * The original patch has been modified to expand the changes - also to the tests/gpgme/Makefile.in file. - * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - -------------------------------------------------------------------- -Tue Dec 20 16:01:05 UTC 2022 - David Anes <[email protected]> - -- Updated to require libgpg-error-devel >= 1.46 - -- Rebased patches: - * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch - * gnupg-add_legacy_FIPS_mode_option.patch - -- GnuPG 2.4.0: - * common: Fix translations in --help for gpgrt < 1.47. - * gpg: Do not continue the export after a cancel for the primary key. - * gpg: Replace use of PRIu64 in log_debug. - * Update NEWS for 2.4.0. - * tests: Fix make check with GPGME. - * agent: Allow arguments to "scd serialno" in restricted mode. - * scd:p15: Skip deleted records. - * build: Remove Windows CE support. - * wkd: Do not send/install/mirror expired user ids. - * gpgsm: Print the revocation time also with --verify. - * gpgsm: Fix "problem re-searching certificate" case. - * gpgsm: Print revocation date and reason in cert listings. - * gpgsm: Silence the "non-critical certificate policy not allowed". - * gpgsm: Always use the chain model if the root-CA requests this. - * gpg: New export option "mode1003". - * gpg: Remove a mostly duplicated function. - * tests: Simplify fake-pinentry to use the option only. - * tests: Fix fake-pinentry for Windows. - * tests: Fix make check-all. - * agent: Fix import of protected v5 keys. - * gpgsm: Change default algo to AES-256. - * tests: Put a workaround for semihosted environment. - * tests: More fix for semihosted environment. - * tests: Support semihosted environment. - * tests: Fix tests under cms. - * tests,w32: Fix for semihosted environment. - * w32: Fix for tests on semihosted environment. - * w32: Fix gnupg_unsetenv. - * wkd: New option --add-revocs and some fixes. - * wkd: Make use of --debug extprog. - * gpg: New export-filter export-revocs. - * gpg: Fix double-free in gpg --card-edit. - * gpg: Make --require-compliance work with out --status-fd. - * gpg: New option --list-filter. - * dirmngr: Silence ocsp debug output. - * tests: Fix to support --enable-all-tests and variants. - * tests:w32: Fix for non-dot file name for Windows. - * tests:gpgscm:w32: Fix for GetTempPath. - * tests: Keep .log files in objdir. - * tests: Use 233 for invalid value of FD. - * w32: Fix gnupg_tmpfile for possible failure. - * scd: Redact --debug cardio output of a VERIFY APDU. - * common: Remove Windows CE support in common. - * gpgsm: Fix colon outout of ECC encryption certificates. - * scd:nks: Fix ECC signing if key not given by keygrip. - * dirmngr: Fix verification of ECDSA signed CRLs. - * agent: Allow trustlist on Windows in Unicode homedirs. - * gpg: Fix verification of cleartext signatures with overlong lines. - * gpg: Move w32_system function. - * gpg: New option --quick-update-pref. - * gpg: New list-options show-pref and show-pref-verbose. - * tests: Add tests to check that OCB is only used for capable keys. - * gpg: Make --list-packets work w/o --no-armor for plain OCB packets. - * tests: Add symmetric decryption tests. - * tests: Add tr:assert-same function. - * agent: Avoid blanks in the ssh key's comment. - * build: Update m4 files. - * gpg: Merge --rfc4880bis features into --gnupg. - * gpg: Allow only OCB for AEAD encryption. - * gpg: New option --compatibility-flags. - * gpgsm: Also announce AES256-CBC in signatures. - * gpg: Fix trusted introducer for user-ids with only the mbox. - * gpg: Import stray revocation certificates. - * agent: Automatically convert to extended key format by KEYATTR. - * card: New commands "gpg" and "gpgsm". - * card: Also show fingerprints of known X.509 certificates. - * scd:nks: Support non-ESIGN signing with the Signature Card v2. - * gpgsm: Allow ECC encryption keys with just keyAgreement specified. - * gpgsm: Use macro constants for cert_usage_p. - * build: Update gpg-error.m4. - * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument. - * gpg: Move NETLIBS after GPG_ERROR_LIBS. - * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future. - * common,w32: Fix struct stat on Windows. - * agent,w32: Support Win32-OpenSSH emulation by gpg-agent. - * common: Don't use FD2INT for POSIX-only code. - * dirmngr: Fix build with no LDAP support. - -------------------------------------------------------------------- Old: ---- gnupg-2.4.1.tar.bz2 gnupg-2.4.1.tar.bz2.sig gnupg-allow-large-rsa.patch gnupg-revert-rfc4880bis.patch New: ---- gnupg-2.3.8.tar.bz2 gnupg-2.3.8.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.tquKFI/_old 2023-05-17 10:53:05.839336460 +0200 +++ /var/tmp/diff_new_pack.tquKFI/_new 2023-05-17 10:53:05.847336503 +0200 @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.4.1 +Version: 2.3.8 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -39,23 +39,19 @@ Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch9: gnupg-add-test-cases-for-import-without-uid.patch Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set -Patch11: gnupg-allow-large-rsa.patch -#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation -Patch12: gnupg-revert-rfc4880bis.patch BuildRequires: expect BuildRequires: fdupes +BuildRequires: ibmswtpm2 +BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.46 -BuildRequires: libksba-devel >= 1.6.3 +BuildRequires: libgpg-error-devel >= 1.41 +BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel BuildRequires: pkgconfig BuildRequires: readline-devel -BuildRequires: swtpm -BuildRequires: tpm2-0-tss-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) @@ -64,7 +60,6 @@ # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 Requires: libgcrypt20 >= 1.9.1 -Requires: libgpg-error >= 1.46 Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} @@ -120,7 +115,6 @@ --with-dirmngr-pgm=%{_bindir}/dirmngr \ --with-scdaemon-pgm=%{_bindir}/scdaemon \ --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ - --disable-rpath \ --enable-ldap \ --enable-gpgsm=yes \ --enable-gpgtar \ @@ -129,9 +123,7 @@ --enable-wks-tools \ --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ - --with-tss=intel \ - --enable-all-tests \ - --enable-build-timestamp=${date} \ + --enable-build-timestamp=$date \ --enable-gpg-is-gpg2 %make_build @@ -139,11 +131,10 @@ %install %make_install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ -# install gpgconf.conf bnc#391347 +# bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg # delete to prevent fdupes from creating cross-partition hardlink rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf -# remove info dir rm %{buildroot}%{_infodir}/dir # compat symlinks ln -sf gpg2 %{buildroot}%{_bindir}/gpg @@ -164,7 +155,10 @@ %fdupes -s %{buildroot} %check -%make_build check || : +# Run only localy, fails in OBS +#%%if ! 0%%{?qemu_user_space_build} +#make %%{?_smp_mflags} check +#%%endif %post %udev_rules_update @@ -172,11 +166,12 @@ %files lang -f gnupg2.lang %files -%license COPYING* -%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ %{_infodir}/gnupg* %exclude %{_mandir}/*/dirmngr*%{ext_man} %{_mandir}/*/*%{ext_man} +%license COPYING* +%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ +%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.* %doc %{_docdir}/%{name} %exclude %{_bindir}/dirmngr* %exclude %{_bindir}/tpm2daemon* @@ -193,6 +188,7 @@ %files -n dirmngr %license COPYING* %{_mandir}/*/dirmngr*%{ext_man} +%{_docdir}/%{name}/examples/systemd-user/dirmngr.* %{_bindir}/dirmngr* %files tpm ++++++ gnupg-2.4.1.tar.bz2 -> gnupg-2.3.8.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/gpg2/gnupg-2.4.1.tar.bz2 /work/SRC/openSUSE:Factory/.gpg2.new.1533/gnupg-2.3.8.tar.bz2 differ: char 11, line 1 ++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++ --- /var/tmp/diff_new_pack.tquKFI/_old 2023-05-17 10:53:05.903336804 +0200 +++ /var/tmp/diff_new_pack.tquKFI/_new 2023-05-17 10:53:05.907336826 +0200 @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.4.1/doc/gpg.texi +Index: gnupg-2.3.5/doc/gpg.texi =================================================================== ---- gnupg-2.4.1.orig/doc/gpg.texi -+++ gnupg-2.4.1/doc/gpg.texi -@@ -2285,6 +2285,24 @@ implies, this option is for experts only +--- gnupg-2.3.5.orig/doc/gpg.texi ++++ gnupg-2.3.5/doc/gpg.texi +@@ -2197,6 +2197,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,38 +32,39 @@ @end table -Index: gnupg-2.4.1/g10/gpg.c +Index: gnupg-2.3.5/g10/gpg.c =================================================================== ---- gnupg-2.4.1.orig/g10/gpg.c -+++ gnupg-2.4.1/g10/gpg.c -@@ -444,6 +444,7 @@ enum cmd_and_opt_values +--- gnupg-2.3.5.orig/g10/gpg.c ++++ gnupg-2.3.5/g10/gpg.c +@@ -443,6 +443,7 @@ enum cmd_and_opt_values oForceSignKey, oForbidGenKey, oRequireCompliance, + oSetLegacyFips, - oCompatibilityFlags, - oAddDesigRevoker, - oAssertSigner, -@@ -978,6 +979,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), - ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), - ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), -+ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + oNoop + }; +@@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), + ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), + ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), ++ ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), - ARGPARSE_group (302, N_( -@@ -3743,6 +3745,13 @@ main (int argc, char **argv) - add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str); - break; - -+ case oSetLegacyFips: -+ if(gcry_fips_mode_active()) -+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, -+ "Enable legacy support in FIPS 140-2 mode"); -+ else -+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); -+ break; + ARGPARSE_header (NULL, N_("Options for unattended use")), +@@ -3737,6 +3739,14 @@ main (int argc, char **argv) + opt.flags.require_compliance = 1; + break; + ++ case oSetLegacyFips: ++ if(gcry_fips_mode_active()) ++ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, ++ "Enable legacy support in FIPS 140-2 mode"); ++ else ++ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); ++ break; ++ case oNoop: break; + default: ++++++ gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch ++++++ --- /var/tmp/diff_new_pack.tquKFI/_old 2023-05-17 10:53:05.919336891 +0200 +++ /var/tmp/diff_new_pack.tquKFI/_new 2023-05-17 10:53:05.919336891 +0200 @@ -17,11 +17,11 @@ g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.4.0/g10/import.c +Index: gnupg-2.3.0/g10/import.c =================================================================== ---- gnupg-2.4.0.orig/g10/import.c -+++ gnupg-2.4.0/g10/import.c -@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.3.0.orig/g10/import.c ++++ gnupg-2.3.0/g10/import.c +@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,7 +29,7 @@ KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, +@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -44,12 +44,13 @@ if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, +@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, + xfree(user); } } - +- - /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) +- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) - { - if (!silent) - { @@ -63,11 +64,11 @@ + /* Delete invalid parts, and note if we have any valid ones left. + * We will later abort import if this key is new but contains + * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); ++ delete_inv_parts (ctrl, keyblock, keyid, options); /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, +@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -92,7 +93,7 @@ } /* The keyblock is valid and ready for real import. */ -@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, +@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; }
