Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2017-03-18 20:48:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Sat Mar 18 20:48:59 2017 rev:114 rq:479947 version:2.1.19 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2017-03-11 15:18:44.791114549 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2017-03-18 20:48:59.675104158 +0100 @@ -1,0 +2,7 @@ +Tue Mar 14 20:41:55 UTC 2017 - astie...@suse.com + +- Use stronger defaults for new users, using SHA-2 digest family + for certificates and message signatures - FATE#323084 + adding gnupg-2.1.19-stronger-defaults.patch + +------------------------------------------------------------------- New: ---- gnupg-2.1.19-stronger-defaults.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.P6lO6l/_old 2017-03-18 20:49:00.490988574 +0100 +++ /var/tmp/diff_new_pack.P6lO6l/_new 2017-03-18 20:49:00.494988007 +0100 @@ -34,6 +34,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-2.1.19-stronger-defaults.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.4.3 @@ -86,6 +87,7 @@ %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) ++++++ gnupg-2.1.19-stronger-defaults.patch ++++++ From: Andreas Stieger <astie...@suse.com> Date: Tue, 14 Mar 2017 20:43:20 +0000 Subject; FATE#323084: Stronger GnuPG defaults References: FATE#323084 Upstream: no Index: gnupg-2.1.19/g10/options.skel =================================================================== --- gnupg-2.1.19.orig/g10/options.skel +++ gnupg-2.1.19/g10/options.skel @@ -137,3 +137,15 @@ # Uncomment the following option to get rid of the copyright notice #no-greeting + +# SUSE recommended output options +with-fingerprint +keyid-format 0xlong +no-emit-version + +# SUSE recommends SHA-2 family of hashes for all +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed +cert-digest-algo SHA512 +digest-algo SHA512 +