commit gpg2 for openSUSE:Factory

root Fri, 22 Jun 2018 04:12:02 -0700

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-06-22 13:11:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and      /work/SRC/openSUSE:Factory/.gpg2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "gpg2"

Fri Jun 22 13:11:25 2018 rev:128 rq:615264 version:2.2.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes        2018-05-08 
13:32:16.480520492 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-06-22 
13:11:37.927383805 +0200
@@ -1,0 +2,22 @@
+Fri Jun  8 14:37:06 UTC 2018 - [email protected]
+
+- Update to version 2.2.8:
+  * gpg: Decryption of messages not using the MDC mode will now lead to a
+    hard failure even if a legacy cipher algorithm was used. The option
+    --ignore-mdc-error can be used to turn this failure into a warning. Take
+    care: Never use that option unconditionally or without a prior warning.
+  * gpg: The MDC encryption mode is now always used regardless of the
+    cipher algorithm or any preferences.  For testing --rfc2440 can be
+    used to create a message without an MDC.
+  * gpg: Sanitize the diagnostic output of the original file name in
+    verbose mode (bsc#1096745, CVE-2018-12020)
+  * gpg: Detect suspicious multiple plaintext packets in a more reliable way.
+  * gpg: Fix the duplicate key signature detection code.
+  * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
+    --disable-mdc and --no-disable-mdc have no more effect.
+  * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
+    list of startup environment variables.
+- Refresh gnupg-2.0.18-files-are-digests.patch
+  to gnupg-2.2.8-files-are-digests.patch
+
+-------------------------------------------------------------------

Old:
----
  gnupg-2.0.18-files-are-digests.patch
  gnupg-2.2.7.tar.bz2
  gnupg-2.2.7.tar.bz2.sig

New:
----
  gnupg-2.2.8-files-are-digests.patch
  gnupg-2.2.8.tar.bz2
  gnupg-2.2.8.tar.bz2.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gpg2.spec ++++++
--- /var/tmp/diff_new_pack.eHwCAt/_old  2018-06-22 13:11:38.875348649 +0200
+++ /var/tmp/diff_new_pack.eHwCAt/_new  2018-06-22 13:11:38.879348501 +0200
@@ -17,19 +17,19 @@
 
 
 Name:           gpg2
-Version:        2.2.7
+Version:        2.2.8
 Release:        0
 Summary:        File encryption, decryption, signature creation and 
verification utility
-License:        GPL-3.0+
+License:        GPL-3.0-or-later
 Group:          Productivity/Networking/Security
-Url:            http://www.gnupg.org/aegypten2/
+URL:            https://www.gnupg.org
 Source:         ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
 Source2:        ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 # https://www.gnupg.org/signature_key.html
 Source3:        %{name}.keyring
 Source99:       %{name}.changes
 Patch4:         gnupg-2.0.9-langinfo.patch
-Patch5:         gnupg-2.0.18-files-are-digests.patch
+Patch5:         gnupg-2.2.8-files-are-digests.patch
 Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch

++++++ gnupg-2.0.18-files-are-digests.patch -> 
gnupg-2.2.8-files-are-digests.patch ++++++
--- /work/SRC/openSUSE:Factory/gpg2/gnupg-2.0.18-files-are-digests.patch        
2017-09-04 12:26:34.241779443 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.8-files-are-digests.patch    
2018-06-22 13:11:30.627654521 +0200
@@ -4,11 +4,11 @@
  g10/sign.c    |   68 
++++++++++++++++++++++++++++++++++++++++++++++++++++------
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.23/g10/gpg.c
+Index: gnupg-2.2.8/g10/gpg.c
 ===================================================================
---- gnupg-2.1.23.orig/g10/gpg.c        2017-08-09 15:46:17.000000000 +0200
-+++ gnupg-2.1.23/g10/gpg.c     2017-08-10 16:21:26.692847431 +0200
-@@ -380,6 +380,7 @@ enum cmd_and_opt_values
+--- gnupg-2.2.8.orig/g10/gpg.c 2018-06-06 11:59:06.000000000 +0200
++++ gnupg-2.2.8/g10/gpg.c      2018-06-08 16:34:33.287514003 +0200
+@@ -376,6 +376,7 @@ enum cmd_and_opt_values
      oTTYtype,
      oLCctype,
      oLCmessages,
@@ -16,7 +16,7 @@
      oXauthority,
      oGroup,
      oUnGroup,
-@@ -829,6 +830,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -824,6 +825,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
    ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
    ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,7 +24,7 @@
  
    /* Aliases.  I constantly mistype these, and assume other people do
       as well. */
-@@ -2388,6 +2390,7 @@ main (int argc, char **argv)
+@@ -2392,6 +2394,7 @@ main (int argc, char **argv)
      opt.def_cert_expire = "0";
      gnupg_set_homedir (NULL);
      opt.passphrase_repeat = 1;
@@ -32,19 +32,19 @@
      opt.emit_version = 0;
      opt.weak_digests = NULL;
  
-@@ -2952,6 +2955,7 @@ main (int argc, char **argv)
+@@ -2963,6 +2966,7 @@ main (int argc, char **argv)
            opt.verify_options&=~VERIFY_SHOW_PHOTOS;
            break;
          case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
 +        case oFilesAreDigests: opt.files_are_digests = 1; break;
  
-         case oForceMDC: opt.force_mdc = 1; break;
-         case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.23/g10/options.h
+           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
+ 
+Index: gnupg-2.2.8/g10/options.h
 ===================================================================
---- gnupg-2.1.23.orig/g10/options.h    2017-08-09 15:46:17.000000000 +0200
-+++ gnupg-2.1.23/g10/options.h 2017-08-10 16:21:26.692847431 +0200
-@@ -213,6 +213,7 @@ struct
+--- gnupg-2.2.8.orig/g10/options.h     2018-05-31 12:03:06.000000000 +0200
++++ gnupg-2.2.8/g10/options.h  2018-06-08 16:34:33.287514003 +0200
+@@ -210,6 +210,7 @@ struct
    int no_auto_check_trustdb;
    int preserve_permissions;
    int no_homedir_creation;
@@ -52,10 +52,10 @@
    struct groupitem *grouplist;
    int mangle_dos_filenames;
    int enable_progress_filter;
-Index: gnupg-2.1.23/g10/sign.c
+Index: gnupg-2.2.8/g10/sign.c
 ===================================================================
---- gnupg-2.1.23.orig/g10/sign.c       2017-07-28 19:39:06.000000000 +0200
-+++ gnupg-2.1.23/g10/sign.c    2017-08-10 16:21:26.692847431 +0200
+--- gnupg-2.2.8.orig/g10/sign.c        2017-08-28 12:22:54.000000000 +0200
++++ gnupg-2.2.8/g10/sign.c     2018-06-08 16:34:33.287514003 +0200
 @@ -43,6 +43,8 @@
  #include "../common/mbox-util.h"
  #include "../common/compliance.h"

++++++ gnupg-2.2.7.tar.bz2 -> gnupg-2.2.8.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.7.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.8.tar.bz2 differ: char 11, line 1

commit gpg2 for openSUSE:Factory

Reply via email to