Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2019-06-27 15:53:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Thu Jun 27 15:53:26 2019 rev:140 rq:710989 version:2.2.16 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2019-06-02 15:15:37.462097967 +0200 +++ /work/SRC/openSUSE:Factory/.gpg2.new.4615/gpg2.changes 2019-06-27 15:53:27.559943900 +0200 @@ -1,0 +2,6 @@ +Wed Jun 19 21:02:05 UTC 2019 - Jason Sikes <[email protected]> + +- Fix secure memory being disabled before fips checks in libgcrypt [boo#1137307] + * Added gnupg-2.2.16-secmem.patch + +------------------------------------------------------------------- New: ---- gnupg-2.2.16-secmem.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.PHpq0k/_old 2019-06-27 15:53:28.211944910 +0200 +++ /var/tmp/diff_new_pack.PHpq0k/_new 2019-06-27 15:53:28.211944910 +0200 @@ -36,6 +36,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-2.2.16-secmem.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -87,6 +88,7 @@ %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build ++++++ gnupg-2.2.16-secmem.patch ++++++ Index: gnupg-2.2.16/g10/gpg.c =================================================================== --- gnupg-2.2.16.orig/g10/gpg.c +++ gnupg-2.2.16/g10/gpg.c @@ -973,7 +973,7 @@ make_libversion (const char *libname, co if (maybe_setuid) { - gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ + gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ maybe_setuid = 0; } s = getfnc (NULL); @@ -1125,7 +1125,7 @@ build_list (const char *text, char lette char *string; if (maybe_setuid) - gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ + gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ indent = utf8_charcount (text, -1); len = 0; Index: gnupg-2.2.16/sm/gpgsm.c =================================================================== --- gnupg-2.2.16.orig/sm/gpgsm.c +++ gnupg-2.2.16/sm/gpgsm.c @@ -533,7 +533,7 @@ make_libversion (const char *libname, co if (maybe_setuid) { - gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ + gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ maybe_setuid = 0; } s = getfnc (NULL);
