Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2020-05-02 22:15:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Sat May 2 22:15:35 2020 rev:148 rq:799268 version:2.2.20 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2020-03-16 10:16:55.195552571 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new.2738/gpg2.changes 2020-05-02 22:15:47.276341286 +0200 @@ -1,0 +2,29 @@ +Thu Apr 30 13:59:33 UTC 2020 - Pedro Monreal Gonzalez <pmonrealgonza...@suse.com> + +- Fix gpgme and gpgme-qt builds on gpg2 2.2.20 update [bsc#1170811] +- Refresh patches: + * gnupg-2.2.8-files-are-digests.patch + * gnupg-add_legacy_FIPS_mode_option.patch + +------------------------------------------------------------------- +Fri Mar 20 20:17:44 UTC 2020 - Andreas Stieger <andreas.stie...@gmx.de> + +- GnuPG 2.2.20: + * Protect the error counter against overflow to guarantee that the + tools can't be tricked into returning success after an error + * gpg: Make really sure that --verify-files always returns an error + * gpg: Fix key listing --with-secret if a pattern is given + * gpg: Fix detection of certain keys used as default-key + * gpg: Fix default-key selection when a card is available + * gpg: Fix key expiration and key usage for keys created with a + creation date of zero + * gpgsm: Fix import of some CR,LF terminated certificates + * gpg: New options --include-key-block and --auto-key-import to + allow encrypted replies after an initial signed message + * gpg: Allow the use of a fingerprint with --trusted-key + * gpg: New property "fpr" for use by --export-filter + * scdaemon: Disable the pinpad if a KDF DO is used + * dirmngr: Improve finding OCSP certificates +- drop gpg2-gcc10-build-fno-common.patch, upstream + +------------------------------------------------------------------- Old: ---- gnupg-2.2.19.tar.bz2 gnupg-2.2.19.tar.bz2.sig gpg2-gcc10-build-fno-common.patch New: ---- gnupg-2.2.20.tar.bz2 gnupg-2.2.20.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.RZAnbZ/_old 2020-05-02 22:15:48.712344294 +0200 +++ /var/tmp/diff_new_pack.RZAnbZ/_new 2020-05-02 22:15:48.712344294 +0200 @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.19 +Version: 2.2.20 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -29,7 +29,6 @@ Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes -Patch1124847: gnupg-gpg-agent-ulimit.patch Patch4: gnupg-2.0.9-langinfo.patch Patch5: gnupg-2.2.8-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch @@ -40,8 +39,7 @@ Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch Patch14: gnupg-add-test-cases-for-import-without-uid.patch Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -# PATCH-FIX-UPSTREAM bsc#1160394 Fix gcc10 build -Patch16: gpg2-gcc10-build-fno-common.patch +Patch1124847: gnupg-gpg-agent-ulimit.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -107,7 +105,6 @@ %patch13 -p1 %patch14 -p1 %patch15 -p1 -%patch16 -p1 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build @@ -132,7 +129,7 @@ --enable-gpg-is-gpg2 \ --enable-Werror -make %{?_smp_mflags} +%make_build %install %make_install ++++++ gnupg-2.2.19.tar.bz2 -> gnupg-2.2.20.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.19.tar.bz2 /work/SRC/openSUSE:Factory/.gpg2.new.2738/gnupg-2.2.20.tar.bz2 differ: char 11, line 1 ++++++ gnupg-2.2.8-files-are-digests.patch ++++++ --- /var/tmp/diff_new_pack.RZAnbZ/_old 2020-05-02 22:15:48.776344428 +0200 +++ /var/tmp/diff_new_pack.RZAnbZ/_new 2020-05-02 22:15:48.776344428 +0200 @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.2.18/g10/gpg.c +Index: gnupg-2.2.20/g10/gpg.c =================================================================== ---- gnupg-2.2.18.orig/g10/gpg.c -+++ gnupg-2.2.18/g10/gpg.c -@@ -378,6 +378,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.20.orig/g10/gpg.c ++++ gnupg-2.2.20/g10/gpg.c +@@ -380,6 +380,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ oXauthority, oGroup, oUnGroup, -@@ -830,6 +831,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -834,6 +835,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,7 +24,7 @@ /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2412,6 +2414,7 @@ main (int argc, char **argv) +@@ -2421,6 +2423,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; @@ -32,19 +32,19 @@ opt.emit_version = 0; opt.weak_digests = NULL; -@@ -2988,6 +2991,7 @@ main (int argc, char **argv) +@@ -2997,6 +3000,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; + case oFilesAreDigests: opt.files_are_digests = 1; break; case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; - -Index: gnupg-2.2.18/g10/options.h + case oIncludeKeyBlock: opt.flags.include_key_block = 1; break; +Index: gnupg-2.2.20/g10/options.h =================================================================== ---- gnupg-2.2.18.orig/g10/options.h -+++ gnupg-2.2.18/g10/options.h -@@ -210,6 +210,7 @@ struct +--- gnupg-2.2.20.orig/g10/options.h ++++ gnupg-2.2.20/g10/options.h +@@ -202,6 +202,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.2.18/g10/sign.c +Index: gnupg-2.2.20/g10/sign.c =================================================================== ---- gnupg-2.2.18.orig/g10/sign.c -+++ gnupg-2.2.18/g10/sign.c +--- gnupg-2.2.20.orig/g10/sign.c ++++ gnupg-2.2.20/g10/sign.c @@ -43,6 +43,8 @@ #include "../common/mbox-util.h" #include "../common/compliance.h" @@ -65,7 +65,7 @@ #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" #else -@@ -749,6 +751,8 @@ write_signature_packets (ctrl_t ctrl, +@@ -834,6 +836,8 @@ write_signature_packets (ctrl_t ctrl, if (duration || opt.sig_policy_url || opt.sig_notations || opt.sig_keyserver_url) sig->version = 4; @@ -74,10 +74,10 @@ else sig->version = pk->version; -@@ -772,8 +776,12 @@ write_signature_packets (ctrl_t ctrl, - mk_notation_policy_etc (sig, NULL, pk); +@@ -860,8 +864,12 @@ write_signature_packets (ctrl_t ctrl, + else + err = 0; } - + if (!opt.files_are_digests) { hash_sigversion_to_magic (md, sig); gcry_md_final (md); @@ -85,9 +85,9 @@ + log_bug("files-are-digests doesn't work with v4 sigs\n"); + } - rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); - gcry_md_close (md); -@@ -835,6 +843,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + if (!err) + err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); +@@ -924,6 +932,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -96,7 +96,7 @@ pfx = new_progress_context (); afx = new_armor_context (); -@@ -852,7 +862,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -941,7 +951,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -114,7 +114,7 @@ if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -873,7 +892,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -962,7 +981,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -123,7 +123,7 @@ inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -1011,7 +1030,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1100,7 +1119,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -132,7 +132,7 @@ iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1066,6 +1085,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1155,6 +1174,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -141,7 +141,7 @@ /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1106,6 +1127,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1195,6 +1216,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -187,7 +187,7 @@ else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1124,8 +1184,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1213,8 +1273,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (ctrl, sk_list, out, mfx.md, ++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++ --- /var/tmp/diff_new_pack.RZAnbZ/_old 2020-05-02 22:15:48.796344470 +0200 +++ /var/tmp/diff_new_pack.RZAnbZ/_new 2020-05-02 22:15:48.796344470 +0200 @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.18/doc/gpg.texi +Index: gnupg-2.2.20/doc/gpg.texi =================================================================== ---- gnupg-2.2.18.orig/doc/gpg.texi -+++ gnupg-2.2.18/doc/gpg.texi -@@ -2115,6 +2115,24 @@ implies, this option is for experts only +--- gnupg-2.2.20.orig/doc/gpg.texi ++++ gnupg-2.2.20/doc/gpg.texi +@@ -2133,6 +2133,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ @end table -Index: gnupg-2.2.18/g10/gpg.c +Index: gnupg-2.2.20/g10/gpg.c =================================================================== ---- gnupg-2.2.18.orig/g10/gpg.c -+++ gnupg-2.2.18/g10/gpg.c -@@ -425,6 +425,7 @@ enum cmd_and_opt_values - oRequestOrigin, - oNoSymkeyCache, +--- gnupg-2.2.20.orig/g10/gpg.c ++++ gnupg-2.2.20/g10/gpg.c +@@ -429,6 +429,7 @@ enum cmd_and_opt_values oUseOnlyOpenPGPCard, + oIncludeKeyBlock, + oNoIncludeKeyBlock, + oSetLegacyFips, oNoop }; -@@ -870,6 +871,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3600,6 +3602,13 @@ main (int argc, char **argv) +@@ -3614,6 +3616,13 @@ main (int argc, char **argv) opt.flags.use_only_openpgp_card = 1; break;