Hello community,
here is the log from the commit of package gpg2 for openSUSE:Factory checked in
at 2020-05-02 22:15:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
and /work/SRC/openSUSE:Factory/.gpg2.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2"
Sat May 2 22:15:35 2020 rev:148 rq:799268 version:2.2.20
Changes:
--------
--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2020-03-16
10:16:55.195552571 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.2738/gpg2.changes 2020-05-02
22:15:47.276341286 +0200
@@ -1,0 +2,29 @@
+Thu Apr 30 13:59:33 UTC 2020 - Pedro Monreal Gonzalez
<pmonrealgonza...@suse.com>
+
+- Fix gpgme and gpgme-qt builds on gpg2 2.2.20 update [bsc#1170811]
+- Refresh patches:
+ * gnupg-2.2.8-files-are-digests.patch
+ * gnupg-add_legacy_FIPS_mode_option.patch
+
+-------------------------------------------------------------------
+Fri Mar 20 20:17:44 UTC 2020 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- GnuPG 2.2.20:
+ * Protect the error counter against overflow to guarantee that the
+ tools can't be tricked into returning success after an error
+ * gpg: Make really sure that --verify-files always returns an error
+ * gpg: Fix key listing --with-secret if a pattern is given
+ * gpg: Fix detection of certain keys used as default-key
+ * gpg: Fix default-key selection when a card is available
+ * gpg: Fix key expiration and key usage for keys created with a
+ creation date of zero
+ * gpgsm: Fix import of some CR,LF terminated certificates
+ * gpg: New options --include-key-block and --auto-key-import to
+ allow encrypted replies after an initial signed message
+ * gpg: Allow the use of a fingerprint with --trusted-key
+ * gpg: New property "fpr" for use by --export-filter
+ * scdaemon: Disable the pinpad if a KDF DO is used
+ * dirmngr: Improve finding OCSP certificates
+- drop gpg2-gcc10-build-fno-common.patch, upstream
+
+-------------------------------------------------------------------
Old:
----
gnupg-2.2.19.tar.bz2
gnupg-2.2.19.tar.bz2.sig
gpg2-gcc10-build-fno-common.patch
New:
----
gnupg-2.2.20.tar.bz2
gnupg-2.2.20.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gpg2.spec ++++++
--- /var/tmp/diff_new_pack.RZAnbZ/_old 2020-05-02 22:15:48.712344294 +0200
+++ /var/tmp/diff_new_pack.RZAnbZ/_new 2020-05-02 22:15:48.712344294 +0200
@@ -17,7 +17,7 @@
Name: gpg2
-Version: 2.2.19
+Version: 2.2.20
Release: 0
Summary: File encryption, decryption, signature creation and
verification utility
License: GPL-3.0-or-later
@@ -29,7 +29,6 @@
Source3: %{name}.keyring
Source4: scdaemon.udev
Source99: %{name}.changes
-Patch1124847: gnupg-gpg-agent-ulimit.patch
Patch4: gnupg-2.0.9-langinfo.patch
Patch5: gnupg-2.2.8-files-are-digests.patch
Patch6: gnupg-dont-fail-with-seahorse-agent.patch
@@ -40,8 +39,7 @@
Patch13:
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
Patch14: gnupg-add-test-cases-for-import-without-uid.patch
Patch15:
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
-# PATCH-FIX-UPSTREAM bsc#1160394 Fix gcc10 build
-Patch16: gpg2-gcc10-build-fno-common.patch
+Patch1124847: gnupg-gpg-agent-ulimit.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: libassuan-devel >= 2.5.0
@@ -107,7 +105,6 @@
%patch13 -p1
%patch14 -p1
%patch15 -p1
-%patch16 -p1
touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not
have man pages and info files have the build date (boo#1047218)
%build
@@ -132,7 +129,7 @@
--enable-gpg-is-gpg2 \
--enable-Werror
-make %{?_smp_mflags}
+%make_build
%install
%make_install
++++++ gnupg-2.2.19.tar.bz2 -> gnupg-2.2.20.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.19.tar.bz2
/work/SRC/openSUSE:Factory/.gpg2.new.2738/gnupg-2.2.20.tar.bz2 differ: char 11,
line 1
++++++ gnupg-2.2.8-files-are-digests.patch ++++++
--- /var/tmp/diff_new_pack.RZAnbZ/_old 2020-05-02 22:15:48.776344428 +0200
+++ /var/tmp/diff_new_pack.RZAnbZ/_new 2020-05-02 22:15:48.776344428 +0200
@@ -4,11 +4,11 @@
g10/sign.c | 68
++++++++++++++++++++++++++++++++++++++++++++++++++++------
3 files changed, 67 insertions(+), 6 deletions(-)
-Index: gnupg-2.2.18/g10/gpg.c
+Index: gnupg-2.2.20/g10/gpg.c
===================================================================
---- gnupg-2.2.18.orig/g10/gpg.c
-+++ gnupg-2.2.18/g10/gpg.c
-@@ -378,6 +378,7 @@ enum cmd_and_opt_values
+--- gnupg-2.2.20.orig/g10/gpg.c
++++ gnupg-2.2.20/g10/gpg.c
+@@ -380,6 +380,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
@@ -16,7 +16,7 @@
oXauthority,
oGroup,
oUnGroup,
-@@ -830,6 +831,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -834,6 +835,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,7 +24,7 @@
/* Aliases. I constantly mistype these, and assume other people do
as well. */
-@@ -2412,6 +2414,7 @@ main (int argc, char **argv)
+@@ -2421,6 +2423,7 @@ main (int argc, char **argv)
opt.def_cert_expire = "0";
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
@@ -32,19 +32,19 @@
opt.emit_version = 0;
opt.weak_digests = NULL;
-@@ -2988,6 +2991,7 @@ main (int argc, char **argv)
+@@ -2997,6 +3000,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
+ case oFilesAreDigests: opt.files_are_digests = 1; break;
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
-
-Index: gnupg-2.2.18/g10/options.h
+ case oIncludeKeyBlock: opt.flags.include_key_block = 1; break;
+Index: gnupg-2.2.20/g10/options.h
===================================================================
---- gnupg-2.2.18.orig/g10/options.h
-+++ gnupg-2.2.18/g10/options.h
-@@ -210,6 +210,7 @@ struct
+--- gnupg-2.2.20.orig/g10/options.h
++++ gnupg-2.2.20/g10/options.h
+@@ -202,6 +202,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@@ -52,10 +52,10 @@
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
-Index: gnupg-2.2.18/g10/sign.c
+Index: gnupg-2.2.20/g10/sign.c
===================================================================
---- gnupg-2.2.18.orig/g10/sign.c
-+++ gnupg-2.2.18/g10/sign.c
+--- gnupg-2.2.20.orig/g10/sign.c
++++ gnupg-2.2.20/g10/sign.c
@@ -43,6 +43,8 @@
#include "../common/mbox-util.h"
#include "../common/compliance.h"
@@ -65,7 +65,7 @@
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
#else
-@@ -749,6 +751,8 @@ write_signature_packets (ctrl_t ctrl,
+@@ -834,6 +836,8 @@ write_signature_packets (ctrl_t ctrl,
if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
@@ -74,10 +74,10 @@
else
sig->version = pk->version;
-@@ -772,8 +776,12 @@ write_signature_packets (ctrl_t ctrl,
- mk_notation_policy_etc (sig, NULL, pk);
+@@ -860,8 +864,12 @@ write_signature_packets (ctrl_t ctrl,
+ else
+ err = 0;
}
-
+ if (!opt.files_are_digests) {
hash_sigversion_to_magic (md, sig);
gcry_md_final (md);
@@ -85,9 +85,9 @@
+ log_bug("files-are-digests doesn't work with v4 sigs\n");
+ }
- rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
- gcry_md_close (md);
-@@ -835,6 +843,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+ if (!err)
+ err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
+@@ -924,6 +932,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
@@ -96,7 +96,7 @@
pfx = new_progress_context ();
afx = new_armor_context ();
-@@ -852,7 +862,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -941,7 +951,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
@@ -114,7 +114,7 @@
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -873,7 +892,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -962,7 +981,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
/* prepare iobufs */
@@ -123,7 +123,7 @@
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
-@@ -1011,7 +1030,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1100,7 +1119,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@@ -132,7 +132,7 @@
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag)
-@@ -1066,6 +1085,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1155,6 +1174,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
@@ -141,7 +141,7 @@
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
-@@ -1106,6 +1127,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1195,6 +1216,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
log_printf ("\n");
}
@@ -187,7 +187,7 @@
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
-@@ -1124,8 +1184,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1213,8 +1273,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++
--- /var/tmp/diff_new_pack.RZAnbZ/_old 2020-05-02 22:15:48.796344470 +0200
+++ /var/tmp/diff_new_pack.RZAnbZ/_new 2020-05-02 22:15:48.796344470 +0200
@@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
-Index: gnupg-2.2.18/doc/gpg.texi
+Index: gnupg-2.2.20/doc/gpg.texi
===================================================================
---- gnupg-2.2.18.orig/doc/gpg.texi
-+++ gnupg-2.2.18/doc/gpg.texi
-@@ -2115,6 +2115,24 @@ implies, this option is for experts only
+--- gnupg-2.2.20.orig/doc/gpg.texi
++++ gnupg-2.2.20/doc/gpg.texi
+@@ -2133,6 +2133,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
@@ -32,19 +32,19 @@
@end table
-Index: gnupg-2.2.18/g10/gpg.c
+Index: gnupg-2.2.20/g10/gpg.c
===================================================================
---- gnupg-2.2.18.orig/g10/gpg.c
-+++ gnupg-2.2.18/g10/gpg.c
-@@ -425,6 +425,7 @@ enum cmd_and_opt_values
- oRequestOrigin,
- oNoSymkeyCache,
+--- gnupg-2.2.20.orig/g10/gpg.c
++++ gnupg-2.2.20/g10/gpg.c
+@@ -429,6 +429,7 @@ enum cmd_and_opt_values
oUseOnlyOpenPGPCard,
+ oIncludeKeyBlock,
+ oNoIncludeKeyBlock,
+ oSetLegacyFips,
oNoop
};
-@@ -870,6 +871,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -52,7 +52,7 @@
ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
-@@ -3600,6 +3602,13 @@ main (int argc, char **argv)
+@@ -3614,6 +3616,13 @@ main (int argc, char **argv)
opt.flags.use_only_openpgp_card = 1;
break;
