Hello community,
here is the log from the commit of package gpg2 for openSUSE:Factory checked in
at 2015-01-21 21:50:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
and /work/SRC/openSUSE:Factory/.gpg2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2014-12-29
00:32:01.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2015-01-21
21:50:37.000000000 +0100
@@ -1,0 +2,36 @@
+Fri Dec 26 21:15:55 UTC 2014 - andreas.stie...@gmx.de
+
+- update to 2.1.1:
+ * gpg: Detect faulty use of --verify on detached signatures.
+ * gpg: New import option "keep-ownertrust".
+ * gpg: New sub-command "factory-reset" for --card-edit.
+ * gpg: A stub key for smartcards is now created by --card-status.
+ * gpg: Fixed regression in --refresh-keys.
+ * gpg: Fixed regresion in %g and %p codes for --sig-notation.
+ * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA.
+ * gpg: Improved perceived speed of secret key listisngs.
+ * gpg: Print number of skipped PGP-2 keys on import.
+ * gpg: Removed the option aliases --throw-keyid and --notation-data;
+ use --throw-keyids and --set-notation instead.
+ * gpg: New import option "keep-ownertrust".
+ * gpg: Skip too large keys during import.
+ * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or
+ dirmngr.
+ * gpg-agent: New option --extra-socket to provide a restricted
+ command set for use with remote clients.
+ * gpgconf --kill does not anymore start a service only to kill it.
+ * gpg-pconnect-agent: Add convenience option --uiserver.
+ * More translations (but most of them are not complete).
+ * To support remotely mounted home directories, the IPC sockets may
+ now be redirected. This feature requires Libassuan 2.2.0.
+ * Improved portability and the usual bunch of bug fixes.
+- removed patch not part of upstream release:
+ gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
+- refresh for context changes:
+ gnupg-2.0.18-files-are-digests.patch
+ gnupg-2.0.4-install_tools.diff
+- refresh for upstream code changes:
+ gnupg-add_legacy_FIPS_mode_option.patch
+ gnupg-detect_FIPS_mode.patch (MD5 removed)
+
+-------------------------------------------------------------------
Old:
----
gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
gnupg-2.1.0.tar.bz2
gnupg-2.1.0.tar.bz2.sig
New:
----
gnupg-2.1.1.tar.bz2
gnupg-2.1.1.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gpg2.spec ++++++
--- /var/tmp/diff_new_pack.6urktz/_old 2015-01-21 21:50:39.000000000 +0100
+++ /var/tmp/diff_new_pack.6urktz/_new 2015-01-21 21:50:39.000000000 +0100
@@ -17,7 +17,7 @@
Name: gpg2
-Version: 2.1.0
+Version: 2.1.1
Release: 0
Summary: GnuPG 2
License: GPL-3.0+
@@ -35,7 +35,6 @@
Patch9: gnupg-detect_FIPS_mode.patch
Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch12: gnupg-remove_development_version_warning.patch
-Patch13: gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
Patch14: gnupg-large_keys.patch
BuildRequires: automake >= 1.10
BuildRequires: expect
@@ -48,7 +47,7 @@
# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions
GCRYCTL_INACTIVATE_FIPS_FLAG
# raising gcrypt requirement from 1.4.0
BuildRequires: libgcrypt-devel >= 1.6.1
-BuildRequires: libgpg-error-devel >= 1.15
+BuildRequires: libgpg-error-devel >= 1.16
BuildRequires: libksba-devel >= 1.2.0
BuildRequires: libusb-devel
BuildRequires: makeinfo
@@ -87,7 +86,6 @@
%patch9 -p1
%patch11 -p1
%patch12 -p1
-%patch13 -p1
%patch14 -p1
%build
++++++ gnupg-2.0.18-files-are-digests.patch ++++++
--- /var/tmp/diff_new_pack.6urktz/_old 2015-01-21 21:50:39.000000000 +0100
+++ /var/tmp/diff_new_pack.6urktz/_new 2015-01-21 21:50:39.000000000 +0100
@@ -4,10 +4,10 @@
g10/sign.c | 66
+++++++++++++++++++++++++++++++++++++++++++++++++++++-----
3 files changed, 66 insertions(+), 5 deletions(-)
-Index: gnupg-2.1.0/g10/gpg.c
+Index: gnupg-2.1.1/g10/gpg.c
===================================================================
---- gnupg-2.1.0.orig/g10/gpg.c 2014-11-07 11:35:21.599605797 +0100
-+++ gnupg-2.1.0/g10/gpg.c 2014-11-07 16:50:14.742067262 +0100
+--- gnupg-2.1.1.orig/g10/gpg.c
++++ gnupg-2.1.1/g10/gpg.c
@@ -349,6 +349,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
@@ -16,7 +16,7 @@
oXauthority,
oGroup,
oUnGroup,
-@@ -733,6 +734,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -730,6 +731,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences,
"personal-compress-preferences",
"@"),
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
@@ -24,7 +24,7 @@
/* Aliases. I constantly mistype these, and assume other people do
as well. */
-@@ -2126,6 +2128,7 @@ main (int argc, char **argv)
+@@ -2125,6 +2127,7 @@ main (int argc, char **argv)
opt.def_cert_expire = "0";
set_homedir (default_homedir ());
opt.passphrase_repeat = 1;
@@ -40,11 +40,11 @@
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.0/g10/options.h
+Index: gnupg-2.1.1/g10/options.h
===================================================================
---- gnupg-2.1.0.orig/g10/options.h 2014-11-07 11:35:21.599605797 +0100
-+++ gnupg-2.1.0/g10/options.h 2014-11-07 16:49:59.770885017 +0100
-@@ -193,6 +193,7 @@ struct
+--- gnupg-2.1.1.orig/g10/options.h
++++ gnupg-2.1.1/g10/options.h
+@@ -192,6 +192,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@@ -52,13 +52,13 @@
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
-Index: gnupg-2.1.0/g10/sign.c
+Index: gnupg-2.1.1/g10/sign.c
===================================================================
---- gnupg-2.1.0.orig/g10/sign.c 2014-11-07 11:35:21.599605797 +0100
-+++ gnupg-2.1.0/g10/sign.c 2014-11-07 17:13:40.128218081 +0100
-@@ -703,8 +703,12 @@ write_signature_packets (SK_LIST sk_list
- build_sig_subpkt_from_sig (sig);
- mk_notation_policy_etc (sig, pk, NULL);
+--- gnupg-2.1.1.orig/g10/sign.c
++++ gnupg-2.1.1/g10/sign.c
+@@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list
+ mk_notation_policy_etc (sig, NULL, pk);
+ }
+ if (!opt.files_are_digests) {
hash_sigversion_to_magic (md, sig);
@@ -69,7 +69,7 @@
rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md);
-@@ -762,6 +766,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -765,6 +769,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
@@ -78,7 +78,7 @@
pfx = new_progress_context ();
afx = new_armor_context ();
-@@ -778,7 +784,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -781,7 +787,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
@@ -96,7 +96,7 @@
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -799,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -802,7 +817,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
/* prepare iobufs */
@@ -105,7 +105,7 @@
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
-@@ -938,7 +953,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -940,7 +955,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@@ -114,7 +114,7 @@
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag)
-@@ -993,6 +1008,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -995,6 +1010,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
@@ -123,7 +123,7 @@
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
-@@ -1033,6 +1050,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
putc( '\n', stderr );
}
@@ -169,7 +169,7 @@
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
-@@ -1050,8 +1106,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1052,8 +1108,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,
++++++ gnupg-2.0.4-install_tools.diff ++++++
--- /var/tmp/diff_new_pack.6urktz/_old 2015-01-21 21:50:39.000000000 +0100
+++ /var/tmp/diff_new_pack.6urktz/_new 2015-01-21 21:50:39.000000000 +0100
@@ -1,7 +1,7 @@
Index: tools/Makefile.am
===================================================================
---- tools/Makefile.am.orig 2014-11-06 18:12:17.743916141 +0100
-+++ tools/Makefile.am 2014-11-06 18:13:17.073677366 +0100
+--- tools/Makefile.am.orig
++++ tools/Makefile.am
@@ -36,8 +36,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde
bin_SCRIPTS = gpgsm-gencert.sh
@@ -30,4 +30,4 @@
+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert
endif
- common_libs = $(libcommon) ../gl/libgnu.a
+ common_libs = $(libcommon)
++++++ gnupg-2.1.0.tar.bz2 -> gnupg-2.1.1.tar.bz2 ++++++
++++ 319415 lines of diff (skipped)
++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++
--- /var/tmp/diff_new_pack.6urktz/_old 2015-01-21 21:50:41.000000000 +0100
+++ /var/tmp/diff_new_pack.6urktz/_new 2015-01-21 21:50:41.000000000 +0100
@@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
-Index: gnupg-2.1.0/doc/gpg.texi
+Index: gnupg-2.1.1/doc/gpg.texi
===================================================================
---- gnupg-2.1.0.orig/doc/gpg.texi 2014-11-06 18:31:32.218688065 +0100
-+++ gnupg-2.1.0/doc/gpg.texi 2014-11-06 18:31:33.871709178 +0100
-@@ -1828,6 +1828,24 @@ implies, this option is for experts only
+--- gnupg-2.1.1.orig/doc/gpg.texi
++++ gnupg-2.1.1/doc/gpg.texi
+@@ -1842,6 +1842,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
@@ -32,19 +32,19 @@
@end table
-Index: gnupg-2.1.0/g10/gpg.c
+Index: gnupg-2.1.1/g10/gpg.c
===================================================================
---- gnupg-2.1.0.orig/g10/gpg.c 2014-11-06 18:31:32.220688090 +0100
-+++ gnupg-2.1.0/g10/gpg.c 2014-11-06 18:32:03.833091859 +0100
-@@ -380,6 +380,7 @@ enum cmd_and_opt_values
- oNoAllowMultipleMessages,
+--- gnupg-2.1.1.orig/g10/gpg.c
++++ gnupg-2.1.1/g10/gpg.c
+@@ -381,6 +381,7 @@ enum cmd_and_opt_values
oAllowWeakDigestAlgos,
oFakedSystemTime,
+ oNoAutostart,
+ oSetLegacyFips,
oNoop
};
-@@ -772,6 +773,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -769,6 +770,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -52,9 +52,9 @@
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
-@@ -3138,6 +3140,13 @@ main (int argc, char **argv)
- }
- break;
+@@ -3134,6 +3136,13 @@ main (int argc, char **argv)
+
+ case oNoAutostart: opt.autostart = 0; break;
+ case oSetLegacyFips:
+ if(gcry_fips_mode_active())
++++++ gnupg-detect_FIPS_mode.patch ++++++
--- /var/tmp/diff_new_pack.6urktz/_old 2015-01-21 21:50:42.000000000 +0100
+++ /var/tmp/diff_new_pack.6urktz/_new 2015-01-21 21:50:42.000000000 +0100
@@ -1,7 +1,7 @@
-Index: gnupg-2.1.0/g10/encrypt.c
+Index: gnupg-2.1.1/g10/encrypt.c
===================================================================
---- gnupg-2.1.0.orig/g10/encrypt.c 2014-11-06 18:27:35.176659675 +0100
-+++ gnupg-2.1.0/g10/encrypt.c 2014-11-06 18:29:10.987883901 +0100
+--- gnupg-2.1.1.orig/g10/encrypt.c
++++ gnupg-2.1.1/g10/encrypt.c
@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro
/* Because 3DES is implicitly in the prefs, this can
only happen if we do not have any public keys in
@@ -14,25 +14,21 @@
}
/* In case 3DES has been selected, print a warning if
-Index: gnupg-2.1.0/g10/mainproc.c
+Index: gnupg-2.1.1/g10/mainproc.c
===================================================================
---- gnupg-2.1.0.orig/g10/mainproc.c 2014-11-06 18:27:33.243634973 +0100
-+++ gnupg-2.1.0/g10/mainproc.c 2014-11-06 18:27:35.178659700 +0100
-@@ -690,9 +690,15 @@ proc_plaintext( CTX c, PACKET *pkt )
- often. There is no good way to specify what algorithms to
- use in that case, so these three are the historical
- answer. */
-- gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
+--- gnupg-2.1.1.orig/g10/mainproc.c
++++ gnupg-2.1.1/g10/mainproc.c
+@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt )
+ according to 2440, so hopefully it won't come up that often.
+ There is no good way to specify what algorithms to use in
+ that case, so these there are the historical answer. */
+- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+ /* Libgcrypt manual says that gcry_version_check must be called
+ before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
+ if( !gcry_fips_mode_active() )
+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
- gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
-- gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
-+ if( !gcry_fips_mode_active() )
-+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
- }
- if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify
- && opt.flags.allow_weak_digest_algos) {
+ gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
+ }
+ if (DBG_HASHING)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
