commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2020-09-06 00:00:15

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.3399 (New)


Package is "gpg2"

Sun Sep  6 00:00:15 2020 rev:150 rq:831939 version:2.2.23

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2020-07-15 
11:15:08.041009467 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new.3399/gpg2.changes  2020-09-06 
00:00:44.759204072 +0200
@@ -1,0 +2,39 @@
+Thu Sep  3 17:16:41 UTC 2020 - Andreas Stieger 
+
+- GnuPG 2.2.23: 
+  * gpg: fix AHEAD preference list overflow boo#1176034 /  CVE-2020-25125
+  * gpg: fix possible segv in the key cleaning code
+  * gpgsm: fix a minor RFC2253 parser gub
+  * scdaemon: Fix a PIN verify failure on certain OpenPGP card
+implementations
+
+---
+Tue Sep  1 21:09:57 UTC 2020 - Andreas Stieger 
+
+- GnuPG 2.2.22:
+  * gpg: Change the default key algorithm to rsa3072
+  * gpg: Add regular expression support for Trust Signatures on
+all platforms
+  * gpg: Ignore --personal-digest-prefs for ECDSA keys
+  * gpgsm: Make rsaPSS a de-vs compliant scheme
+  * gpgsm: Show also the SHA256 fingerprint in key listings
+  * gpgsm: Do not require a default keyring for --gpgconf-list
+  * gpg-agent: Default to extended key format and record the
+creation time of keys
+Add new option --disable-extended-key-format
+  * gpg-agent: Support the WAYLAND_DISPLAY envvar
+  * gpg-agent: Allow using --gpgconf-list even if HOME does not
+exist
+  * gpg-agent: Make the Pinentry work even if the envvar TERM is
+set to the empty string
+  * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which
+wrongly incremented the error counter when using the
+"verify" command of "gpg --edit-key" with only the signature
+key being present
+   * dirmngr: Better handle systems with disabled IPv6
+   * gpgpslit: Install tool.  It was not installed in the past to
+ avoid conflicts with the version installed by GnuPG 1.4
+   * gpgtar: Make --files-from and --null work as documented
+- drop gnupg-gpgme-t-encrypt-sym.patch, upstream
+
+---

Old:

  gnupg-2.2.21.tar.bz2
  gnupg-2.2.21.tar.bz2.sig
  gnupg-gpgme-t-encrypt-sym.patch

New:

  gnupg-2.2.23.tar.bz2
  gnupg-2.2.23.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.DrSr80/_old  2020-09-06 00:00:49.731206561 +0200
+++ /var/tmp/diff_new_pack.DrSr80/_new  2020-09-06 00:00:49.735206564 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.21
+Version:2.2.23
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later
@@ -40,13 +40,11 @@
 Patch14:gnupg-add-test-cases-for-import-without-uid.patch
 Patch15:
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
 Patch1124847:   gnupg-gpg-agent-ulimit.patch
-# PATCH-FIX-UPSTREAM bsc#1174007 gpgme: Fails to build with latest gpg-2.2.21
-Patch16:gnupg-gpgme-t-encrypt-sym.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
 BuildRequires:  libgcrypt-devel >= 1.7.0
-BuildRequires:  libgpg-error-devel >= 1.24
+BuildRequires:  libgpg-error-devel >= 1.25
 BuildRequires:  libksba-devel >= 1.3.4
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 1.2
@@ -107,7 +105,6 @@
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
-%patch16 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build

++ gnupg-2.2.21.tar.bz2 -> gnupg-2.2.23.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.21.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.3399/gnupg-2.2.23.tar.bz2 differ: char 11, 
line 1

++ gpg2.keyring ++
--- /var/tmp/diff_new_pack.DrSr80/_old  2020-09-06 00:00:49.875206634 +0200
+++ /var/tmp/diff_new_pack.DrSr80/_new  2020-09-06 00:00:49.879206636 +0200
@@ -1,5 +1,4 @@
 -BEGIN PGP PUBLIC KEY BLOCK-
-Version: GnuPG v2
 
 mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I
 Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg
@@ -7,93 +6,60 @@
 KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u
 qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB
 1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk
-aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW
-AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2020-07-15 11:13:43

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.3060 (New)


Package is "gpg2"

Wed Jul 15 11:13:43 2020 rev:149 rq:820863 version:2.2.21

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2020-05-02 
22:15:47.276341286 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new.3060/gpg2.changes  2020-07-15 
11:15:08.041009467 +0200
@@ -1,0 +2,34 @@
+Tue Jul 14 10:22:22 UTC 2020 - Pedro Monreal Gonzalez 

+
+- Fix regression in latest gpg2 that makes gpgme fail to build [bsc#1174007]
+- Add gnupg-gpgme-t-encrypt-sym.patch
+
+---
+Thu Jul  9 11:36:57 UTC 2020 - Andreas Stieger 
+
+- GnuPG 2.2.21:
+  * gpg: Improve symmetric decryption speed by about 25%
+  * gpg: Support decryption of AEAD encrypted data packets
+  * gpg: Add option --no-include-key-block
+  * gpg: Allow for extra padding in ECDH
+  * gpg: Only a single pinentry is shown for symmetric encryption if
+the pinentry supports this
+  * gpg: Print a note if no keys are given to --delete-key
+  * gpg,gpgsm: The ridiculous passphrase quality bar is not anymore
+shown
+  * gpgsm: Certificates without a CRL distribution point are now
+considered valid without looking up a CRL. The new option
+--enable-issuer-based-crl-check can be used to revert to the
+former behaviour
+  * gpgsm: Support rsaPSS signature verification
+  * gpgsm: Unless CRL checking is disabled lookup a missing issuer
+certificate using the certificate's authorityInfoAccess
+  * gpgsm: Print the certificate's serial number also in decimal
+notation
+  * gpgsm: Fix possible NULL-deref in messages of --gen-key
+  * scd: Support the CardOS 5 based D-Trust Card 3.1
+  * dirmngr: Allow http URLs with "LOOKUP --url"
+  * wkd: Take name of sendmail from configure. Fixes an OpenBSD
+specific bug
+
+---

Old:

  gnupg-2.2.20.tar.bz2
  gnupg-2.2.20.tar.bz2.sig

New:

  gnupg-2.2.21.tar.bz2
  gnupg-2.2.21.tar.bz2.sig
  gnupg-gpgme-t-encrypt-sym.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.ciRywv/_old  2020-07-15 11:15:21.637022925 +0200
+++ /var/tmp/diff_new_pack.ciRywv/_new  2020-07-15 11:15:21.641022928 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.20
+Version:2.2.21
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later
@@ -40,6 +40,8 @@
 Patch14:gnupg-add-test-cases-for-import-without-uid.patch
 Patch15:
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
 Patch1124847:   gnupg-gpg-agent-ulimit.patch
+# PATCH-FIX-UPSTREAM bsc#1174007 gpgme: Fails to build with latest gpg-2.2.21
+Patch16:gnupg-gpgme-t-encrypt-sym.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -105,6 +107,7 @@
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build

++ gnupg-2.2.20.tar.bz2 -> gnupg-2.2.21.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.20.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.3060/gnupg-2.2.21.tar.bz2 differ: char 11, 
line 1

++ gnupg-gpgme-t-encrypt-sym.patch ++
Index: gnupg-2.2.21/agent/command.c
===
--- gnupg-2.2.21.orig/agent/command.c
+++ gnupg-2.2.21/agent/command.c
@@ -1595,11 +1595,14 @@ cmd_get_passphrase (assuan_context_t ctx
   pi2->failed_tries = 0;
   continue;
 }
-  if (*pi->pin && !pi->repeat_okay)
+  if (*pi->pin && !pi->repeat_okay
+  && ctrl->pinentry_mode != PINENTRY_MODE_LOOPBACK)
 {
   /* The passphrase is empty and the pinentry did not
* already run the repetition check, do it here.  This
-   * is only called when using an old and  simple pinentry. */
+   * is only called when using an old and simple pinentry.
+   * It is neither called in loopback mode because the
+   * caller does any passphrase repetition by herself. */
   xfree (response);
   response = NULL;
   rc = agent_get_passphrase (ctrl, ,

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2020-05-02 22:15:35

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.2738 (New)


Package is "gpg2"

Sat May  2 22:15:35 2020 rev:148 rq:799268 version:2.2.20

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2020-03-16 
10:16:55.195552571 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.2738/gpg2.changes  2020-05-02 
22:15:47.276341286 +0200
@@ -1,0 +2,29 @@
+Thu Apr 30 13:59:33 UTC 2020 - Pedro Monreal Gonzalez 

+
+- Fix gpgme and gpgme-qt builds on gpg2 2.2.20 update [bsc#1170811]
+- Refresh patches:
+  * gnupg-2.2.8-files-are-digests.patch
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+---
+Fri Mar 20 20:17:44 UTC 2020 - Andreas Stieger 
+
+- GnuPG 2.2.20:
+  * Protect the error counter against overflow to guarantee that the
+tools can't be tricked into returning success after an error
+  * gpg: Make really sure that --verify-files always returns an error
+  * gpg: Fix key listing --with-secret if a pattern is given
+  * gpg: Fix detection of certain keys used as default-key
+  * gpg: Fix default-key selection when a card is available
+  * gpg: Fix key expiration and key usage for keys created with a
+creation date of zero
+  * gpgsm: Fix import of some CR,LF terminated certificates
+  * gpg: New options --include-key-block and --auto-key-import to
+allow encrypted replies after an initial signed message
+  * gpg: Allow the use of a fingerprint with --trusted-key
+  * gpg: New property "fpr" for use by --export-filter
+  * scdaemon: Disable the pinpad if a KDF DO is used
+  * dirmngr: Improve finding OCSP certificates
+- drop gpg2-gcc10-build-fno-common.patch, upstream
+
+---

Old:

  gnupg-2.2.19.tar.bz2
  gnupg-2.2.19.tar.bz2.sig
  gpg2-gcc10-build-fno-common.patch

New:

  gnupg-2.2.20.tar.bz2
  gnupg-2.2.20.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.RZAnbZ/_old  2020-05-02 22:15:48.712344294 +0200
+++ /var/tmp/diff_new_pack.RZAnbZ/_new  2020-05-02 22:15:48.712344294 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.19
+Version:2.2.20
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later
@@ -29,7 +29,6 @@
 Source3:%{name}.keyring
 Source4:scdaemon.udev
 Source99:   %{name}.changes
-Patch1124847:   gnupg-gpg-agent-ulimit.patch
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-2.2.8-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
@@ -40,8 +39,7 @@
 Patch13:
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
 Patch14:gnupg-add-test-cases-for-import-without-uid.patch
 Patch15:
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
-# PATCH-FIX-UPSTREAM bsc#1160394 Fix gcc10 build
-Patch16:gpg2-gcc10-build-fno-common.patch
+Patch1124847:   gnupg-gpg-agent-ulimit.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -107,7 +105,6 @@
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
-%patch16 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build
@@ -132,7 +129,7 @@
 --enable-gpg-is-gpg2 \
 --enable-Werror
 
-make %{?_smp_mflags}
+%make_build
 
 %install
 %make_install

++ gnupg-2.2.19.tar.bz2 -> gnupg-2.2.20.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.19.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.2738/gnupg-2.2.20.tar.bz2 differ: char 11, 
line 1

++ gnupg-2.2.8-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.RZAnbZ/_old  2020-05-02 22:15:48.776344428 +0200
+++ /var/tmp/diff_new_pack.RZAnbZ/_new  2020-05-02 22:15:48.776344428 +0200
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.2.18/g10/gpg.c
+Index: gnupg-2.2.20/g10/gpg.c
 ===
 gnupg-2.2.18.orig/g10/gpg.c
-+++ gnupg-2.2.18/g10/gpg.c
-@@ -378,6 +378,7 @@ enum cmd_and_opt_values
+--- gnupg-2.2.20.orig/g10/gpg.c
 gnupg-2.2.20/g10/gpg.c
+@@ -380,6 +380,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -830,6 +831,7 @@ static 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2020-03-16 10:16:15

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.3160 (New)


Package is "gpg2"

Mon Mar 16 10:16:15 2020 rev:147 rq:784634 version:2.2.19

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2020-02-22 
19:03:25.785987021 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.3160/gpg2.changes  2020-03-16 
10:16:55.195552571 +0100
@@ -1,0 +2,6 @@
+Fri Mar 13 10:39:09 UTC 2020 - Fabian Vogt 
+
+- Split dirmngr into a subpackage to avoid a hard dependency of
+  gpg2 on libgnutls
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.wKAAhb/_old  2020-03-16 10:16:56.343553039 +0100
+++ /var/tmp/diff_new_pack.wKAAhb/_new  2020-03-16 10:16:56.33044 +0100
@@ -65,8 +65,7 @@
 Requires:   libksba >= 1.3.4
 Requires:   pinentry
 Requires(post): %{install_info_prereq}
-Obsoletes:  dirmngr < 2.1.0
-Provides:   dirmngr = %{version}
+Recommends: dirmngr = %{version}
 Provides:   gnupg = %{version}
 Provides:   gpg = 1.4.9
 Provides:   newpg
@@ -81,6 +80,18 @@
 
 gpg2 provides GPGSM, gpg-agent, and a keybox library.
 
+%package -n dirmngr
+Summary:Keyserver, CRL, and OCSP access for GnuPG
+Group:  Productivity/Networking/Security
+
+%description -n dirmngr
+Since version  2.1 of GnuPG, dirmngr takes care of accessing the OpenPGP
+keyservers. As with previous versions it is also used as a server for managing
+and downloading certificate
+revocation lists (CRLs) for X.509 certificates, downloading X.509 certificates,
+and providing access to OCSP providers.  Dirmngr is invoked internally by gpg,
+gpgsm, or via the gpg-connect-agent tool.
+
 %lang_package
 
 %prep
@@ -167,10 +178,13 @@
 
 %files
 %{_infodir}/gnupg*
+%exclude %{_mandir}/*/dirmngr*%{ext_man}
 %{_mandir}/*/*%{ext_man}
 %license COPYING*
 %doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
+%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %doc %{_docdir}/%{name}
+%exclude %{_bindir}/dirmngr*
 %{_bindir}/*
 %{_libdir}/[^d]*
 %{_sbindir}/addgnupghome
@@ -181,4 +195,10 @@
 %dir %{_sysconfdir}/gnupg
 %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf
 
+%files -n dirmngr
+%license COPYING*
+%{_mandir}/*/dirmngr*%{ext_man}
+%{_docdir}/%{name}/examples/systemd-user/dirmngr.*
+%{_bindir}/dirmngr*
+
 %changelog

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2020-02-22 19:03:23

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.26092 (New)


Package is "gpg2"

Sat Feb 22 19:03:23 2020 rev:146 rq:776240 version:2.2.19

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2020-01-16 
18:17:53.876861356 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.26092/gpg2.changes 2020-02-22 
19:03:25.785987021 +0100
@@ -1,0 +2,8 @@
+Wed Feb 19 08:48:34 UTC 2020 - Pedro Monreal Gonzalez 

+
+- Fix build with GCC-10: [bsc#1160394]
+  * Always use EXTERN_UNLESS_MAIN_MODULE pattern
+  * In GCC-10, the default option -fcommon will change to -fno-common
+- Add gpg2-gcc10-build-fno-common.patch
+
+---

New:

  gpg2-gcc10-build-fno-common.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.rNBgam/_old  2020-02-22 19:03:27.205989849 +0100
+++ /var/tmp/diff_new_pack.rNBgam/_new  2020-02-22 19:03:27.213989865 +0100
@@ -40,6 +40,8 @@
 Patch13:
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
 Patch14:gnupg-add-test-cases-for-import-without-uid.patch
 Patch15:
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+# PATCH-FIX-UPSTREAM bsc#1160394 Fix gcc10 build
+Patch16:gpg2-gcc10-build-fno-common.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -94,6 +96,7 @@
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build


++ gpg2-gcc10-build-fno-common.patch ++
>From 6aff8a132815a84bab69401c1e7de96ec549fbf2 Mon Sep 17 00:00:00 2001
From: Werner Koch 
Date: Mon, 10 Feb 2020 16:37:34 +0100
Subject: [PATCH] build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch 
(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7)

- Applied respective chnages also to gpg-card and keyboxd.

Signed-off-by: Werner Koch 
---
 agent/agent.h | 1 +
 agent/gpg-agent.c | 1 +
 agent/preset-passphrase.c | 1 +
 agent/protect-tool.c  | 1 +
 agent/t-protect.c | 1 +
 common/iobuf.c| 1 +
 common/iobuf.h| 9 +
 common/util.h | 8 
 dirmngr/dirmngr.c | 1 +
 dirmngr/dirmngr.h | 1 +
 g10/gpgcompose.c  | 1 +
 g10/main.h| 2 +-
 g10/options.h | 8 
 g10/test.c| 1 +
 g13/g13-common.h  | 2 +-
 g13/g13-syshelp.c | 1 +
 g13/g13.c | 1 +
 kbx/keyboxd.c | 1 +
 kbx/keyboxd.h | 1 +
 scd/scdaemon.c| 1 +
 scd/scdaemon.h| 1 +
 sm/gpgsm.c| 2 ++
 sm/gpgsm.h| 1 +
 tools/gpg-card.c  | 2 ++
 tools/gpg-card.h  | 1 +
 tools/gpg-wks-client.c| 1 +
 tools/gpg-wks-server.c| 1 +
 tools/gpg-wks.h   | 1 +
 tools/gpgconf.c   | 1 +
 tools/gpgconf.h   | 1 +
 tools/gpgtar.c| 1 +
 tools/gpgtar.h| 2 ++
 32 files changed, 41 insertions(+), 18 deletions(-)

Index: gnupg-2.2.19/agent/agent.h
===
--- gnupg-2.2.19.orig/agent/agent.h
+++ gnupg-2.2.19/agent/agent.h
@@ -37,6 +37,14 @@
 #include "../common/session-env.h"
 #include "../common/shareddefs.h"
 
+#ifndef EXTERN_UNLESS_MAIN_MODULE
+# if !defined (INCLUDED_BY_MAIN_MODULE)
+#  define EXTERN_UNLESS_MAIN_MODULE extern
+# else
+#  define EXTERN_UNLESS_MAIN_MODULE
+# endif
+#endif
+
 /* To convey some special hash algorithms we use algorithm numbers
reserved for application use. */
 #ifndef GCRY_MODULE_ID_USER
@@ -55,6 +63,7 @@
 
 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2020-01-16 18:17:49

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.26092 (New)


Package is "gpg2"

Thu Jan 16 18:17:49 2020 rev:145 rq:763816 version:2.2.19

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-12-23 
22:34:01.153731170 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.26092/gpg2.changes 2020-01-16 
18:17:53.876861356 +0100
@@ -1,0 +2,9 @@
+Fri Jan 10 17:47:24 UTC 2020 - Pedro Monreal Gonzalez 

+
+- Accept key updates even without UIDs [bsc#1143158]
+- Add patches:
+  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+  * 
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
+  * gnupg-add-test-cases-for-import-without-uid.patch
+
+---

New:

  
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
  gnupg-add-test-cases-for-import-without-uid.patch
  gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.iv2dPI/_old  2020-01-16 18:17:55.220862116 +0100
+++ /var/tmp/diff_new_pack.iv2dPI/_new  2020-01-16 18:17:55.228862121 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,9 @@
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:gnupg-2.2.16-secmem.patch
+Patch13:
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
+Patch14:gnupg-add-test-cases-for-import-without-uid.patch
+Patch15:
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -88,6 +91,9 @@
 %patch9 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build


++ 
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch 
++
>From f361141a44365ff7db2d2cfbf118d5b54b52c3d5 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser 
Date: Thu, 13 Jun 2019 21:27:43 +0200
Subject: [PATCH] gpg: accept subkeys with a good revocation but no self-sig
 during import

* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
encounter a valid revocation signature. This allows import of subkey
revocation signatures, even in the absence of a corresponding subkey
binding signature.

--

This fixes the remaining test in import-incomplete.scm.

GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor 
---
 g10/import.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/g10/import.c b/g10/import.c
index 2be214e63..ae2453803 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -3536,6 +3536,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 
*keyid, int *non_self)
   /* It's valid, so is it newer? */
   if (sig->timestamp >= rsdate)
 {
+  knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid.  */
   if (rsnode)
 {
   /* Delete the last revocation sig since
++ gnupg-add-test-cases-for-import-without-uid.patch ++
>From 4c40bfa90bda748e5dada0bb1cc8fae14d744f07 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser 
Date: Thu, 13 Jun 2019 21:27:41 +0200
Subject: [PATCH] tests: add test cases for import without uid

This commit adds a test case that does the following, in order:
- Import of a primary key plus user id
- Check that import of a subkey works, without a user id present in the
imported key
- Check that import of a subkey revocation works, without a user id or
subkey binding signature present in the imported key
- Check that import of a primary key revocation works, without a user id
present in the imported key

--

Note that this test currently fails.  The following changesets will
fix gpg so that the tests pass.

GnuPG-Bug-id: 4393
Signed-Off-By: Daniel Kahn Gillmor 
---
 tests/openpgp/Makefile.am |  1 +
 tests/openpgp/import-incomplete.scm   | 68 +++
 .../import-incomplete/primary+revocation.asc  |  9 +++
 .../primary+subkey+sub-revocation.asc | 10 +++
 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-12-23 22:33:57

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.6675 (New)


Package is "gpg2"

Mon Dec 23 22:33:57 2019 rev:144 rq:755139 version:2.2.19

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-12-07 
15:20:30.887752670 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.6675/gpg2.changes  2019-12-23 
22:34:01.153731170 +0100
@@ -1,0 +2,10 @@
+Sat Dec  7 15:20:41 UTC 2019 - Andreas Stieger 
+
+- update to 2.2.19:
+  * gpg: Fix double free when decrypting for hidden recipients
+  * gpg: Use auto-key-locate for encryption even for mail addressed
+given with angle brackets
+  * gpgsm: Add special case for certain expired intermediate
+certificates
+
+---

Old:

  gnupg-2.2.18.tar.bz2
  gnupg-2.2.18.tar.bz2.sig

New:

  gnupg-2.2.19.tar.bz2
  gnupg-2.2.19.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.D61Iw3/_old  2019-12-23 22:34:04.525732633 +0100
+++ /var/tmp/diff_new_pack.D61Iw3/_new  2019-12-23 22:34:04.565732650 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.18
+Version:2.2.19
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.18.tar.bz2 -> gnupg-2.2.19.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.18.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.6675/gnupg-2.2.19.tar.bz2 differ: char 11, 
line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-12-07 15:17:14

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.4691 (New)


Package is "gpg2"

Sat Dec  7 15:17:14 2019 rev:143 rq:751577 version:2.2.18

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-10-22 
15:43:18.525570587 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new.4691/gpg2.changes  2019-12-07 
15:20:30.887752670 +0100
@@ -1,0 +2,50 @@
+Wed Nov 27 15:42:22 UTC 2019 - Pedro Monreal Gonzalez 

+
+- Update to 2.2.18 [bsc#1157900, CVE-2019-14855]
+  * gpg: Changed the way keys are detected on a smartcards; this
+allows the use of non-OpenPGP cards.  In the case of a not very
+likely regression the new option --use-only-openpgp-card is
+available.  [#4681]
+  * gpg: The commands --full-gen-key and --quick-gen-key now allow
+direct key generation from supported cards.  [#4681]
+  * gpg: Prepare against chosen-prefix SHA-1 collisions in key
+signatures.  This change removes all SHA-1 based key signature
+newer than 2019-01-19 from the web-of-trust.  Note that this
+includes all key signature created with dsa1024 keys.  The new
+option --allow-weak-key-signatues can be used to override the new
+and safer behaviour.  [#4755,CVE-2019-14855]
+  * gpg: Improve performance for import of large keyblocks.  [#4592]
+  * gpg: Implement a keybox compression run.  [#4644]
+  * gpg: Show warnings from dirmngr about redirect and certificate
+problems (details require --verbose as usual).
+  * gpg: Allow to pass the empty string for the passphrase if the
+'--passphase=' syntax is used.  [#4633]
+  * gpg: Fix printing of the KDF object attributes.
+  * gpg: Avoid surprises with --locate-external-key and certain
+--auto-key-locate settings.  [#4662]
+  * gpg: Improve selection of best matching key.  [#4713]
+  * gpg: Delete key binding signature when deletring a subkey.
+[#4665,#4457]
+  * gpg: Fix a potential loss of key sigantures during import with
+self-sigs-only active.  [#4628]
+  * gpg: Silence "marked as ultimately trusted" diagnostics if
+option --quiet is used.  [#4634]
+  * gpg: Silence some diagnostics during in key listsing even with
+option --verbose.  [#4627]
+  * gpg, gpgsm: Change parsing of agent's pkdecrypt results.  [#4652]
+  * gpgsm: Support AES-256 keys.
+  * gpgsm: Fix a bug in triggering a keybox compression run if
+--faked-system-time is used.
+  * dirmngr: System CA certificates are no longer used for the SKS
+pool if GNUTLS instead of NTBTLS is used as TLS library.  [#4594]
+  * dirmngr: On Windows detect usability of IPv4 and IPv6 interfaces
+to avoid long timeouts.  [#4165]
+  * scd: Fix BWI value for APDU level transfers to make Gemalto Ezio
+Shield and Trustica Cryptoucan work.  [#4654,#4566]
+  * wkd: gpg-wks-client --install-key now installs the required policy
+file.
+- Rebase patches:
+  * gnupg-2.2.8-files-are-digests.patch
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+---

Old:

  gnupg-2.2.17.tar.bz2
  gnupg-2.2.17.tar.bz2.sig

New:

  gnupg-2.2.18.tar.bz2
  gnupg-2.2.18.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.vrgQy1/_old  2019-12-07 15:20:31.663752563 +0100
+++ /var/tmp/diff_new_pack.vrgQy1/_new  2019-12-07 15:20:31.663752563 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.17
+Version:2.2.18
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.17.tar.bz2 -> gnupg-2.2.18.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.17.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.4691/gnupg-2.2.18.tar.bz2 differ: char 11, 
line 1

++ gnupg-2.2.8-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.vrgQy1/_old  2019-12-07 15:20:31.707752557 +0100
+++ /var/tmp/diff_new_pack.vrgQy1/_new  2019-12-07 15:20:31.707752557 +0100
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.2.8/g10/gpg.c
+Index: gnupg-2.2.18/g10/gpg.c
 ===
 gnupg-2.2.8.orig/g10/gpg.c 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-10-22 15:43:14

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.2352 (New)


Package is "gpg2"

Tue Oct 22 15:43:14 2019 rev:142 rq:741459 version:2.2.17

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-07-16 
08:37:51.851095168 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new.2352/gpg2.changes  2019-10-22 
15:43:18.525570587 +0200
@@ -1,0 +2,6 @@
+Thu Sep 19 12:05:13 UTC 2019 - Ludwig Nussel 
+
+- Do not recommend lang package. The lang package already has a
+  supplements.
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.bDd0Ih/_old  2019-10-22 15:43:19.453571645 +0200
+++ /var/tmp/diff_new_pack.bDd0Ih/_new  2019-10-22 15:43:19.457571650 +0200
@@ -60,7 +60,6 @@
 Requires:   libksba >= 1.3.4
 Requires:   pinentry
 Requires(post): %{install_info_prereq}
-Recommends: %{name}-lang = %{version}
 Obsoletes:  dirmngr < 2.1.0
 Provides:   dirmngr = %{version}
 Provides:   gnupg = %{version}

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-07-16 08:37:45

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.1887 (New)


Package is "gpg2"

Tue Jul 16 08:37:45 2019 rev:141 rq:714631 version:2.2.17

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-06-27 
15:53:27.559943900 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new.1887/gpg2.changes  2019-07-16 
08:37:51.851095168 +0200
@@ -1,0 +2,23 @@
+Thu Jul 11 09:51:49 UTC 2019 - Pedro Monreal Gonzalez 

+
+- Update to 2.2.17 [bsc#1141093]
+  * gpg: Do not try the import fallback if the options are already used.
+  * gpg: Fix regression in option "self-sigs-only".
+  * gpg: With --auto-key-retrieve prefer WKD over keyservers.
+  * gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+  * gpg: Avoid printing false AKL error message.
+  * gpg: New command --locate-external-key.
+  * gpg: Make the get_pubkey_byname interface easier to understand.
+  * gpg: Fallback to import with self-sigs-only on too large keyblocks.
+  * gpg: New import and keyserver option "self-sigs-only"
+  * gpg: Make read_block in import.c more flexible.
+  * dirmngr: fix handling of HTTPS redirections during HKP.
+  * dirmngr: Avoid endless loop in case of HTTP error 503.
+  * dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
+  * dirmngr: Support the new WKD draft with the openpgpkey subdomain.
+  * wkd: Change client/server limit back to 64 KiB.
+  * tools: gpgconf: Killing order is children-first.
+  * Return better error code for some getinfo IPC commands.
+  * po: Update Russian translation.
+
+---

Old:

  gnupg-2.2.16.tar.bz2
  gnupg-2.2.16.tar.bz2.sig

New:

  gnupg-2.2.17.tar.bz2
  gnupg-2.2.17.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.TvYqZw/_old  2019-07-16 08:37:52.719094894 +0200
+++ /var/tmp/diff_new_pack.TvYqZw/_new  2019-07-16 08:37:52.719094894 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.16
+Version:2.2.17
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.16.tar.bz2 -> gnupg-2.2.17.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.16.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.1887/gnupg-2.2.17.tar.bz2 differ: char 11, 
line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-06-27 15:53:26

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.4615 (New)


Package is "gpg2"

Thu Jun 27 15:53:26 2019 rev:140 rq:710989 version:2.2.16

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-06-02 
15:15:37.462097967 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new.4615/gpg2.changes  2019-06-27 
15:53:27.559943900 +0200
@@ -1,0 +2,6 @@
+Wed Jun 19 21:02:05 UTC 2019 - Jason Sikes 
+
+- Fix secure memory being disabled before fips checks in libgcrypt 
[boo#1137307]
+  * Added gnupg-2.2.16-secmem.patch
+
+---

New:

  gnupg-2.2.16-secmem.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.PHpq0k/_old  2019-06-27 15:53:28.211944910 +0200
+++ /var/tmp/diff_new_pack.PHpq0k/_new  2019-06-27 15:53:28.211944910 +0200
@@ -36,6 +36,7 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:gnupg-2.2.16-secmem.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -87,6 +88,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build

++ gnupg-2.2.16-secmem.patch ++
Index: gnupg-2.2.16/g10/gpg.c
===
--- gnupg-2.2.16.orig/g10/gpg.c
+++ gnupg-2.2.16/g10/gpg.c
@@ -973,7 +973,7 @@ make_libversion (const char *libname, co
 
   if (maybe_setuid)
 {
-  gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
+  gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
   maybe_setuid = 0;
 }
   s = getfnc (NULL);
@@ -1125,7 +1125,7 @@ build_list (const char *text, char lette
   char *string;
 
   if (maybe_setuid)
-gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
+gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
 
   indent = utf8_charcount (text, -1);
   len = 0;
Index: gnupg-2.2.16/sm/gpgsm.c
===
--- gnupg-2.2.16.orig/sm/gpgsm.c
+++ gnupg-2.2.16/sm/gpgsm.c
@@ -533,7 +533,7 @@ make_libversion (const char *libname, co
 
   if (maybe_setuid)
 {
-  gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
+  gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
   maybe_setuid = 0;
 }
   s = getfnc (NULL);

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-06-02 15:15:31

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.5148 (New)


Package is "gpg2"

Sun Jun  2 15:15:31 2019 rev:139 rq:706484 version:2.2.16

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-03-29 
20:33:04.714608365 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.5148/gpg2.changes  2019-06-02 
15:15:37.462097967 +0200
@@ -1,0 +2,36 @@
+Thu May 30 08:00:37 UTC 2019 - Pedro Monreal Gonzalez 

+
+- Update to 2.2.16
+  * gpg: Fixed i18n markup of some strings.
+  * gpg: Allow deletion of subkeys with --delete-[secret-]key.
+  * gpg: Do not bail on an invalid packet in the local keyring.
+  * gpg: Do not allow creation of user ids larger than our parser allows.
+  * gpg: Do not delete any keys if --dry-run is passed.
+  * gpg: Fix using --decrypt along with --use-embedded-filename.
+  * gpg: Improve the photo image viewer selection.
+  * gpg: enable OpenPGP export of cleartext keys with comments.
+  * gpg: Do not print a hint to use the deprecated --keyserver option.
+  * gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
+  * gpg: Use just the addrspec from the Signer's UID.
+  * gpg: Accept also armored data from the WKD.
+  * gpg: Set a limit of 5 to the number of keys imported from the WKD.
+  * gpg: Don't use EdDSA algo ID for ECDSA curves.
+  * agent: Stop scdaemon after reload when disable_scdaemon.
+  * agent: For SSH key, don't put NUL-byte at the end.
+  * agent: correct length for uri and comment on 64-bit big-endian platforms
+  * dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
+  * dirmngr: Improve domaininfo cache update algorithm.
+  * dirmngr: Better error code for http status 413.
+  * g10: Fix possible null dereference.
+  * g10: Fix double free when locating by mbox.
+  * g10: Fix symmetric cipher algo constant for ECDH.
+  * sm: Avoid confusing diagnostic for the default key.
+  * sm: Fix a warning in an es_fopencooie function.
+  * gpgconf: Before --launch check that the config file is fine.
+  * gpgconf: Support --homedir for --launch.
+  * build: Update m4/iconv.m4.
+  * doc: correct documentation for gpgconf --kill.
+  * scd: Add dummy option --application-priority.
+  * common: Fix AWK portability.
+
+---

Old:

  gnupg-2.2.15.tar.bz2
  gnupg-2.2.15.tar.bz2.sig

New:

  gnupg-2.2.16.tar.bz2
  gnupg-2.2.16.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.ZWg9tr/_old  2019-06-02 15:15:40.042096850 +0200
+++ /var/tmp/diff_new_pack.ZWg9tr/_new  2019-06-02 15:15:40.066096840 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.15
+Version:2.2.16
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.15.tar.bz2 -> gnupg-2.2.16.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.15.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.5148/gnupg-2.2.16.tar.bz2 differ: char 11, 
line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-03-29 20:33:03

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.25356 (New)


Package is "gpg2"

Fri Mar 29 20:33:03 2019 rev:138 rq:689296 version:2.2.15

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-03-24 
14:56:22.887205992 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.25356/gpg2.changes 2019-03-29 
20:33:04.714608365 +0100
@@ -1,0 +2,12 @@
+Thu Mar 28 08:48:36 UTC 2019 - Karol Babioch 
+
+- Update to 2.2.15
+  * sm: Allow decryption even if expired keys are configured.
+  * agent: Change command KEYINFO to print ssh fingerprints with other
+hash algos.
+  * dirmngr: Fix build problems on Solaris due to the use of reserved
+symbol names.
+  * wkd: New commands --print-wkd-hash and --print-wkd-url for
+gpg-wks-client.
+
+---

Old:

  gnupg-2.2.14.tar.bz2
  gnupg-2.2.14.tar.bz2.sig

New:

  gnupg-2.2.15.tar.bz2
  gnupg-2.2.15.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.AZ1K9M/_old  2019-03-29 20:33:05.08926 +0100
+++ /var/tmp/diff_new_pack.AZ1K9M/_new  2019-03-29 20:33:05.670608928 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.14
+Version:2.2.15
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.14.tar.bz2 -> gnupg-2.2.15.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.14.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.25356/gnupg-2.2.15.tar.bz2 differ: char 
11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-03-24 14:56:19

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.25356 (New)


Package is "gpg2"

Sun Mar 24 14:56:19 2019 rev:137 rq:686408 version:2.2.14

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-03-01 
20:25:48.862063309 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.25356/gpg2.changes 2019-03-24 
14:56:22.887205992 +0100
@@ -1,0 +2,31 @@
+Tue Mar 19 12:11:23 UTC 2019 - Karol Babioch 
+
+- Update to 2.2.14:
+  * gpg: Allow import of PGP desktop exported secret keys. Also avoid
+importing secret keys if the secret keyblock is not valid.
+  * gpg: Do not error out on version 5 keys in the local keyring.
+  * gpg: Make invalid primary key algo obvious in key listings.
+  * sm: Do not mark a certificate in a key listing as de-vs compliant
+if its use for a signature will not be possible.
+  * sm: Fix certificate creation with key on card.
+  * sm: Create rsa3072 bit certificates by default.
+  * sm: Print Yubikey attestation extensions with --dump-cert.
+  * agent: Fix cancellation handling for scdaemon.
+  * agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
+  * scd: Fix flushing of the CA-FPR DOs in app-openpgp.
+  * scd: Avoid a conflict error with the "undefined" app.
+  * dirmngr: Add CSRF protection exception for protonmail.
+  * dirmngr: Fix build problems with gcc 9 in libdns.
+  * gpgconf: New option --show-socket for use wity --launch.
+  * gpgtar: Make option -C work for archive creation.
+- Removed patches that are included upstream by now:
+  - 0001-libdns-Avoid-using-compound-literals.patch
+  - 0002-libdns-Avoid-using-compound-literals-2.patch
+  - 0003-libdns-Avoid-using-compound-literals-3.patch
+  - 0004-libdns-Avoid-using-compound-literals-4.patch
+  - 0005-libdns-Avoid-using-compound-literals-5.patch
+  - 0006-libdns-Avoid-using-compound-literals-6.patch
+  - 0007-libdns-Avoid-using-compound-literals-7.patch
+  - 0008-libdns-Avoid-using-compound-literals-8.patch
+
+---

Old:

  0001-libdns-Avoid-using-compound-literals.patch
  0002-libdns-Avoid-using-compound-literals-2.patch
  0003-libdns-Avoid-using-compound-literals-3.patch
  0004-libdns-Avoid-using-compound-literals-4.patch
  0005-libdns-Avoid-using-compound-literals-5.patch
  0006-libdns-Avoid-using-compound-literals-6.patch
  0007-libdns-Avoid-using-compound-literals-7.patch
  0008-libdns-Avoid-using-compound-literals-8.patch
  gnupg-2.2.13.tar.bz2
  gnupg-2.2.13.tar.bz2.sig

New:

  gnupg-2.2.14.tar.bz2
  gnupg-2.2.14.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.hFIaFR/_old  2019-03-24 14:56:25.771205687 +0100
+++ /var/tmp/diff_new_pack.hFIaFR/_new  2019-03-24 14:56:25.807205683 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.13
+Version:2.2.14
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later
@@ -36,14 +36,6 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:0001-libdns-Avoid-using-compound-literals.patch
-Patch13:0002-libdns-Avoid-using-compound-literals-2.patch
-Patch14:0003-libdns-Avoid-using-compound-literals-3.patch
-Patch15:0004-libdns-Avoid-using-compound-literals-4.patch
-Patch16:0005-libdns-Avoid-using-compound-literals-5.patch
-Patch17:0006-libdns-Avoid-using-compound-literals-6.patch
-Patch18:0007-libdns-Avoid-using-compound-literals-7.patch
-Patch19:0008-libdns-Avoid-using-compound-literals-8.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -95,14 +87,6 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch18 -p1
-%patch19 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build

++ gnupg-2.2.13.tar.bz2 -> gnupg-2.2.14.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.13.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.25356/gnupg-2.2.14.tar.bz2 differ: char 
11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-03-01 20:25:43

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.28833 (New)


Package is "gpg2"

Fri Mar  1 20:25:43 2019 rev:136 rq:679738 version:2.2.13

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2019-02-24 
17:05:02.708633383 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.28833/gpg2.changes 2019-03-01 
20:25:48.862063309 +0100
@@ -1,0 +2,24 @@
+Tue Feb 26 11:35:29 UTC 2019 - Pedro Monreal Gonzalez 

+
+- Fix build with gcc9 [bsc#1121223]
+  * Avoid using compound literals
+- Upstream bug: https://dev.gnupg.org/T4367
+  * Added upstream patches:
+- 0001-libdns-Avoid-using-compound-literals.patch
+- 0002-libdns-Avoid-using-compound-literals-2.patch
+- 0003-libdns-Avoid-using-compound-literals-3.patch
+- 0004-libdns-Avoid-using-compound-literals-4.patch
+- 0005-libdns-Avoid-using-compound-literals-5.patch
+- 0006-libdns-Avoid-using-compound-literals-6.patch
+- 0007-libdns-Avoid-using-compound-literals-7.patch
+- 0008-libdns-Avoid-using-compound-literals-8.patch
+
+---
+Fri Feb 22 19:30:29 UTC 2019 - o...@aepfle.de
+
+- Allow coredumps in X11 desktop sessions (bsc#1124847)
+  gpg-agent unconditionally disables coredumps, which is not
+  supposed to happen in the code path that does just exec(argv[])
+  gnupg-gpg-agent-ulimit.patch
+
+---

New:

  0001-libdns-Avoid-using-compound-literals.patch
  0002-libdns-Avoid-using-compound-literals-2.patch
  0003-libdns-Avoid-using-compound-literals-3.patch
  0004-libdns-Avoid-using-compound-literals-4.patch
  0005-libdns-Avoid-using-compound-literals-5.patch
  0006-libdns-Avoid-using-compound-literals-6.patch
  0007-libdns-Avoid-using-compound-literals-7.patch
  0008-libdns-Avoid-using-compound-literals-8.patch
  gnupg-gpg-agent-ulimit.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.3oOeCg/_old  2019-03-01 20:25:49.506063158 +0100
+++ /var/tmp/diff_new_pack.3oOeCg/_new  2019-03-01 20:25:49.506063158 +0100
@@ -29,12 +29,21 @@
 Source3:%{name}.keyring
 Source4:scdaemon.udev
 Source99:   %{name}.changes
+Patch1124847:   gnupg-gpg-agent-ulimit.patch
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-2.2.8-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:0001-libdns-Avoid-using-compound-literals.patch
+Patch13:0002-libdns-Avoid-using-compound-literals-2.patch
+Patch14:0003-libdns-Avoid-using-compound-literals-3.patch
+Patch15:0004-libdns-Avoid-using-compound-literals-4.patch
+Patch16:0005-libdns-Avoid-using-compound-literals-5.patch
+Patch17:0006-libdns-Avoid-using-compound-literals-6.patch
+Patch18:0007-libdns-Avoid-using-compound-literals-7.patch
+Patch19:0008-libdns-Avoid-using-compound-literals-8.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -79,12 +88,21 @@
 
 %prep
 %setup -q -n gnupg-%{version}
+%patch1124847 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
 touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build
@@ -126,23 +144,23 @@
 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
 # fix rpmlint invalid-lc-messages-dir:
 rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
-# install scdaemon to %{_bindir} (bnc#863645)
+# install scdaemon to %%{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
 # install udev rules for scdaemon
 install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 # install legacy tools
 install -m 755 tools/gpg-zip %{buildroot}/%{_bindir}
-# install -m 755 tools/gpgsplit %{buildroot}/%{_bindir}
+# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir}
 
 %find_lang gnupg2
 %fdupes -s %{buildroot}
 
 %check
 # Run only localy, fails in OBS
-#%if ! 0%{?qemu_user_space_build}
-#make %{?_smp_mflags} check
-#%endif
+#%%if ! 0%%{?qemu_user_space_build}
+#make %%{?_smp_mflags} check
+#%%endif
 
 %post
 %udev_rules_update

++ 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2019-02-24 17:04:59

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.28833 (New)


Package is "gpg2"

Sun Feb 24 17:04:59 2019 rev:135 rq:674400 version:2.2.13

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-12-19 
13:48:26.847365635 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.28833/gpg2.changes 2019-02-24 
17:05:02.708633383 +0100
@@ -1,0 +2,18 @@
+Wed Feb 13 06:12:32 UTC 2019 - Karol Babioch 
+
+- Update to 2.2.13:
+  * gpg: Implement key lookup via keygrip (using the & prefix).
+  * gpg: Allow generating Ed25519 key from existing key.
+  * gpg: Emit an ERROR status line if no key was found with -k.
+  * gpg: Stop early when trying to create a primary Elgamal key.
+  * gpgsm: Print the card's key algorithms along with their keygrips
+in interactive key generation.
+  * agent: Clear bogus pinentry cache in the error case.
+  * scd: Support "acknowledge button" feature.
+  * scd: Fix for USB INTERRUPT transfer.
+  * wks: Do no use compression for the the encrypted challenge and response.
+
+Release-info: https://dev.gnupg.org/T4290
+See-also: gnupg-announce/2019q1/000434.html
+
+---

Old:

  gnupg-2.2.12.tar.bz2
  gnupg-2.2.12.tar.bz2.sig

New:

  gnupg-2.2.13.tar.bz2
  gnupg-2.2.13.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.fprVnI/_old  2019-02-24 17:05:03.852632839 +0100
+++ /var/tmp/diff_new_pack.fprVnI/_new  2019-02-24 17:05:03.856632837 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,12 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:   gpg2
-Version:2.2.12
+Version:2.2.13
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.12.tar.bz2 -> gnupg-2.2.13.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.12.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.28833/gnupg-2.2.13.tar.bz2 differ: char 
11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-12-19 13:48:14

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new.28833 (New)


Package is "gpg2"

Wed Dec 19 13:48:14 2018 rev:134 rq:658514 version:2.2.12

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-11-14 
14:29:43.339539481 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new.28833/gpg2.changes 2018-12-19 
13:48:26.847365635 +0100
@@ -1,0 +2,25 @@
+Fri Dec 14 16:11:56 UTC 2018 - atoptsog...@suse.com
+
+-Update to 2.2.12:
+  * tools: New commands --install-key and --remove-key for
+gpg-wks-client.  This allows to prepare a Web Key Directory on a
+local file system for later upload to a web server.
+  * gpg: New --list-option "show-only-fpr-mbox".  This makes the use
+of the new gpg-wks-client --install-key command easier on Windows.
+  * gpg: Improve processing speed when --skip-verify is used.
+  * gpg: Fix a bug where a LF was accidentally written to the console.
+  * gpg: --card-status now shwos whether a card has the new KDF
+feature enabled.
+  * agent: New runtime option --s2k-calibration=MSEC.  New configure
+option --with-agent-s2k-calibration=MSEC.  [#3399]
+  * dirmngr: Try another keyserver from the pool on receiving a 502,
+503, or 504 error.  [#4175]
+  * dirmngr: Avoid possible CSRF attacks via http redirects.  A HTTP
+query will not anymore follow a 3xx redirect unless the Location
+header gives the same host.  If the host is different only the
+host and port is taken from the Location header and the original
+path and query parts are kept.
+  * dirmngr: New command FLUSHCRL to flush all CRLS from disk and
+memory.  [#3967]
+  
+---

Old:

  gnupg-2.2.11.tar.bz2
  gnupg-2.2.11.tar.bz2.sig

New:

  gnupg-2.2.12.tar.bz2
  gnupg-2.2.12.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.ArDJft/_old  2018-12-19 13:48:28.211363737 +0100
+++ /var/tmp/diff_new_pack.ArDJft/_new  2018-12-19 13:48:28.211363737 +0100
@@ -12,12 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
 
 Name:   gpg2
-Version:2.2.11
+Version:2.2.12
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.11.tar.bz2 -> gnupg-2.2.12.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.11.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new.28833/gnupg-2.2.12.tar.bz2 differ: char 
11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-11-14 14:29:28

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Wed Nov 14 14:29:28 2018 rev:133 rq:648382 version:2.2.11

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-10-12 
13:08:05.399522453 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-11-14 
14:29:43.339539481 +0100
@@ -1,0 +2,25 @@
+Thu Nov  8 15:35:27 UTC 2018 - Cristian Rodríguez 
+
+- Code no longer uses libcurl, remove from buildrequires. 
+
+---
+Tue Nov  6 12:05:35 UTC 2018 - Karol Babioch 
+
+- Update to 2.2.11:
+  * gpgsm: Fix CRL loading when intermediate certicates are not yet trusted.
+  * gpgsm: Fix an error message about the digest algo.
+  * gpg: Fix a wrong warning due to new sign usage check introduced with 2.2.9.
+  * gpg: Print the "data source" even for an unsuccessful keyserver query.
+  * gpg: Do not store the TOFU trust model in the trustdb.
+  * scd: Fix cases of "Bad PIN" after using "forcesig".
+  * agent: Fix possible hang in the ssh handler.
+  * dirmngr: Tack the unmodified mail address to a WKD request.
+  * dirmngr: Tweak diagnostic about missing LDAP server file.
+  * dirmngr: In verbose mode print the OCSP responder id.
+  * dirmngr: Fix parsing of the LDAP port.
+  * wks: Add option --directory/-C to the server.
+  * wks: Add option --with-colons to the client. 
+  * Fix EBADF when gpg et al. are called by broken CGI scripts.
+  * Fix some minor memory leaks and bugs.
+
+---

Old:

  gnupg-2.2.10.tar.bz2
  gnupg-2.2.10.tar.bz2.sig

New:

  gnupg-2.2.11.tar.bz2
  gnupg-2.2.11.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.GfzloE/_old  2018-11-14 14:29:44.623538242 +0100
+++ /var/tmp/diff_new_pack.GfzloE/_new  2018-11-14 14:29:44.627538239 +0100
@@ -12,12 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:   gpg2
-Version:2.2.10
+Version:2.2.11
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later
@@ -48,7 +48,6 @@
 BuildRequires:  readline-devel
 BuildRequires:  pkgconfig(bzip2)
 BuildRequires:  pkgconfig(gnutls) >= 3.0
-BuildRequires:  pkgconfig(libcurl) >= 7.10
 BuildRequires:  pkgconfig(libusb-1.0)
 BuildRequires:  pkgconfig(sqlite3) >= 3.7
 BuildRequires:  pkgconfig(zlib)

++ gnupg-2.2.10.tar.bz2 -> gnupg-2.2.11.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.10.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.11.tar.bz2 differ: char 11, line 
1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-10-12 13:08:02

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Fri Oct 12 13:08:02 2018 rev:132 rq:640771 version:2.2.10

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-09-04 
22:48:32.139430782 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-10-12 
13:08:05.399522453 +0200
@@ -1,0 +2,5 @@
+Thu Oct  4 04:09:12 UTC 2018 - Bernhard Wiedemann 
+
+- Make package build reproducible (boo#1047218)
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.XhBcau/_old  2018-10-12 13:08:06.303521162 +0200
+++ /var/tmp/diff_new_pack.XhBcau/_new  2018-10-12 13:08:06.307521156 +0200
@@ -86,6 +86,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not 
have man pages and info files have the build date (boo#1047218)
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-09-04 22:48:23

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Tue Sep  4 22:48:23 2018 rev:131 rq:632346 version:2.2.10

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-07-26 
10:16:36.763742457 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-09-04 
22:48:32.139430782 +0200
@@ -1,0 +2,9 @@
+Thu Aug 30 14:14:08 UTC 2018 - kbabi...@suse.com
+
+- Update to 2.2.10:
+  * Refresh expired keys originating from the WKD
+  * Use a 256 KiB limit for a WKD imported key
+  * New option --known-notation
+  * dirmngr: Validate SRV records in WKD queries
+
+---

Old:

  gnupg-2.2.9.tar.bz2
  gnupg-2.2.9.tar.bz2.sig

New:

  gnupg-2.2.10.tar.bz2
  gnupg-2.2.10.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.FpXXEZ/_old  2018-09-04 22:48:32.887433355 +0200
+++ /var/tmp/diff_new_pack.FpXXEZ/_new  2018-09-04 22:48:32.891433369 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.9
+Version:2.2.10
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.9.tar.bz2 -> gnupg-2.2.10.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.9.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.10.tar.bz2 differ: char 11, line 
1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-07-26 10:16:32

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Thu Jul 26 10:16:32 2018 rev:130 rq:625188 version:2.2.9

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-07-17 
09:38:48.850065211 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-07-26 
10:16:36.763742457 +0200
@@ -1,0 +2,7 @@
+Wed Jul 25 05:50:42 UTC 2018 - tchva...@suse.com
+
+- Add basic udev rules for smartcards to be used with
+  scdaemon, taken from debian:
+  * scdaemon.udev
+
+---

New:

  scdaemon.udev



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.sfN3MO/_old  2018-07-26 10:16:39.407747256 +0200
+++ /var/tmp/diff_new_pack.sfN3MO/_new  2018-07-26 10:16:39.411747263 +0200
@@ -27,6 +27,7 @@
 Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 # https://www.gnupg.org/signature_key.html
 Source3:%{name}.keyring
+Source4:scdaemon.udev
 Source99:   %{name}.changes
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-2.2.8-files-are-digests.patch
@@ -128,6 +129,8 @@
 # install scdaemon to %{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
+# install udev rules for scdaemon
+install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 # install legacy tools
 install -m 755 tools/gpg-zip %{buildroot}/%{_bindir}
 # install -m 755 tools/gpgsplit %{buildroot}/%{_bindir}
@@ -142,6 +145,7 @@
 #%endif
 
 %post
+%udev_rules_update
 %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz
 
 %preun
@@ -160,6 +164,7 @@
 %{_sbindir}/addgnupghome
 %{_sbindir}/applygnupgdefaults
 %{_sbindir}/g13-syshelp
+%{_udevrulesdir}/60-scdaemon.rules
 %{_datadir}/gnupg
 %dir %{_sysconfdir}/gnupg
 %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf



++ scdaemon.udev ++
# do not edit this file, it will be overwritten on update

SUBSYSTEM!="usb", GOTO="gnupg_rules_end"
ACTION!="add", GOTO="gnupg_rules_end"

# USB SmartCard Readers
## Cherry GmbH (XX33, ST2000)
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and 
SPR532)
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Omnikey AG (CardMan 3821, CardMan 6121)
SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Gemalto
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", 
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
## Reiner (SCT cyberJack)
SUBSYSTEM=="usb", ATTR{idVendor}=="0c4b", 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-07-17 09:38:39

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Tue Jul 17 09:38:39 2018 rev:129 rq:622429 version:2.2.9

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-06-22 
13:11:37.927383805 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-07-17 
09:38:48.850065211 +0200
@@ -1,0 +2,27 @@
+Fri Jul 13 07:13:12 UTC 2018 - astie...@suse.com
+
+- GnuPG 2.2.9:
+  * dirmngr: Fix recursive resolver mode and other bugs in the
+libdns code
+  * dirmngr: When using libgpg-error 1.32 or later a GnuPG build
+with NTBTLS support does not anymore block for dozens of
+seconds before returning data.
+  * gpg: Fix bug in --show-keys which actually imported revocation
+certificates
+  * gpg: Ignore too long user-ID and comment packets
+  * gpg: Fix crash due to bad German translation.  Improved printf
+format compile time check.
+  * gpg: Handle missing ISSUER sub packet gracefully in the presence of
+the new ISSUER_FPR
+  * gpg: Allow decryption using several passphrases in most cases.
+  * gpg: Command --show-keys now enables the list options
+show-unusable-uids, show-unusable-subkeys, show-notations and
+show-policy-urls by default.
+  * gpg: Command --show-keys now prints revocation certificates.
+  * gpg: Add revocation reason to the "rev" and "rvs" records of the
+option --with-colons.  [#1173]
+  * gpg: Export option export-clean does now remove certain expired
+subkeys; export-minimal removes all expired subkeys.
+  * gpg: New "usage" property for the drop-subkey filters.
+
+---

Old:

  gnupg-2.2.8.tar.bz2
  gnupg-2.2.8.tar.bz2.sig

New:

  gnupg-2.2.9.tar.bz2
  gnupg-2.2.9.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.xPSZGu/_old  2018-07-17 09:38:49.526062856 +0200
+++ /var/tmp/diff_new_pack.xPSZGu/_new  2018-07-17 09:38:49.530062843 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.8
+Version:2.2.9
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0-or-later

++ gnupg-2.2.8.tar.bz2 -> gnupg-2.2.9.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.8.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.9.tar.bz2 differ: char 11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-06-22 13:11:25

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Fri Jun 22 13:11:25 2018 rev:128 rq:615264 version:2.2.8

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-05-08 
13:32:16.480520492 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-06-22 
13:11:37.927383805 +0200
@@ -1,0 +2,22 @@
+Fri Jun  8 14:37:06 UTC 2018 - kbabi...@suse.com
+
+- Update to version 2.2.8:
+  * gpg: Decryption of messages not using the MDC mode will now lead to a
+hard failure even if a legacy cipher algorithm was used. The option
+--ignore-mdc-error can be used to turn this failure into a warning. Take
+care: Never use that option unconditionally or without a prior warning.
+  * gpg: The MDC encryption mode is now always used regardless of the
+cipher algorithm or any preferences.  For testing --rfc2440 can be
+used to create a message without an MDC.
+  * gpg: Sanitize the diagnostic output of the original file name in
+verbose mode (bsc#1096745, CVE-2018-12020)
+  * gpg: Detect suspicious multiple plaintext packets in a more reliable way.
+  * gpg: Fix the duplicate key signature detection code.
+  * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
+--disable-mdc and --no-disable-mdc have no more effect.
+  * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
+list of startup environment variables.
+- Refresh gnupg-2.0.18-files-are-digests.patch
+  to gnupg-2.2.8-files-are-digests.patch
+
+---

Old:

  gnupg-2.0.18-files-are-digests.patch
  gnupg-2.2.7.tar.bz2
  gnupg-2.2.7.tar.bz2.sig

New:

  gnupg-2.2.8-files-are-digests.patch
  gnupg-2.2.8.tar.bz2
  gnupg-2.2.8.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.eHwCAt/_old  2018-06-22 13:11:38.875348649 +0200
+++ /var/tmp/diff_new_pack.eHwCAt/_new  2018-06-22 13:11:38.879348501 +0200
@@ -17,19 +17,19 @@
 
 
 Name:   gpg2
-Version:2.2.7
+Version:2.2.8
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
-License:GPL-3.0+
+License:GPL-3.0-or-later
 Group:  Productivity/Networking/Security
-Url:http://www.gnupg.org/aegypten2/
+URL:https://www.gnupg.org
 Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
 Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 # https://www.gnupg.org/signature_key.html
 Source3:%{name}.keyring
 Source99:   %{name}.changes
 Patch4: gnupg-2.0.9-langinfo.patch
-Patch5: gnupg-2.0.18-files-are-digests.patch
+Patch5: gnupg-2.2.8-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch

++ gnupg-2.0.18-files-are-digests.patch -> 
gnupg-2.2.8-files-are-digests.patch ++
--- /work/SRC/openSUSE:Factory/gpg2/gnupg-2.0.18-files-are-digests.patch
2017-09-04 12:26:34.241779443 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.8-files-are-digests.patch
2018-06-22 13:11:30.627654521 +0200
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.23/g10/gpg.c
+Index: gnupg-2.2.8/g10/gpg.c
 ===
 gnupg-2.1.23.orig/g10/gpg.c2017-08-09 15:46:17.0 +0200
-+++ gnupg-2.1.23/g10/gpg.c 2017-08-10 16:21:26.692847431 +0200
-@@ -380,6 +380,7 @@ enum cmd_and_opt_values
+--- gnupg-2.2.8.orig/g10/gpg.c 2018-06-06 11:59:06.0 +0200
 gnupg-2.2.8/g10/gpg.c  2018-06-08 16:34:33.287514003 +0200
+@@ -376,6 +376,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -829,6 +830,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -824,6 +825,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,7 +24,7 @@
  
/* Aliases.  I constantly mistype these, and assume other people do
   as well. */
-@@ -2388,6 +2390,7 @@ main (int argc, char **argv)
+@@ -2392,6 +2394,7 @@ main (int argc, char **argv)
  opt.def_cert_expire = "0";
  gnupg_set_homedir 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-05-08 13:32:14

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Tue May  8 13:32:14 2018 rev:127 rq:604049 version:2.2.7

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-04-17 
11:15:27.620198410 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-05-08 
13:32:16.480520492 +0200
@@ -1,0 +2,22 @@
+Fri May  4 14:15:27 UTC 2018 - astie...@suse.com
+
+- GnuPG 2.2.7:
+  * gpg: New option --no-symkey-cache to disable the passphrase
+cache for symmetrical en- and decryption.
+  * gpg: The ERRSIG status now prints the fingerprint if that is
+part of the signature
+  * gpg: Relax emitting of FAILURE status lines
+  * gpg: Add a status flag to "sig" lines printed with --list-sigs
+  * gpg: Fix "Too many open files" when using --multifile
+  * ssh: Return an error for unknown ssh-agent flags
+  * dirmngr: Fix a CNAME problem with pools and TLS.  Also use a
+fixed mapping of keys.gnupg.net to sks-keyservers.net
+  * dirmngr: Try resurrecting dead hosts earlier (from 3h to 1.5h)
+  * dirmngr: Fallback to CRL if no default OCSP responder is
+configured
+  * dirmngr: Implement CRL fetching via https.  Here a redirection
+to http is explictly allowed
+  * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
+debugging
+
+---

Old:

  gnupg-2.2.6.tar.bz2
  gnupg-2.2.6.tar.bz2.sig

New:

  gnupg-2.2.7.tar.bz2
  gnupg-2.2.7.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.2OMLQl/_old  2018-05-08 13:32:17.496483834 +0200
+++ /var/tmp/diff_new_pack.2OMLQl/_new  2018-05-08 13:32:17.500483690 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.6
+Version:2.2.7
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+

++ gnupg-2.2.6.tar.bz2 -> gnupg-2.2.7.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.6.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.7.tar.bz2 differ: char 11, line 1

++ gnupg-add_legacy_FIPS_mode_option.patch ++
--- /var/tmp/diff_new_pack.2OMLQl/_old  2018-05-08 13:32:17.556481669 +0200
+++ /var/tmp/diff_new_pack.2OMLQl/_new  2018-05-08 13:32:17.556481669 +0200
@@ -3,11 +3,11 @@
  g10/gpg.c|9 +
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.2.6/doc/gpg.texi
+Index: gnupg-2.2.7/doc/gpg.texi
 ===
 gnupg-2.2.6.orig/doc/gpg.texi  2018-04-10 09:05:55.807324463 +0200
-+++ gnupg-2.2.6/doc/gpg.texi   2018-04-10 09:05:58.627349563 +0200
-@@ -2094,6 +2094,24 @@ implies, this option is for experts only
+--- gnupg-2.2.7.orig/doc/gpg.texi  2018-05-04 16:14:30.949580264 +0200
 gnupg-2.2.7/doc/gpg.texi   2018-05-04 16:14:34.025609243 +0200
+@@ -2097,6 +2097,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,19 +32,19 @@
  @end table
  
  
-Index: gnupg-2.2.6/g10/gpg.c
+Index: gnupg-2.2.7/g10/gpg.c
 ===
 gnupg-2.2.6.orig/g10/gpg.c 2018-04-10 09:05:55.807324463 +0200
-+++ gnupg-2.2.6/g10/gpg.c  2018-04-10 09:06:21.583553887 +0200
-@@ -424,6 +424,7 @@ enum cmd_and_opt_values
- oSender,
+--- gnupg-2.2.7.orig/g10/gpg.c 2018-05-04 16:14:30.949580264 +0200
 gnupg-2.2.7/g10/gpg.c  2018-05-04 16:15:00.441858109 +0200
+@@ -425,6 +425,7 @@ enum cmd_and_opt_values
  oKeyOrigin,
  oRequestOrigin,
+ oNoSymkeyCache,
 +oSetLegacyFips,
  
  oNoop
};
-@@ -871,6 +872,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -872,6 +873,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages,  "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -52,7 +52,7 @@
  
ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
  
-@@ -3565,6 +3567,13 @@ main (int argc, char **argv)
+@@ -3568,6 +3570,13 @@ main (int argc, char **argv)
  opt.def_new_key_algo = pargs.r.ret_str;
  break;
  

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-04-17 11:15:25

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Tue Apr 17 11:15:25 2018 rev:126 rq:597193 version:2.2.6

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-04-07 
20:47:32.599050510 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-04-17 
11:15:27.620198410 +0200
@@ -1,0 +2,29 @@
+Tue Apr 10 06:32:22 UTC 2018 - kbabi...@suse.com
+
+- GnuPG 2.2.6:
+  * gpg,gpgsm: New option --request-origin to pretend requests coming
+from a browser or a remote site.
+  * gpg: Fix race condition on trustdb.gpg updates due to too early
+released lock.
+  * gpg: Emit FAILURE status lines in almost all cases.
+  * gpg: Implement --dry-run for --passwd to make checking a key's
+passphrase straightforward.
+  * gpg: Make sure to only accept a certification capable key for key
+signatures.
+  * gpg: Better user interaction in --card-edit for the factory-reset
+sub-command.
+  * gpg: Improve changing key attributes in --card-edit by adding an
+explicit "key-attr" sub-command.
+  * gpg: Print the keygrips in the --card-status.
+  * scd: Support KDF DO setup.
+  * scd: Fix suspend/resume handling in the CCID driver.
+  * agent: Evict cached passphrases also via a timer.
+  * agent: Use separate passphrase caches depending on the request
+origin.
+  * ssh: Support signature flags.
+  * dirmngr: Handle failures related to missing IPv6 support
+gracefully.
+  * Allow the use of UNC directory names as homedir.  [#3818]
+- Dropped gnupg-CVE-2018-9234.patch since it is included upstream 
+
+---

Old:

  gnupg-2.2.5.tar.bz2
  gnupg-2.2.5.tar.bz2.sig
  gnupg-CVE-2018-9234.patch

New:

  gnupg-2.2.6.tar.bz2
  gnupg-2.2.6.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.BTnZ8f/_old  2018-04-17 11:15:28.412161275 +0200
+++ /var/tmp/diff_new_pack.BTnZ8f/_new  2018-04-17 11:15:28.412161275 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.5
+Version:2.2.6
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+
@@ -34,7 +34,6 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:gnupg-CVE-2018-9234.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -86,7 +85,6 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})

++ gnupg-2.2.5.tar.bz2 -> gnupg-2.2.6.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.5.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.6.tar.bz2 differ: char 11, line 1

++ gnupg-add_legacy_FIPS_mode_option.patch ++
--- /var/tmp/diff_new_pack.BTnZ8f/_old  2018-04-17 11:15:28.460159024 +0200
+++ /var/tmp/diff_new_pack.BTnZ8f/_new  2018-04-17 11:15:28.464158837 +0200
@@ -3,11 +3,11 @@
  g10/gpg.c|9 +
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.1.22/doc/gpg.texi
+Index: gnupg-2.2.6/doc/gpg.texi
 ===
 gnupg-2.1.22.orig/doc/gpg.texi
-+++ gnupg-2.1.22/doc/gpg.texi
-@@ -2079,6 +2079,24 @@ implies, this option is for experts only
+--- gnupg-2.2.6.orig/doc/gpg.texi  2018-04-10 09:05:55.807324463 +0200
 gnupg-2.2.6/doc/gpg.texi   2018-04-10 09:05:58.627349563 +0200
+@@ -2094,6 +2094,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,19 +32,19 @@
  @end table
  
  
-Index: gnupg-2.1.22/g10/gpg.c
+Index: gnupg-2.2.6/g10/gpg.c
 ===
 gnupg-2.1.22.orig/g10/gpg.c
-+++ gnupg-2.1.22/g10/gpg.c
-@@ -422,6 +422,7 @@ enum cmd_and_opt_values
- oDisableSignerUID,
+--- gnupg-2.2.6.orig/g10/gpg.c 2018-04-10 09:05:55.807324463 +0200
 gnupg-2.2.6/g10/gpg.c  2018-04-10 09:06:21.583553887 +0200
+@@ -424,6 +424,7 @@ enum cmd_and_opt_values
  oSender,
  oKeyOrigin,
+ oRequestOrigin,
 +oSetLegacyFips,
  
  oNoop
};
-@@ -867,6 +868,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -871,6 +872,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages,  "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2018-04-07 20:47:23

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Sat Apr  7 20:47:23 2018 rev:125 rq:593728 version:2.2.5

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2018-02-28 
19:54:38.277536341 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2018-04-07 
20:47:32.599050510 +0200
@@ -1,0 +2,7 @@
+Thu Apr  5 08:38:58 UTC 2018 - kbabi...@suse.com
+
+- Added gnupg-CVE-2018-9234.patch: Enforce that key certification
+  can only be done with the master key, and not a signing subkey.
+  (bnc#1088255 CVE-2018-9234) 
+
+---

New:

  gnupg-CVE-2018-9234.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.jHYOmD/_old  2018-04-07 20:47:33.715010121 +0200
+++ /var/tmp/diff_new_pack.jHYOmD/_new  2018-04-07 20:47:33.719009976 +0200
@@ -34,6 +34,7 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:gnupg-CVE-2018-9234.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -85,6 +86,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})


++ gnupg-CVE-2018-9234.patch ++
From: Karol Babioch 
Date: Thu Apr  5 10:32:21 CEST 2018
Upstream: merged
References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657
References: https://dev.gnupg.org/T3844
Subject: Fix for bnc#1088255 (CVE-2018-9234)
---
 g10/getkey.c |2 ++
 1 file changed, 2 insertions(+)

Index: gnupg-2.2.5/g10/getkey.c
===
--- gnupg-2.2.5.orig/g10/getkey.c
+++ gnupg-2.2.5/g10/getkey.c
@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu
   ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
: KEYDB_SEARCH_MODE_FPR20;
   memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+  if (pk)
+ctx.req_usage = pk->req_usage;
   rc = lookup (ctrl, , 0, , _key);
   if (!rc && pk)
pk_from_block (pk, kb, found_key);

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-12-23 12:11:05

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Sat Dec 23 12:11:05 2017 rev:123 rq:559114 version:2.2.4

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-11-25 
08:40:06.955817012 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-12-23 
12:11:10.003922930 +0100
@@ -1,0 +2,24 @@
+Thu Dec 21 09:44:03 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.2.4:
+  * gpg: Change default preferences to prefer SHA512.
+  * gpg: Print a warning when more than 150 MiB are encrypted using
+a cipher with 64 bit block size.
+  * gpg: Print a warning if the MDC feature has not been used for a
+message.
+  * gpg: Fix regular expression of domain addresses in trust
+signatures
+  * agent: New option --auto-expand-secmem to help with high
+numbers of concurrent connections. Requires libgcrypt 1.8.2
+for having an effect.
+  * dirmngr: Cache responses of WKD queries.
+  * gpgconf: Add option --status-fd.
+  * wks: Add commands --check and --remove-key to gpg-wks-server
+  * Increase the backlog parameter of the daemons to 64 and add
+option --listen-backlog.
+- Not enabled features:
+  * New configure option --enable-run-gnupg-user-socket to first
+try a socket directory which is not removed by systemd at
+session end.
+
+---

Old:

  gnupg-2.2.3.tar.bz2
  gnupg-2.2.3.tar.bz2.sig

New:

  gnupg-2.2.4.tar.bz2
  gnupg-2.2.4.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.BbIJQ6/_old  2017-12-23 12:11:13.079772954 +0100
+++ /var/tmp/diff_new_pack.BbIJQ6/_new  2017-12-23 12:11:13.083772759 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.3
+Version:2.2.4
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+

++ gnupg-2.2.3.tar.bz2 -> gnupg-2.2.4.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.3.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.4.tar.bz2 differ: char 11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-11-25 08:40:01

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Sat Nov 25 08:40:01 2017 rev:122 rq:544086 version:2.2.3

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-11-14 
12:36:52.663592699 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-11-25 
08:40:06.955817012 +0100
@@ -1,0 +2,10 @@
+Tue Nov 21 08:25:48 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.2.3:
+  * dirmngr: Fix crash in case of a CRL loading error
+  * gpgtar: Fix wrong behaviour of --set-filename
+  * gpg: Silence AKL retrieval messages
+  * agent: Use clock or clock_gettime for calibration
+  * agent: Improve robustness of the shutdown pending state
+
+---

Old:

  gnupg-2.2.2.tar.bz2
  gnupg-2.2.2.tar.bz2.sig

New:

  gnupg-2.2.3.tar.bz2
  gnupg-2.2.3.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.2aNUec/_old  2017-11-25 08:40:11.715643592 +0100
+++ /var/tmp/diff_new_pack.2aNUec/_new  2017-11-25 08:40:11.715643592 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.2
+Version:2.2.3
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+

++ gnupg-2.2.2.tar.bz2 -> gnupg-2.2.3.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.2.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.3.tar.bz2 differ: char 11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-11-14 12:36:43

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Tue Nov 14 12:36:43 2017 rev:121 rq:539677 version:2.2.2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-09-22 
21:32:09.959417409 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-11-14 
12:36:52.663592699 +0100
@@ -1,0 +2,27 @@
+Tue Nov  7 20:08:04 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.2.2:
+  * gpg: Avoid duplicate key imports by concurrently running gpg
+processes
+  * gpg: Fix creating on-disk subkey with on-card primary key
+  * gpg: Fix validity retrieval for multiple keyrings
+  * gpg: Fix --dry-run and import option show-only for secret keys
+  * gpg: Print "sec" or "sbb" for secret keys with import option
+import-show
+  * gpg: Make import less verbose
+  * gpg: Add alias "Key-Grip" for parameter "Keygrip" and new
+parameter "Subkey-Grip" to unattended key generation
+  * gpg: Improve "factory-reset" command for OpenPGP cards
+  * gpg: Ease switching Gnuk tokens into ECC mode by using the magic
+keysize value 25519
+  * gpgsm: Fix --with-colon listing in crt records for fields > 12.
+  * gpgsm: Do not expect X.509 keyids to be unique
+  * agent: Fix stucked Pinentry when using --max-passphrase-days
+  * agent: New option --s2k-count
+  * dirmngr: Do not follow https-to-http redirects
+  * dirmngr: Reduce default LDAP timeout from 100 to 15 seconds
+  * gpgconf: Ignore non-installed components for commands
+--apply-profile and --apply-defaults
+  * Add configure option --enable-werror
+
+---

Old:

  gnupg-2.2.1.tar.bz2
  gnupg-2.2.1.tar.bz2.sig

New:

  gnupg-2.2.2.tar.bz2
  gnupg-2.2.2.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.mgE8hI/_old  2017-11-14 12:36:54.803514499 +0100
+++ /var/tmp/diff_new_pack.mgE8hI/_new  2017-11-14 12:36:54.803514499 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.1
+Version:2.2.2
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+
@@ -106,6 +106,7 @@
 --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
 --enable-build-timestamp=$date \
 --enable-gpg-is-gpg2 \
+--enable-Werror
 
 make %{?_smp_mflags}
 

++ gnupg-2.2.1.tar.bz2 -> gnupg-2.2.2.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.1.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.2.tar.bz2 differ: char 11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-09-22 21:32:08

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Fri Sep 22 21:32:08 2017 rev:120 rq:527382 version:2.2.1

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-09-04 
12:26:34.789702409 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-09-22 
21:32:09.959417409 +0200
@@ -1,0 +2,15 @@
+Tue Sep 19 19:12:53 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.2.1:
+  * gpg: Fix formatting of the user id in batch mode key generation
+if only "name-email" is given.
+  * gpgv: Fix annoying "not suitable for" warnings.
+  * wks: Convey only the newest user id to the provider. This is
+the case if different names are used with the same addr-spec.
+  * wks: Create a complying user id for provider policy mailbox-only.
+  * wks: Add workaround for posteo.de.
+  * scd: Fix the use of large ECC keys with an OpenPGP card.
+  * dirmngr: Use system provided root certificates if no specific
+HKP certificates are configured. If bu
+
+---

Old:

  gnupg-2.2.0.tar.bz2
  gnupg-2.2.0.tar.bz2.sig

New:

  gnupg-2.2.1.tar.bz2
  gnupg-2.2.1.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.GEXTDl/_old  2017-09-22 21:32:10.999271032 +0200
+++ /var/tmp/diff_new_pack.GEXTDl/_new  2017-09-22 21:32:11.003270470 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.2.0
+Version:2.2.1
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+

++ gnupg-2.2.0.tar.bz2 -> gnupg-2.2.1.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.2.0.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.2.1.tar.bz2 differ: char 11, line 1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-09-04 12:26:32

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Mon Sep  4 12:26:32 2017 rev:119 rq:519193 version:2.2.0

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-08-04 
11:56:54.336583235 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-09-04 
12:26:34.789702409 +0200
@@ -1,0 +2,34 @@
+Mon Aug 28 17:21:30 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.2.0:
+  * New long term stable branch, replacing the 2.0.x series
+  * gpg: Reverted change in 2.1.23 so that --no-auto-key-retrieve
+is again the default boo#1054088
+  * Fixed a few minor bugs
+
+---
+Sat Aug 12 16:56:26 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.1.23:
+  * gpg: Options --auto-key-retrieve and --auto-key-locate "local,wkd"
+are now used by default.  Note: this enables keyserver and Web Key
+Directory operators to notice when a signature from a locally
+non-available key is being verified for the first time or when
+you intend to encrypt to a mail address without having the key
+locally.  This new behaviour will eventually make key discovery
+much easier and mostly automatic.  Disable this by adding
+  no-auto-key-retrieve
+  auto-key-locate local
+to your gpg.conf.
+  * agent: Option --no-grab is now the default.  The new option --grab
+allows to revert this.
+  * gpg: New import option "show-only".
+  * gpg: New option --disable-dirmngr to entirely disable network
+access for gpg.
+  * gpg,gpgsm: Tweaked DE-VS compliance behaviour.
+  * New configure flag --enable-all-tests to run more extensive tests
+during "make check".
+  * gpgsm: The keygrip is now always printed in colon mode as
+documented in the man page.
+
+---

Old:

  gnupg-2.1.22.tar.bz2
  gnupg-2.1.22.tar.bz2.sig

New:

  gnupg-2.2.0.tar.bz2
  gnupg-2.2.0.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.EkfFsC/_old  2017-09-04 12:26:36.277493237 +0200
+++ /var/tmp/diff_new_pack.EkfFsC/_new  2017-09-04 12:26:36.281492673 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.22
+Version:2.2.0
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+
@@ -103,8 +103,9 @@
 --enable-large-secmem \
 --enable-wks-tools \
 --with-gnu-ld \
---with-default-trust-store=%{_sysconfdir}/ssl/ca-bundle.pem \
+--with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
 --enable-build-timestamp=$date \
+--enable-gpg-is-gpg2 \
 
 make %{?_smp_mflags}
 

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.EkfFsC/_old  2017-09-04 12:26:36.325486488 +0200
+++ /var/tmp/diff_new_pack.EkfFsC/_new  2017-09-04 12:26:36.329485926 +0200
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.22/g10/gpg.c
+Index: gnupg-2.1.23/g10/gpg.c
 ===
 gnupg-2.1.22.orig/g10/gpg.c
-+++ gnupg-2.1.22/g10/gpg.c
-@@ -379,6 +379,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.23.orig/g10/gpg.c2017-08-09 15:46:17.0 +0200
 gnupg-2.1.23/g10/gpg.c 2017-08-10 16:21:26.692847431 +0200
+@@ -380,6 +380,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -828,6 +829,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -829,6 +830,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,15 +24,15 @@
  
/* Aliases.  I constantly mistype these, and assume other people do
   as well. */
-@@ -2383,6 +2385,7 @@ main (int argc, char **argv)
+@@ -2388,6 +2390,7 @@ main (int argc, char **argv)
  opt.def_cert_expire = "0";
  gnupg_set_homedir (NULL);
  opt.passphrase_repeat = 1;
 +opt.files_are_digests=0;
  opt.emit_version = 0;
  opt.weak_digests = NULL;
- additional_weak_digest("MD5");
-@@ -2944,6 +2947,7 @@ main (int argc, char **argv)
+ 
+@@ -2952,6 +2955,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-08-04 11:56:51

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Fri Aug  4 11:56:51 2017 rev:118 rq:512957 version:2.1.22

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-06-01 
16:28:27.187344568 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-08-04 
11:56:54.336583235 +0200
@@ -1,0 +2,26 @@
+Fri Jul 28 19:29:52 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.1.22:
+  * gpg: Extend command --quick-set-expire to allow for setting the
+expiration time of subkeys.
+  * gpg: By default try to repair keys during import. New sub-option
+no-repair-keys for --import-options.
+  * gpg,gpgsm: Improved checking and reporting of DE-VS compliance.
+  * gpg: New options --key-origin and --with-key-origin. Store the
+time of the last key update from keyservers, WKD, or DANE.
+  * agent: New option --ssh-fingerprint-digest.
+  * dimngr: Lower timeouts on keyserver connection attempts and made
+it configurable.
+  * dirmngr: Tor will now automatically be detected and used. The
+option --no-use-tor disables Tor detection.
+  * dirmngr: Now detects a changed /etc/resolv.conf.
+  * agent,dirmngr: Initiate shutdown on removal of the GnuPG home
+directory.
+  * gpg: Avoid caching passphrase for failed symmetric encryption.
+  * agent: Support for unprotected ssh keys.
+  * dirmngr: Fixed name resolving on systems using only v6
+nameservers.
+  * dirmngr: Allow the use of TLS over http proxies.
+  * wks: New man pages for client and server.
+
+---

Old:

  gnupg-2.1.21.tar.bz2
  gnupg-2.1.21.tar.bz2.sig

New:

  gnupg-2.1.22.tar.bz2
  gnupg-2.1.22.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.7rOJWi/_old  2017-08-04 11:56:56.576267114 +0200
+++ /var/tmp/diff_new_pack.7rOJWi/_new  2017-08-04 11:56:56.584265985 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.21
+Version:2.1.22
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+
@@ -67,7 +67,6 @@
 # special feature needed for OBS signd
 Provides:   gpg2_signd_support
 Obsoletes:  gpg < 1.4.9
-BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
 GnuPG is a hybrid-encryption software program; it uses a combination
@@ -104,13 +103,13 @@
 --enable-large-secmem \
 --enable-wks-tools \
 --with-gnu-ld \
---with-default-trust-store=/etc/ssl/ca-bundle.pem \
+--with-default-trust-store=%{_sysconfdir}/ssl/ca-bundle.pem \
 --enable-build-timestamp=$date \
 
 make %{?_smp_mflags}
 
 %install
-make %{?_smp_mflags} DESTDIR=%{buildroot} install
+%make_install
 mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
 # bnc#391347
 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
@@ -125,7 +124,7 @@
 # fix rpmlint invalid-lc-messages-dir:
 rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
 # additional files to documentation directory
-install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ 
%{buildroot}/%{_docdir}/%{name}
+install -m 644 AUTHORS COPYING* ChangeLog NEWS THANKS TODO doc/FAQ 
%{buildroot}/%{_docdir}/%{name}
 # install scdaemon to %{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
@@ -149,10 +148,8 @@
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz
 
 %files lang -f gnupg2.lang
-%defattr(-,root,root)
 
 %files
-%defattr(-,root,root)
 %{_infodir}/gnupg*
 %{_mandir}/*/*%{ext_man}
 %doc %{_docdir}/%{name}

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.7rOJWi/_old  2017-08-04 11:56:56.644257518 +0200
+++ /var/tmp/diff_new_pack.7rOJWi/_new  2017-08-04 11:56:56.648256953 +0200
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.21/g10/gpg.c
+Index: gnupg-2.1.22/g10/gpg.c
 ===
 gnupg-2.1.21.orig/g10/gpg.c2017-04-03 17:13:56.0 +0200
-+++ gnupg-2.1.21/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200
-@@ -374,6 +374,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.22.orig/g10/gpg.c
 gnupg-2.1.22/g10/gpg.c
+@@ -379,6 +379,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-06-01 16:28:24

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Thu Jun  1 16:28:24 2017 rev:117 rq:497286 version:2.1.21

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-05-20 
14:29:31.494874378 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-06-01 
16:28:27.187344568 +0200
@@ -1,0 +2,7 @@
+Fri May 19 11:59:24 UTC 2017 - marco.str...@suse.com
+
+- GnuPG 2.1.21:
+  * modified gnupg-2.0.18-files-are-digests.patch to work with 
+obs-sign again bsc#1039899
+
+---



Other differences:
--
++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.7m638q/_old  2017-06-01 16:28:27.995230654 +0200
+++ /var/tmp/diff_new_pack.7m638q/_new  2017-06-01 16:28:27.995230654 +0200
@@ -4,10 +4,10 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.20/g10/gpg.c
+Index: gnupg-2.1.21/g10/gpg.c
 ===
 gnupg-2.1.20.orig/g10/gpg.c2017-04-03 17:13:56.0 +0200
-+++ gnupg-2.1.20/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200
+--- gnupg-2.1.21.orig/g10/gpg.c2017-04-03 17:13:56.0 +0200
 gnupg-2.1.21/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200
 @@ -374,6 +374,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
@@ -40,10 +40,10 @@
  
  case oForceMDC: opt.force_mdc = 1; break;
  case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.20/g10/options.h
+Index: gnupg-2.1.21/g10/options.h
 ===
 gnupg-2.1.20.orig/g10/options.h2017-04-03 17:13:56.0 +0200
-+++ gnupg-2.1.20/g10/options.h 2017-04-04 15:59:20.827799905 +0200
+--- gnupg-2.1.21.orig/g10/options.h2017-04-03 17:13:56.0 +0200
 gnupg-2.1.21/g10/options.h 2017-04-04 15:59:20.827799905 +0200
 @@ -214,6 +214,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
@@ -52,10 +52,10 @@
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
-Index: gnupg-2.1.20/g10/sign.c
+Index: gnupg-2.1.21/g10/sign.c
 ===
 gnupg-2.1.20.orig/g10/sign.c   2017-04-03 17:13:56.0 +0200
-+++ gnupg-2.1.20/g10/sign.c2017-04-04 15:59:27.515864763 +0200
+--- gnupg-2.1.21.orig/g10/sign.c   2017-04-03 17:13:56.0 +0200
 gnupg-2.1.21/g10/sign.c2017-04-04 15:59:27.515864763 +0200
 @@ -42,6 +42,8 @@
  #include "call-agent.h"
  #include "../common/mbox-util.h"
@@ -65,6 +65,15 @@
  #ifdef HAVE_DOSISH_SYSTEM
  #define LF "\r\n"
  #else
+@@ -695,6 +697,8 @@ write_signature_packets(ctrl_t ctrl,
+   if (duration || opt.sig_policy_url
+   || opt.sig_notations || opt.sig_keyserver_url)
+ sig->version = 4;
++  else if (opt.files_are_digests)
++sig->version = 3;
+   else
+ sig->version = pk->version;
+
 @@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl,
mk_notation_policy_etc (sig, NULL, pk);
  }

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-05-20 14:29:25

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Sat May 20 14:29:25 2017 rev:116 rq:495114 version:2.1.21

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-04-11 
09:29:51.134848533 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-05-20 
14:29:31.494874378 +0200
@@ -1,0 +2,16 @@
+Mon May 15 20:49:25 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.1.21:
+  * gpg,gpgsm: Fix corruption of old style keyring.gpg files,
+regression in 2.1.20
+  * gpg,dirmngr: Removed the skeleton config file support
+New installations no longer generate a configuration file.
+In the absence of a file, SHA-2 family hashes are used.
+Existing configurations are not touched.   
+drop gnupg-2.1.19-stronger-defaults.patch FATE#323084 
+  * gpg: Fixed import filter property match bug.
+  * scd: Removed Linux support for Cardman 4040 PCMCIA reader.
+  * scd: Fixed some corner case bugs in resume/suspend handling.
+  * Many minor bug fixes and code cleanup.  
+
+---

Old:

  gnupg-2.1.19-stronger-defaults.patch
  gnupg-2.1.20.tar.bz2
  gnupg-2.1.20.tar.bz2.sig

New:

  gnupg-2.1.21.tar.bz2
  gnupg-2.1.21.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.llziwR/_old  2017-05-20 14:29:32.698704057 +0200
+++ /var/tmp/diff_new_pack.llziwR/_new  2017-05-20 14:29:32.702703491 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.20
+Version:2.1.21
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+
@@ -34,7 +34,6 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:gnupg-2.1.19-stronger-defaults.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.4.3
@@ -87,7 +86,6 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})

++ gnupg-2.1.20.tar.bz2 -> gnupg-2.1.21.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.1.20.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.1.21.tar.bz2 differ: char 11, line 
1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-04-11 09:29:46

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Tue Apr 11 09:29:46 2017 rev:115 rq:485787 version:2.1.20

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-03-18 
20:48:59.675104158 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-04-11 
09:29:51.134848533 +0200
@@ -1,0 +2,30 @@
+Tue Apr  4 14:00:36 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.1.20:
+  * gpg: New properties 'expired', 'revoked', and 'disabled' for the
+import and export filters.
+  * gpg: New command --quick-set-primary-uid.
+  * gpg: New compliance field for the --with-colon key listing.
+  * gpg: Changed the key parser to generalize the processing of local
+meta data packets.
+  * gpg: Fixed assertion failure in the TOFU trust model.
+  * gpg: Fixed exporting of zero length user ID packets.
+  * scd: Improved support for multiple readers.
+  * scd: Fixed timeout handling for key generation.
+  * agent: New option --enable-extended-key-format.
+  * dirmngr: Do not add a keyserver to a new dirmngr.conf.  Dirmngr
+uses a default keyserver.
+  * dimngr: Do not treat TLS warning alerts as severe error when
+building with GNUTLS.
+  * dirmngr: Actually take /etc/hosts in account.
+  * wks: Fixed client problems on Windows.  Published keys are now set
+to world-readable.
+  * tests: Fixed creation of temporary directories.
+  * A socket directory for a non standard GNUGHOME is now created on
+the fly under /run/user.  Thus "gpgconf --create-socketdir" is now
+optional.  The use of "gpgconf --remove-socketdir" to clean up
+obsolete socket directories is however recommended to avoid
+cluttering /run/user with useless directories.
+  * Fixed build problems on some platforms.
+
+---

Old:

  gnupg-2.1.19.tar.bz2
  gnupg-2.1.19.tar.bz2.sig

New:

  gnupg-2.1.20.tar.bz2
  gnupg-2.1.20.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.C59Dr9/_old  2017-04-11 09:29:52.270688118 +0200
+++ /var/tmp/diff_new_pack.C59Dr9/_new  2017-04-11 09:29:52.270688118 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.19
+Version:2.1.20
 Release:0
 Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.C59Dr9/_old  2017-04-11 09:29:52.286685859 +0200
+++ /var/tmp/diff_new_pack.C59Dr9/_new  2017-04-11 09:29:52.286685859 +0200
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.15/g10/gpg.c
+Index: gnupg-2.1.20/g10/gpg.c
 ===
 gnupg-2.1.15.orig/g10/gpg.c
-+++ gnupg-2.1.15/g10/gpg.c
-@@ -368,6 +368,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.20.orig/g10/gpg.c2017-04-03 17:13:56.0 +0200
 gnupg-2.1.20/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200
+@@ -374,6 +374,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -791,6 +792,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -820,6 +821,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,7 +24,7 @@
  
/* Aliases.  I constantly mistype these, and assume other people do
   as well. */
-@@ -2239,6 +2241,7 @@ main (int argc, char **argv)
+@@ -2393,6 +2395,7 @@ main (int argc, char **argv)
  opt.def_cert_expire = "0";
  gnupg_set_homedir (NULL);
  opt.passphrase_repeat = 1;
@@ -32,7 +32,7 @@
  opt.emit_version = 0;
  opt.weak_digests = NULL;
  additional_weak_digest("MD5");
-@@ -2807,6 +2810,7 @@ main (int argc, char **argv)
+@@ -2942,6 +2945,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@@ -40,11 +40,11 @@
  
  case oForceMDC: opt.force_mdc = 1; break;
  case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.15/g10/options.h
+Index: gnupg-2.1.20/g10/options.h
 ===
 gnupg-2.1.15.orig/g10/options.h
-+++ gnupg-2.1.15/g10/options.h
-@@ -212,6 +212,7 @@ 

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-03-18 20:48:59

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Sat Mar 18 20:48:59 2017 rev:114 rq:479947 version:2.1.19

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-03-11 
15:18:44.791114549 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-03-18 
20:48:59.675104158 +0100
@@ -1,0 +2,7 @@
+Tue Mar 14 20:41:55 UTC 2017 - astie...@suse.com
+
+- Use stronger defaults for new users, using SHA-2 digest family
+  for certificates and message signatures - FATE#323084
+  adding gnupg-2.1.19-stronger-defaults.patch
+
+---

New:

  gnupg-2.1.19-stronger-defaults.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.P6lO6l/_old  2017-03-18 20:49:00.490988574 +0100
+++ /var/tmp/diff_new_pack.P6lO6l/_new  2017-03-18 20:49:00.494988007 +0100
@@ -34,6 +34,7 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:gnupg-2.1.19-stronger-defaults.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.4.3
@@ -86,6 +87,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})

++ gnupg-2.1.19-stronger-defaults.patch ++
From: Andreas Stieger 
Date: Tue, 14 Mar 2017 20:43:20 +
Subject; FATE#323084: Stronger GnuPG defaults
References: FATE#323084
Upstream: no

Index: gnupg-2.1.19/g10/options.skel
===
--- gnupg-2.1.19.orig/g10/options.skel
+++ gnupg-2.1.19/g10/options.skel
@@ -137,3 +137,15 @@
 # Uncomment the following option to get rid of the copyright notice
 
 #no-greeting
+
+# SUSE recommended output options
+with-fingerprint
+keyid-format 0xlong
+no-emit-version
+
+# SUSE recommends SHA-2 family of hashes for all  
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES CAST5 BZIP2 
ZLIB ZIP Uncompressed
+cert-digest-algo SHA512
+digest-algo SHA512
+

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-03-11 15:18:43

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Sat Mar 11 15:18:43 2017 rev:113 rq:477543 version:2.1.19

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-02-03 
17:41:27.800750755 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-03-11 
15:18:44.791114549 +0100
@@ -1,0 +2,38 @@
+Tue Mar  7 12:55:14 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.1.19:
+  * gpg: Print a warning if Tor mode is requested but the Tor
+daemon is not running.
+  * gpg: New status code DECRYPTION_KEY to print the actual private
+key used for decryption.
+  * gpgv: New options --log-file and --debug.
+  * gpg-agent: Revamp the prompts to ask for card PINs.
+  * scd: Support for multiple card readers.
+  * scd: Removed option --debug-disable-ticker. Ticker is used
+only when it is required to watch removal of device/card.
+  * scd: Improved detection of card inserting and removal.
+  * dirmngr: New option --disable-ipv4.
+  * dirmngr: New option --no-use-tor to explicitly disable the use
+of Tor.
+  * dirmngr: The option --allow-version-check is now required even
+if the option --use-tor is also used.
+  * dirmngr: Handle a missing nsswitch.conf gracefully.
+  * dirmngr: Avoid PTR lookups for keyserver pools. The are only
+done for the debug command "keyserver --hosttable".
+  * dirmngr: Rework the internal certificate cache to support
+classes of certificates. Load system provided certificates on
+startup.
+  * Add options --tls, --no-crl, and --systrust to the "VALIDATE"
+command.
+  * dirmngr: Add support for the ntbtls library.
+  * wks: Create mails with a "WKS-Phase" header. Fix detection of
+Draft-2 mode.
+  * Many other bug fixes and new regression tests.
+- dirmngr: use system certificate store
+
+---
+Thu Mar  2 10:12:09 UTC 2017 - jeng...@inai.de
+
+- Rewrite descriptions
+
+---

Old:

  gnupg-2.1.18.tar.bz2
  gnupg-2.1.18.tar.bz2.sig

New:

  gnupg-2.1.19.tar.bz2
  gnupg-2.1.19.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.NXhMvU/_old  2017-03-11 15:18:46.158920988 +0100
+++ /var/tmp/diff_new_pack.NXhMvU/_new  2017-03-11 15:18:46.162920422 +0100
@@ -17,9 +17,9 @@
 
 
 Name:   gpg2
-Version:2.1.18
+Version:2.1.19
 Release:0
-Summary:GnuPG 2
+Summary:File encryption, decryption, signature creation and 
verification utility
 License:GPL-3.0+
 Group:  Productivity/Networking/Security
 Url:http://www.gnupg.org/aegypten2/
@@ -70,8 +70,11 @@
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
-GnuPG 2 is the successor of "GnuPG" or GPG. It provides: GPGSM,
-gpg-agent, and a keybox library.
+GnuPG is a hybrid-encryption software program; it uses a combination
+of symmetric-key and public-key cryptography to encrypt/decrypt
+messages and/or to sign and verify them.
+
+gpg2 provides GPGSM, gpg-agent, and a keybox library.
 
 %lang_package
 
@@ -101,7 +104,8 @@
 --enable-large-secmem \
 --enable-wks-tools \
 --with-gnu-ld \
---enable-build-timestamp=$date
+--with-default-trust-store=/etc/ssl/ca-bundle.pem \
+--enable-build-timestamp=$date \
 
 make %{?_smp_mflags}
 

++ gnupg-2.1.18.tar.bz2 -> gnupg-2.1.19.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.1.18.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.1.19.tar.bz2 differ: char 11, line 
1

commit gpg2 for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2017-02-01 09:48:26

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2017-01-10 
10:36:58.378402345 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2017-02-03 
17:41:27.800750755 +0100
@@ -1,0 +2,42 @@
+Tue Jan 24 16:32:04 UTC 2017 - astie...@suse.com
+
+- GnuPG 2.1.18:
+  * gpg: Remove bogus subkey signature while cleaning a key (with
+export-clean, import-clean, or --edit-key's sub-command clean)
+  * gpg: Allow freezing the clock with --faked-system-time.
+  * gpg: New --export-option flag "backup", new --import-option flag
+"restore".
+  * gpg-agent: Fixed long delay due to a regression in the progress
+callback code.
+  * scd: Lots of code cleanup and internal changes.
+  * scd: Improved the internal CCID driver.
+  * dirmngr: Fixed problem with the DNS glue code (removal of the
+trailing dot in domain names).
+  * dirmngr: Make sure that Tor is actually enabled after changing the
+conf file and sending SIGHUP or "gpgconf --reload dirmngr".
+  * dirmngr: Fixed Tor access to IPv6 addresses.  Note that current
+versions of Tor may require that the flag "IPv6Traffic" is used
+with the option "SocksPort" in torrc to actually allow IPv6
+traffic.
+  * dirmngr: Fixed HKP for literally given IPv6 addresses.
+  * dirmngr: Enabled reverse DNS lookups via Tor.
+  * dirmngr: Added experimental SRV record lookup for WKD.
+See commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10 for details.
+  * dirmngr: For HKP use "pgpkey-hkps" and "pgpkey-hkp" in SRV record
+lookups.  Avoid SRV record lookup when a port is explicitly
+specified.  This fixes a regression from the 1.4 and 2.0 behavior.
+  * dirmngr: Gracefully handle a missing /etc/nsswitch.conf.  Ignore
+negation terms (e.g. "[!UNAVAIL=return]" instead of bailing out.
+  * dirmngr: Better debug output for flags "dns" and "network".
+  * dirmngr: On reload mark all known HKP servers alive.
+  * gpgconf: Allow keyword "all" for --launch, --kill, and --reload.
+  * tools: gpg-wks-client now ignores a missing policy file on the
+server.
+  * Avoid unnecessary ambiguity error message in the option parsing.
+  * Further improvements of the regression test suite.
+  * Fixed building with --disable-libdns configure option.
+  * Fixed a crash running the tests on 32 bit architectures.
+  * Fixed spurious failures on BSD system in the spawn functions.
+This affected for example gpg-wks-client and gpgconf.
+
+---

Old:

  gnupg-2.1.17.tar.bz2
  gnupg-2.1.17.tar.bz2.sig

New:

  gnupg-2.1.18.tar.bz2
  gnupg-2.1.18.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.Vnmgqe/_old  2017-02-03 17:41:28.628633576 +0100
+++ /var/tmp/diff_new_pack.Vnmgqe/_new  2017-02-03 17:41:28.632633010 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.17
+Version:2.1.18
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+

++ gnupg-2.1.17.tar.bz2 -> gnupg-2.1.18.tar.bz2 ++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.1.17.tar.bz2 
/work/SRC/openSUSE:Factory/.gpg2.new/gnupg-2.1.18.tar.bz2 differ: char 11, line 
1

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-11-22 18:57:36

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-09-17 
14:32:23.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-11-22 
18:57:37.0 +0100
@@ -1,0 +2,47 @@
+Sat Nov 19 22:07:13 UTC 2016 - astie...@suse.com
+
+- GnuPG 2.1.16:
+ * gpg: New algorithm for selecting the best ranked public key when
+   using a mail address with -r, -R, or --locate-key.
+ * gpg: New option --with-tofu-info to print a new "tfs" record in
+   colon formatted key listings.
+ * gpg: New option --compliance as an alternative way to specify
+   options like --rfc2440, --rfc4880, et al.
+ * gpg: Many changes to the TOFU implementation.
+ * gpg: Improve usability of --quick-gen-key.
+ * gpg: In --verbose mode print a diagnostic when a pinentry is
+   launched.
+ * gpg: Remove code which warns for old versions of gnome-keyring.
+ * gpg: New option --override-session-key-fd.
+ * gpg: Option --output does now work with --verify.
+ * gpgv: New option --output to allow saving the verified data.
+ * gpgv: New option --enable-special-filenames.
+ * agent, dirmngr: New --supervised mode for use by systemd and alike.
+ * agent: By default listen on all available sockets using standard
+   names.
+ * agent: Invoke scdaemon with --homedir.
+ * dirmngr: On Linux now detects the removal of its own socket and
+   terminates.
+ * scd: Support ECC key generation.
+ * scd: Support more card readers.
+ * dirmngr: New option --allow-version-check to download a software
+   version database in the background.
+ * dirmngr: Use system provided CAs if no --hkp-cacert is given.
+ * dirmngr: Use a default keyserver if none is explicitly set
+ * gpgconf: New command --query-swdb to check software versions
+   against an copy of an online database.
+ * gpgconf: Print the socket directory with --list-dirs.
+ * tools: The WKS tools now support draft version -02.
+ * tools: Always build gpg-wks-client and install under libexec.
+ * tools: New option --supported for gpg-wks-client.
+ * The log-file option now accepts a value "socket://" to log to the
+   socket named "S.log" in the standard socket directory.
+ * Provide fake pinentries for use by tests cases of downstream
+   developers.
+ * Fixed many bugs and regressions.
+ * Many changes and improvements for the test suite.
+- drop upstreamed patches:
+  * 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
+  * gnupg-2.1.15-bsc993324-status-output.patch
+
+---

Old:

  0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
  gnupg-2.1.15-bsc993324-status-output.patch
  gnupg-2.1.15.tar.bz2
  gnupg-2.1.15.tar.bz2.sig

New:

  gnupg-2.1.16.tar.bz2
  gnupg-2.1.16.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.bDpN3M/_old  2016-11-22 18:57:38.0 +0100
+++ /var/tmp/diff_new_pack.bDpN3M/_new  2016-11-22 18:57:38.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.15
+Version:2.1.16
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -34,8 +34,6 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
-Patch13:gnupg-2.1.15-bsc993324-status-output.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -86,8 +84,6 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
-%patch13 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})

++ gnupg-2.1.15.tar.bz2 -> gnupg-2.1.16.tar.bz2 ++
 336691 lines of diff (skipped)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-09-17 14:32:21

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-08-31 
00:00:38.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-09-17 
14:32:23.0 +0200
@@ -1,0 +2,17 @@
+Tue Sep 13 13:50:52 UTC 2016 - astie...@suse.com
+
+- avoid mixing up status and colon line output - bsc#993324
+  add gnupg-2.1.15-bsc993324-status-output.patch
+
+---
+Thu Sep  1 08:23:28 UTC 2016 - astie...@suse.com
+
+- enable web key discovery tools
+
+---
+Wed Aug 31 13:06:28 UTC 2016 - astie...@suse.com
+
+- Add an explicit runtime dependency on libgcrypt >= 1.7.0 to
+  match runtime version check
+
+---

New:

  gnupg-2.1.15-bsc993324-status-output.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.OKCpLo/_old  2016-09-17 14:32:24.0 +0200
+++ /var/tmp/diff_new_pack.OKCpLo/_new  2016-09-17 14:32:24.0 +0200
@@ -35,12 +35,11 @@
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
+Patch13:gnupg-2.1.15-bsc993324-status-output.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
 BuildRequires:  libassuan-devel >= 2.4.3
-# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions 
GCRYCTL_INACTIVATE_FIPS_FLAG
-# raising gcrypt requirement from 1.4.0
 BuildRequires:  libgcrypt-devel >= 1.7.0
 BuildRequires:  libgpg-error-devel >= 1.24
 BuildRequires:  libksba-devel >= 1.3.4
@@ -56,7 +55,9 @@
 BuildRequires:  pkgconfig(sqlite3) >= 3.7
 BuildRequires:  pkgconfig(zlib)
 # Add an explicit runtime dependency to match boo#955982
-Requires:   libassuan0 >= 2.4.1
+Requires:   libassuan0 >= 2.4.3
+# Explicit runtime depencency - runtime version check
+Requires:   libgcrypt20 >= 1.7.0
 Requires:   pinentry
 # FIXME: use proper Requires(pre/post/preun/...)
 PreReq: %{install_info_prereq}
@@ -86,6 +87,7 @@
 %patch9 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})
@@ -102,6 +104,7 @@
 --enable-gpgtar \
 --enable-g13 \
 --enable-large-secmem \
+--enable-wks-tools \
 --with-gnu-ld \
 --enable-build-timestamp=$date
 

++ gnupg-2.1.15-bsc993324-status-output.patch ++
>From 31fc420727f45dd081f8ad5d056da6675dad29f2 Mon Sep 17 00:00:00 2001
From: Werner Koch 
Date: Mon, 12 Sep 2016 17:42:50 +0200
Subject: [PATCH] gpg: Avoid mixing up status and colon line output.

* g10/keylist.c (list_keyblock_colon): Avoid calling functions which
trigger a status line output before having printed a LF.
--

Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the
colons output, like here:

  pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...]

Reported-by: Andreas Stieger 
Signed-off-by: Werner Koch 

---

This version of the patch backported onto the 2.1.15 tag -- astie...@suse.com

---
 g10/keylist.c | 83 +--
 1 file changed, 47 insertions(+), 36 deletions(-)

Index: gnupg-2.1.15/g10/keylist.c
===
--- gnupg-2.1.15.orig/g10/keylist.c 2016-09-13 15:40:30.178482877 +0200
+++ gnupg-2.1.15/g10/keylist.c  2016-09-13 15:45:53.605670795 +0200
@@ -1183,9 +1183,10 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
   PKT_public_key *pk;
   u32 keyid[2];
   int trustletter = 0;
+  int trustletter_print;
+  int ownertrust_print;
   int ulti_hack = 0;
   int i;
-  char *p;
   char *hexgrip_buffer = NULL;
   const char *hexgrip = NULL;
   char *serialno = NULL;
@@ -1217,31 +1218,38 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
 stubkey = 1;  /* Key not found.  */
 
   keyid_from_pk (pk, keyid);
-  es_fputs (secret? "sec:":"pub:", es_stdout);
   if (!pk->flags.valid)
-es_putc ('i', es_stdout);
+trustletter_print = 'i';
   else if (pk->flags.revoked)
-es_putc ('r', es_stdout);
+trustletter_print = 'r';
   else if (pk->has_expired)
-es_putc ('e', es_stdout);
+trustletter_print = 'e';
   else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
-;
+trustletter_print = 0;
   else
 {
   trustletter = 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-08-31 00:00:37

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-08-06 
20:36:25.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-08-31 
00:00:38.0 +0200
@@ -1,0 +2,71 @@
+Fri Aug 19 21:22:22 UTC 2016 - astie...@suse.com
+
+- GnuPG 2.1.15:
+ * gpg: Remove the --tofu-db-format option and support for the
+   split TOFU database.
+ * gpg: Add option --sender to prepare for coming features.
+ * gpg: Add option --input-size-hint to help progress indicators.
+ * gpg: Extend the PROGRESS status line with the counted unit.
+ * gpg: Avoid publishing the GnuPG version by default with --armor.
+ * gpg: Properly ignore legacy keys in the keyring cache.
+ * gpg: Always print fingerprint records in --with-colons mode.
+ * gpg: Make sure that keygrips are printed for each subkey in
+   --with-colons mode.
+ * gpg: New import filter "drop-sig".
+ * gpgsm: Fix a bug in the machine-readable key listing.
+ * gpg,gpgsm: Block signals during keyring updates to limits the
+   effects of a Ctrl-C at the wrong time.
+ * g13: Add command --umount and other fixes for dm-crypt.
+ * agent: Fix regression in SIGTERM handling.
+ * agent: Cleanup of the ssh-agent code.
+ * agent: Allow import of overly long keys.
+ * scd: Fix problems with card removal.
+ * dirmngr: Remove all code for running as a system service.
+ * tools: Make gpg-wks-client conforming to the specs.
+ * tests: Improve the output of the new regression test tool.
+ * tests: Distribute the standalone test runner.
+ * tests: Run each test in a clean environment.
+ * Spelling and grammar fixes.
+- fix build error, adding
+  0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
+
+---
+Sun Aug 14 14:12:40 UTC 2016 - astie...@suse.com
+
+- GnuPG 2.1.14:
+  * gpg: Removed options --print-dane-records and --print-pka-records.
+The new export options "export-pka" and "export-dane" can instead
+be used with the export command.
+  * gpg: New options --import-filter and --export-filter.
+  * gpg: New import options "import-show" and "import-export".
+  * gpg: New option --no-keyring.
+  * gpg: New command --quick-revuid.
+  * gpg: New options -f/--recipient-file and -F/--hidden-recipient-file
+to directly specify encryption keys.
+  * gpg: New option --mimemode to indicate that the content is a MIME
+part.  Does only enable --textmode right now.
+  * gpg: New option --rfc4880bis to allow experiments with proposed
+changes to the current OpenPGP specs.
+  * gpg: Fix regression in the "fetch" sub-command of --card-edit.
+  * gpg: Fix regression since 2.1 in option --try-all-secrets.
+  * gpgv: Change default options for extra security.
+  * gpgsm: No more root certificates are installed by default.
+  * agent: "updatestartuptty" does now affect more environment
+variables.
+  * scd: The option --homedir does now work with scdaemon.
+  * scd: Support some more GEMPlus card readers.
+  * gpgtar: Fix handling of '-' as file name.
+  * gpgtar: New commands --create and --extract.
+  * gpgconf: Tweak for --list-dirs to better support shell scripts.
+  * tools: Add programs gpg-wks-client and gpg-wks-server to implement
+a Web Key Service.  The configure option --enable-wks-tools is
+required to build them; they should be considered Beta software.
+  * tests: Complete rework of the openpgp part of the test suite.  The
+test scripts have been changed from Bourne shell scripts to Scheme
+programs.  A customized scheme interpreter (gpgscm) is included.
+This change was triggered by the need to run the test suite on
+non-Unix platforms.
+  * The rendering of the man pages has been improved.
+- drop upstream gnupg-make_--try-all-secrets_work.patch
+
+---

Old:

  gnupg-2.1.13.tar.bz2
  gnupg-2.1.13.tar.bz2.sig
  gnupg-make_--try-all-secrets_work.patch

New:

  0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
  gnupg-2.1.15.tar.bz2
  gnupg-2.1.15.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.MbMIeW/_old  2016-08-31 00:00:40.0 +0200
+++ /var/tmp/diff_new_pack.MbMIeW/_new  2016-08-31 00:00:40.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.13
+Version:2.1.15
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -34,18 +34,18 @@
 Patch8: 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-08-06 20:36:23

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-07-09 
09:17:32.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-08-06 
20:36:25.0 +0200
@@ -1,0 +2,15 @@
+Thu Aug  4 12:17:14 UTC 2016 - tchva...@suse.com
+
+- Fix date call as the curlified parameter for sure are not parsed
+  correctly by escaping it with %
+
+---
+Wed Aug  3 11:56:58 UTC 2016 - astie...@suse.com
+
+- Fix upstream bug 1985: --try-all-secrets doesn't work when
+  decrypting messages encrypted with --hidden-recipient, fixes unit
+  tests of the duplicity package.
+  Adding gnupg-make_--try-all-secrets_work.patch
+- record the fact that gpg-error 1.21 is required
+
+---

New:

  gnupg-make_--try-all-secrets_work.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.jke44S/_old  2016-08-06 20:36:26.0 +0200
+++ /var/tmp/diff_new_pack.jke44S/_new  2016-08-06 20:36:26.0 +0200
@@ -34,6 +34,7 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:gnupg-make_--try-all-secrets_work.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -41,7 +42,7 @@
 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions 
GCRYCTL_INACTIVATE_FIPS_FLAG
 # raising gcrypt requirement from 1.4.0
 BuildRequires:  libgcrypt-devel >= 1.6.1
-BuildRequires:  libgpg-error-devel >= 1.16
+BuildRequires:  libgpg-error-devel >= 1.21
 BuildRequires:  libksba-devel >= 1.2.0
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 0.91
@@ -84,9 +85,10 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
-date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+ -r %{SOURCE99})
+date=$(date -u +%%Y-%%m-%%dT%%H:%%M+ -r %{SOURCE99})
 %configure \
 --libexecdir=%{_libdir} \
 --docdir=%{_docdir}/%{name} \


++ gnupg-make_--try-all-secrets_work.patch ++
>From 82b90eee100cf1c9680517059b2d35e295dd992a Mon Sep 17 00:00:00 2001
From: Daiki Ueno 
Date: Tue, 18 Aug 2015 16:57:44 +0900
Subject: [PATCH] gpg: Make --try-all-secrets work for hidden recipients
Upstream: committed

* g10/getkey.c (enum_secret_keys): Really enumerate all secret
keys if --try-all-secrets is specified.
--

GnuPG-bug-id: 1985
Signed-off-by: Daiki Ueno 

- Add new arg CTRL to getkey_byname call.

Signed-off-by: Werner Koch 
---
 g10/getkey.c | 60 ++--
 1 file changed, 50 insertions(+), 10 deletions(-)

On openSUSE, this fixes the unit tests of the duplicity package.

diff --git a/g10/getkey.c b/g10/getkey.c
index 90fd175..3fe8274 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3555,6 +3555,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, 
PKT_public_key *sk)
 {
   gpg_error_t err = 0;
   const char *name;
+  kbnode_t keyblock;
   struct
   {
 int eof;
@@ -3562,6 +3563,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, 
PKT_public_key *sk)
 strlist_t sl;
 kbnode_t keyblock;
 kbnode_t node;
+getkey_ctx_t ctx;
   } *c = *context;
 
   if (!c)
@@ -3577,6 +3579,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, 
PKT_public_key *sk)
 {
   /* Free the context.  */
   release_kbnode (c->keyblock);
+  getkey_end (c->ctx);
   xfree (c);
   *context = NULL;
   return 0;
@@ -3594,6 +3597,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, 
PKT_public_key *sk)
   do
 {
   name = NULL;
+  keyblock = NULL;
   switch (c->state)
 {
 case 0: /* First try to use the --default-key.  */
@@ -3616,24 +3620,60 @@ enum_secret_keys (ctrl_t ctrl, void **context, 
PKT_public_key *sk)
 c->state++;
   break;
 
+case 3: /* Init search context to try all keys.  */
+  if (opt.try_all_secrets)
+{
+  err = getkey_bynames (>ctx, NULL, NULL, 1, );
+  if (err)
+{
+  release_kbnode (keyblock);
+  keyblock = NULL;
+  getkey_end (c->ctx);
+  c->ctx = NULL;
+}
+

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-07-09 09:17:21

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-06-07 
23:43:38.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-07-09 
09:17:32.0 +0200
@@ -1,0 +2,31 @@
+Thu Jun 16 20:21:39 UTC 2016 - astie...@suse.com
+
+- GnuPG 2.1.13:
+ * gpg: New command --quick-addkey.  Extend the --quick-gen-key
+   command.
+ * gpg: New --keyid-format "none" which is now also the default.
+ * gpg: New option --with-subkey-fingerprint.
+ * gpg: Include Signer's UID subpacket in signatures if the secret key
+   has been specified using a mail address and the new option
+   --disable-signer-uid is not used.
+ * gpg: Allow unattended deletion of a secret key.
+ * gpg: Allow export of non-passphrase protected secret keys.
+ * gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS.
+ * gpg: Change status line TOFU_STATS_LONG to use '~' as
+   a non-breaking-space character.
+ * gpg: Speedup key listings in Tofu mode.
+ * gpg: Make sure that the current and total values of a PROGRESS
+   status line are small enough.
+ * gpgsm: Allow the use of AES192 and SERPENT ciphers.
+ * dirmngr: Adjust WKD lookup to current specs.
+ * dirmngr: Fallback to LDAP v3 if v2 is is not supported.
+ * gpgconf: New commands --create-socketdir and --remove-socketdir,
+   new option --homedir.
+ * If a /run/user/$UID directory exists, that directory is now used
+   for IPC sockets instead of the GNUPGHOME directory.  This fixes
+   problems with NFS and too long socket names and thus avoids the
+   need for redirection files.
+ * Speedup fd closing after a fork.
+- drop upstreamed gnupg-fix-signature-checking.patch
+
+---

Old:

  gnupg-2.1.12.tar.bz2
  gnupg-2.1.12.tar.bz2.sig
  gnupg-fix-signature-checking.patch

New:

  gnupg-2.1.13.tar.bz2
  gnupg-2.1.13.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.WxvJ77/_old  2016-07-09 09:17:35.0 +0200
+++ /var/tmp/diff_new_pack.WxvJ77/_new  2016-07-09 09:17:35.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.12
+Version:2.1.13
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -34,7 +34,6 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:gnupg-fix-signature-checking.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -85,7 +84,6 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
 
 %build
 date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+ -r %{SOURCE99})

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.WxvJ77/_old  2016-07-09 09:17:35.0 +0200
+++ /var/tmp/diff_new_pack.WxvJ77/_new  2016-07-09 09:17:35.0 +0200
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.10/g10/gpg.c
+Index: gnupg-2.1.13/g10/gpg.c
 ===
 gnupg-2.1.10.orig/g10/gpg.c2015-12-04 14:25:25.749577555 +0100
-+++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:26:04.777192262 +0100
-@@ -355,6 +355,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.13.orig/g10/gpg.c
 gnupg-2.1.13/g10/gpg.c
+@@ -358,6 +358,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -757,6 +758,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -770,6 +771,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,15 +24,15 @@
  
/* Aliases.  I constantly mistype these, and assume other people do
   as well. */
-@@ -2483,6 +2485,7 @@ main (int argc, char **argv)
+@@ -2247,6 +2249,7 @@ main (int argc, char **argv)
  opt.def_cert_expire = "0";
- set_homedir (default_homedir ());
+ gnupg_set_homedir (NULL);
  opt.passphrase_repeat = 1;
 +opt.files_are_digests=0;
  opt.emit_version = 1; /* Limit to the major number.  */
  opt.weak_digests = NULL;
  additional_weak_digest("MD5");
-@@ -3022,6 +3025,7 @@ main (int argc, char **argv)
+@@ -2797,6 +2800,7 @@ main (int argc, char **argv)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-06-07 23:43:36

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-05-17 
17:07:02.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-06-07 
23:43:38.0 +0200
@@ -1,0 +2,6 @@
+Thu Jun  2 16:01:40 UTC 2016 - pjano...@suse.de
+
+- add gnupg-fix-signature-checking.patch (bsc#981020)
+  https://bugs.gnupg.org/gnupg/issue2351
+
+---

New:

  gnupg-fix-signature-checking.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.O0ykhB/_old  2016-06-07 23:43:39.0 +0200
+++ /var/tmp/diff_new_pack.O0ykhB/_new  2016-06-07 23:43:39.0 +0200
@@ -34,6 +34,7 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:gnupg-fix-signature-checking.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -84,6 +85,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+ -r %{SOURCE99})


++ gnupg-fix-signature-checking.patch ++
>From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka 
Date: Wed, 11 May 2016 19:27:03 +0900
Subject: [PATCH] g10: Fix signature checking.

* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
walk_kbnode.

--

Thanks to Vincent Brillault (Feandil).

GnuPG-bug-id: 2351
Signed-off-by: NIIBE Yutaka 
---
 g10/sig-check.c | 13 +
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 290f19a..7000b48 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
 *is_selfsig = 1;
 }
   else
-/* See if one of the subkeys was the signer (although this is
-   extremely unlikely).  */
 {
   kbnode_t ctx = NULL;
   kbnode_t n;
 
-  while ((n = walk_kbnode (kb, , PKT_PUBLIC_SUBKEY)))
+  /* See if one of the subkeys was the signer (although this
+ is extremely unlikely).  */
+  while ((n = walk_kbnode (kb, , 0)))
 {
-  PKT_public_key *subk = n->pkt->pkt.public_key;
+  PKT_public_key *subk;
+
+  if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+continue;
+
+  subk = n->pkt->pkt.public_key;
   if (sig->keyid[0] == subk->keyid[0]
   && sig->keyid[1] == subk->keyid[1])
 /* Issued by a subkey.  */
-- 
2.8.0.rc3

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-05-17 17:07:00

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-03-09 
15:16:28.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-05-17 
17:07:02.0 +0200
@@ -1,0 +2,31 @@
+Wed May  4 15:37:12 UTC 2016 - astie...@suse.com
+
+- GnuPG 2.1.12:
+ * gpg: New --edit-key sub-command "change-usage" for testing
+   purposes.
+ * gpg: Out of order key-signatures are now systematically detected
+   and fixed by --edit-key.
+ * gpg: Improved detection of non-armored messages.
+ * gpg: Removed the extra prompt needed to create Curve25519 keys.
+ * gpg: Improved user ID selection for --quick-sign-key.
+ * gpg: Use the root CAs provided by the system with --fetch-key.
+ * gpg: Add support for the experimental Web Key Directory key
+   location service.
+ * gpg: Improve formatting of Tofu messages and emit new Tofu specific
+   status lines.
+ * gpgsm: Add option --pinentry-mode to support a loopback pinentry.
+ * gpgsm: A new pubring.kbx is now created with the header blob so
+   that gpg can detect that the keybox format needs to be used.
+ * agent: Add read support for the new private key protection format
+   openpgp-s2k-ocb-aes.
+ * agent: Add read support for the new extended private key format.
+ * agent: Default to --allow-loopback-pinentry and add option
+   --no-allow-loopback-pinentry.
+ * scd: Changed to use the new libusb 1.0 API for the internal CCID
+   driver.
+ * dirmngr: The dirmngr-client does now auto-detect the PEM format.
+ * g13: Add experimental support for dm-crypt.
+ * The man pages for gpg and gpgv are now installed under the correct
+   name (gpg2 or gpg - depending on a configure option).
+
+---

Old:

  gnupg-2.1.11.tar.bz2
  gnupg-2.1.11.tar.bz2.sig

New:

  gnupg-2.1.12.tar.bz2
  gnupg-2.1.12.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.wjUbny/_old  2016-05-17 17:07:03.0 +0200
+++ /var/tmp/diff_new_pack.wjUbny/_new  2016-05-17 17:07:03.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.11
+Version:2.1.12
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -157,6 +157,7 @@
 %{_libdir}/[^d]*
 %{_sbindir}/addgnupghome
 %{_sbindir}/applygnupgdefaults
+%{_sbindir}/g13-syshelp
 %{_datadir}/gnupg
 %dir %{_sysconfdir}/gnupg
 %config(noreplace) %{_sysconfdir}/gnupg/gpgconf.conf

++ gnupg-2.1.11.tar.bz2 -> gnupg-2.1.12.tar.bz2 ++
 265232 lines of diff (skipped)

++ gnupg-set_umask_before_open_outfile.patch ++
--- /var/tmp/diff_new_pack.wjUbny/_old  2016-05-17 17:07:07.0 +0200
+++ /var/tmp/diff_new_pack.wjUbny/_new  2016-05-17 17:07:07.0 +0200
@@ -1,16 +1,16 @@
-Index: gnupg-2.1.10/g10/plaintext.c
+Index: gnupg-2.1.12/g10/plaintext.c
 ===
 gnupg-2.1.10.orig/g10/plaintext.c  2015-11-30 17:39:52.0 +0100
-+++ gnupg-2.1.10/g10/plaintext.c   2015-12-04 14:26:56.876677813 +0100
-@@ -25,6 +25,7 @@
+--- gnupg-2.1.12.orig/g10/plaintext.c  2016-05-04 11:43:16.0 +0200
 gnupg-2.1.12/g10/plaintext.c   2016-05-04 17:36:13.945784756 +0200
+@@ -24,6 +24,7 @@
+ #include 
  #include 
- #include 
  #include 
 +#include 
  #ifdef HAVE_DOSISH_SYSTEM
  # include  /* for setmode() */
  #endif
-@@ -39,6 +40,9 @@
+@@ -38,6 +39,9 @@
  #include "status.h"
  #include "i18n.h"
  
@@ -20,7 +20,7 @@
  
  /* Get the output filename.  On success, the actual filename that is
 used is set in *FNAMEP and a filepointer is returned in *FP.
-@@ -146,11 +150,15 @@ get_output_file (const byte *embedded_na
+@@ -145,11 +149,15 @@ get_output_file (const byte *embedded_na
log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
goto leave;
  }

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-03-09 15:16:27

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2016-01-28 
17:20:07.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-03-09 
15:16:28.0 +0100
@@ -1,0 +2,36 @@
+Sun Mar  6 08:17:00 UTC 2016 - astie...@suse.com
+
+- GnuPG 2.1.11:
+ * gpg: New command --export-ssh-key to replace the gpgkey2ssh tool.
+ * gpg: Allow to generate mail address only keys with --gen-key.
+ * gpg: "--list-options show-usage" is now the default.
+ * gpg: Make lookup of DNS CERT records holding an URL work.
+ * gpg: Emit PROGRESS status lines during key generation.
+ * gpg: Don't check for ambigious or non-matching key specification in
+   the config file or given to --encrypt-to.  This feature will return
+   in 2.3.x.
+ * gpg: Lock keybox files while updating them.
+ * gpg: Fix possible keyring corruption. (bug#2193)
+ * gpg: Fix regression of "bkuptocard" sub-command in --edit-key and
+   remove "checkbkupkey" sub-command introduced with 2.1.  (bug#2169)
+ * gpg: Fix internal error in gpgv when using default keyid-format.
+ * gpg: Fix --auto-key-retrieve to work with dirmngr.conf configured
+   keyservers. (bug#2147).
+ * agent: New option --pinentry-timeout.
+ * scd: Fix regression for generating RSA keys on card.
+ * dirmmgr: All configured keyservers are now searched.
+ * dirmngr: Install CA certificate for hkps.pool.sks-keyservers.net.
+   Use this certiticate even if --hkp-cacert is not used.
+ * gpgtar: Add actual encryption code.  gpgtar does now fully replace
+   gpg-zip.
+ * gpgtar: Fix filename encoding problem on Windows.
+ * Print a warning if a GnuPG component is using an older version of
+   gpg-agent, dirmngr, or scdaemon.
+- disable running test which no longer work
+- remove 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
+  is now upstream
+- the PIE options are implemented in the upstream build, and spec
+  code broke the build. The only remaining broken executable was
+  gpgsplit, which was removed from the package
+
+---

Old:

  0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
  gnupg-2.1.10.tar.bz2
  gnupg-2.1.10.tar.bz2.sig

New:

  gnupg-2.1.11.tar.bz2
  gnupg-2.1.11.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.PpUcLP/_old  2016-03-09 15:16:30.0 +0100
+++ /var/tmp/diff_new_pack.PpUcLP/_new  2016-03-09 15:16:30.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.10
+Version:2.1.11
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -34,7 +34,6 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -85,18 +84,8 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
 
 %build
-# build PIEs (position independent executables) for address space 
randomisation:
-%ifarch s390x %{sparc}
-# s390x needs to use the large PIE model (at least for gpg.c):
-PIE="-fPIE"
-%else
-PIE="-fpie"
-%endif
-export CFLAGS="%{optflags} ${PIE}"
-export LDFLAGS=-pie
 date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+ -r %{SOURCE99})
 %configure \
 --libexecdir=%{_libdir} \
@@ -138,7 +127,7 @@
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
 # install legacy tools
 install -m 755 tools/gpg-zip %{buildroot}/%{_bindir}
-install -m 755 tools/gpgsplit %{buildroot}/%{_bindir}
+# install -m 755 tools/gpgsplit %{buildroot}/%{_bindir}
 
 %find_lang gnupg2
 %if 0%{?suse_version} > 1020
@@ -146,9 +135,9 @@
 %endif
 
 %check
-%if ! 0%{?qemu_user_space_build}
-make %{?_smp_mflags} check
-%endif
+# %if ! 0%{?qemu_user_space_build}
+# make %{?_smp_mflags} check
+# %endif
 
 %post
 %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz

++ gnupg-2.1.10.tar.bz2 -> gnupg-2.1.11.tar.bz2 ++
 236198 lines of diff (skipped)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2016-01-28 17:20:05

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-12-25 
13:05:57.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2016-01-28 
17:20:07.0 +0100
@@ -1,0 +2,13 @@
+Tue Jan 26 20:23:18 UTC 2016 - astie...@suse.com
+
+- add g13, an experimental tool for accessing encrypted storage
+  with with GnuPG (cards)
+
+---
+Tue Jan 19 13:56:58 UTC 2016 - vci...@suse.com
+
+- fix fingerprint ambiguity (bsc#958891)
+  * https://bugs.gnupg.org/gnupg/issue2198
+  * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
+
+---

New:

  0001-gpg-Improve-the-keyblock-cache-s-transparency.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.s5oMeC/_old  2016-01-28 17:20:08.0 +0100
+++ /var/tmp/diff_new_pack.s5oMeC/_new  2016-01-28 17:20:08.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -34,6 +34,7 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -84,6 +85,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 # build PIEs (position independent executables) for address space 
randomisation:
@@ -107,7 +109,7 @@
 --enable-gpgsm=yes \
 --enable-gpg \
 --enable-gpgtar \
---enable-large-rsa \
+--enable-g13 \
 --enable-large-secmem \
 --with-gnu-ld \
 --enable-build-timestamp=$date

++ 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch ++
>From 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" 
Date: Tue, 15 Dec 2015 12:21:30 +0100
Subject: [PATCH] gpg: Improve the keyblock cache's transparency.

* kbx/keybox-search.c (keybox_offset): New function.
* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
HD->KEYBLOCK_CACHE.OFFSET.
(keydb_search): Don't use the cached result if it comes before the
current file position.  When caching an entry, also record the
position at which it was found.

--
Signed-off-by: Neal H. Walfield 
GnuPG-bug-id: 2187
---
 g10/keydb.c | 19 ++-
 kbx/keybox-search.c |  8 
 kbx/keybox.h|  2 ++
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/g10/keydb.c b/g10/keydb.c
index d7c35de..860187f 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -81,6 +81,9 @@ struct keyblock_cache {
   u32 *sigstatus;
   int pk_no;
   int uid_no;
+  /* Offset of the record in the keybox.  */
+  int resource;
+  off_t offset;
 };
 
 
@@ -245,6 +248,8 @@ keyblock_cache_clear (struct keydb_handle *hd)
   hd->keyblock_cache.sigstatus = NULL;
   iobuf_close (hd->keyblock_cache.iobuf);
   hd->keyblock_cache.iobuf = NULL;
+  hd->keyblock_cache.resource = -1;
+  hd->keyblock_cache.offset = -1;
 }
 
 
@@ -1701,7 +1706,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
   && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
   || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
   && hd->keyblock_cache.state  == KEYBLOCK_CACHE_FILLED
-  && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20))
+  && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)
+  /* Make sure the current file position occurs before the cached
+ result to avoid an infinite loop.  */
+  && (hd->current < hd->keyblock_cache.resource
+  || (hd->current == hd->keyblock_cache.resource
+  && (keybox_offset (hd->active[hd->current].u.kb)
+  <= hd->keyblock_cache.offset
 {
   /* (DESCINDEX is already set).  */
   if (DBG_CLOCK)
@@ -1772,6 +1783,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
   && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX)
 {
   hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
+  hd->keyblock_cache.resource = 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-12-25 13:05:41

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-12-09 
22:18:33.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-12-25 
13:05:57.0 +0100
@@ -1,0 +2,5 @@
+Sun Dec  6 14:14:45 UTC 2015 - p.drou...@gmail.com
+
+- Move to pkgconfig() packaging style
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.EYA77i/_old  2015-12-25 13:05:59.0 +0100
+++ /var/tmp/diff_new_pack.EYA77i/_new  2015-12-25 13:05:59.0 +0100
@@ -36,24 +36,24 @@
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
-BuildRequires:  gnutls-devel >= 3.0
 BuildRequires:  libadns-devel
 BuildRequires:  libassuan-devel >= 2.4.1
-BuildRequires:  libbz2-devel
-BuildRequires:  libcurl-devel >= 7.10
 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions 
GCRYCTL_INACTIVATE_FIPS_FLAG
 # raising gcrypt requirement from 1.4.0
 BuildRequires:  libgcrypt-devel >= 1.6.1
 BuildRequires:  libgpg-error-devel >= 1.16
 BuildRequires:  libksba-devel >= 1.2.0
-BuildRequires:  libusb-devel
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 0.91
 BuildRequires:  openldap2-devel
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
-BuildRequires:  sqlite3-devel >= 3.7
-BuildRequires:  zlib-devel
+BuildRequires:  pkgconfig(bzip2)
+BuildRequires:  pkgconfig(gnutls) >= 3.0
+BuildRequires:  pkgconfig(libcurl) >= 7.10
+BuildRequires:  pkgconfig(libusb-1.0)
+BuildRequires:  pkgconfig(sqlite3) >= 3.7
+BuildRequires:  pkgconfig(zlib)
 # Add an explicit runtime dependency to match boo#955982
 Requires:   libassuan0 >= 2.4.1
 Requires:   pinentry

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-12-09 20:33:47

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-12-01 
09:16:52.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-12-09 
22:18:33.0 +0100
@@ -1,0 +2,38 @@
+Fri Dec  4 13:35:40 UTC 2015 - astie...@suse.com
+
+- GnuPG 2.1.10 adds TOFU (Trust-On-First-USe) and anonymous key
+  retrival via Tor.
+ * gpg: New trust models "tofu" and "tofu+pgp".
+ * gpg: New command --tofu-policy.  New options --tofu-default-policy
+   and --tofu-db-format.
+ * gpg: New option --weak-digest to specify hash algorithms which
+   should be considered weak.
+ * gpg: Allow the use of multiple --default-key options; take the last
+   available key.
+ * gpg: New option --encrypt-to-default-key.
+ * gpg: New option --unwrap to only strip the encryption layer.
+ * gpg: New option --only-sign-text-ids to exclude photo IDs from key
+   signing.
+ * gpg: Check for ambigious or non-matching key specification in the
+   config file or given to --encrypt-to.
+ * gpg: Show the used card reader with --card-status.
+ * gpg: Print export statistics and an EXPORTED status line.
+ * gpg: Allow selecting subkeys by keyid in --edit-key.
+ * gpg: Allow updating the expiration time of multiple subkeys at
+   once.
+ * dirmngr: New option --use-tor.  For full support this requires
+   libassuan version 2.4.2 and a patched version of libadns
+   (e.g. adns-1.4-g10-7 as used by the standard Windows installer).
+ * dirmngr: New option --nameserver to specify the nameserver used in
+   Tor mode.
+ * dirmngr: Keyservers may again be specified by IP address.
+ * dirmngr: Fixed problems in resolving keyserver pools.
+ * dirmngr: Fixed handling of premature termination of TLS streams so
+   that large numbers of keys can be refreshed via hkps.
+ * gpg: Fixed a regression in --locate-key [since 2.1.9].
+ * gpg: Fixed another bug for keyrings with legacy keys.
+ * gpgsm: Allow combinations of usage flags in --gen-key.
+ * Make tilde expansion work with most options.
+ * Many other cleanups and bug fixes.
+
+---
@@ -5,0 +44,6 @@
+
+---
+Fri Nov 20 16:03:03 UTC 2015 - astie...@suse.com
+
+- Improve upgrade to gpg2 from security:privacy w.r.t. libassuan
+  run-time dependencies (boo#955982)

Old:

  gnupg-2.1.9.tar.bz2
  gnupg-2.1.9.tar.bz2.sig

New:

  gnupg-2.1.10.tar.bz2
  gnupg-2.1.10.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.Tk9sHs/_old  2015-12-09 22:18:34.0 +0100
+++ /var/tmp/diff_new_pack.Tk9sHs/_new  2015-12-09 22:18:34.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.9
+Version:2.1.10
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -38,7 +38,7 @@
 BuildRequires:  fdupes
 BuildRequires:  gnutls-devel >= 3.0
 BuildRequires:  libadns-devel
-BuildRequires:  libassuan-devel >= 2.1.0
+BuildRequires:  libassuan-devel >= 2.4.1
 BuildRequires:  libbz2-devel
 BuildRequires:  libcurl-devel >= 7.10
 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions 
GCRYCTL_INACTIVATE_FIPS_FLAG
@@ -52,7 +52,10 @@
 BuildRequires:  openldap2-devel
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
+BuildRequires:  sqlite3-devel >= 3.7
 BuildRequires:  zlib-devel
+# Add an explicit runtime dependency to match boo#955982
+Requires:   libassuan0 >= 2.4.1
 Requires:   pinentry
 # FIXME: use proper Requires(pre/post/preun/...)
 PreReq: %{install_info_prereq}

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.Tk9sHs/_old  2015-12-09 22:18:34.0 +0100
+++ /var/tmp/diff_new_pack.Tk9sHs/_new  2015-12-09 22:18:34.0 +0100
@@ -4,11 +4,11 @@
  g10/sign.c|   68 
--
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.3/g10/gpg.c
+Index: gnupg-2.1.10/g10/gpg.c
 ===
 gnupg-2.1.3.orig/g10/gpg.c 2015-04-06 14:03:32.0 +0200
-+++ gnupg-2.1.3/g10/gpg.c  2015-04-11 20:45:24.0 +0200
-@@ -352,6 +352,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.10.orig/g10/gpg.c2015-12-04 14:25:25.749577555 +0100
 gnupg-2.1.10/g10/gpg.c 2015-12-04 14:26:04.777192262 +0100
+@@ -355,6 +355,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,23 +16,23 @@

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-12-01 09:16:50

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-10-20 
16:20:55.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-12-01 
09:16:52.0 +0100
@@ -1,0 +2,6 @@
+Tue Nov 24 10:27:58 UTC 2015 - vci...@suse.com
+
+- enable tests for PPC64 again,
+  the problem from bsc#935887 went away
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.mnYEiH/_old  2015-12-01 09:16:53.0 +0100
+++ /var/tmp/diff_new_pack.mnYEiH/_new  2015-12-01 09:16:53.0 +0100
@@ -142,10 +142,8 @@
 
 %check
 %if ! 0%{?qemu_user_space_build}
-%ifnarch ppc64
 make %{?_smp_mflags} check
 %endif
-%endif
 
 %post
 %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-10-20 16:20:54

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-09-16 
10:37:07.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-10-20 
16:20:55.0 +0200
@@ -1,0 +2,20 @@
+Sat Oct 10 11:39:55 UTC 2015 - astie...@suse.com
+
+- GnuPG 2.1.9:
+ * gpg: Allow fetching keys via OpenPGP DANE (--auto-key-locate).\
+   New option --print-dane-records.
+ * gpg: Fix for a problem with PGP-2 keys in a keyring.
+ * gpg: Fail with an error instead of a warning if a modern cipher
+   algorithm is used without a MDC.
+ * agent: New option --pinentry-invisible-char.
+ * agent: Always do a RSA signature verification after creation.
+ * agent: Fix a regression in ssh-add-ing Ed25519 keys.
+ * agent: Fix ssh fingerprint computation for nistp384 and EdDSA.
+ * agent: Fix crash during passprase entry on some platforms.
+ * scd: Change timeout to fix problems with some 2.1 cards.
+ * dirmngr: Displayed name is now Key Acquirer.
+ * dirmngr: Add option --keyserver.  Deprecate that option for gpg.
+   Install a dirmngr.conf file from a skeleton for new installations.
+- update gnupg-add_legacy_FIPS_mode_option.patch for context change
+
+---

Old:

  gnupg-2.1.8.tar.bz2
  gnupg-2.1.8.tar.bz2.sig

New:

  gnupg-2.1.9.tar.bz2
  gnupg-2.1.9.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.Yvmdpo/_old  2015-10-20 16:20:56.0 +0200
+++ /var/tmp/diff_new_pack.Yvmdpo/_new  2015-10-20 16:20:56.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.8
+Version:2.1.9
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+

++ gnupg-2.1.8.tar.bz2 -> gnupg-2.1.9.tar.bz2 ++
 144730 lines of diff (skipped)

++ gnupg-add_legacy_FIPS_mode_option.patch ++
--- /var/tmp/diff_new_pack.Yvmdpo/_old  2015-10-20 16:20:59.0 +0200
+++ /var/tmp/diff_new_pack.Yvmdpo/_new  2015-10-20 16:20:59.0 +0200
@@ -3,11 +3,11 @@
  g10/gpg.c|9 +
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.1.3/doc/gpg.texi
+Index: gnupg-2.1.9/doc/gpg.texi
 ===
 gnupg-2.1.3.orig/doc/gpg.texi  2015-04-11 20:48:01.0 +0200
-+++ gnupg-2.1.3/doc/gpg.texi   2015-04-11 20:48:22.0 +0200
-@@ -1857,6 +1857,24 @@ implies, this option is for experts only
+--- gnupg-2.1.9.orig/doc/gpg.texi
 gnupg-2.1.9/doc/gpg.texi
+@@ -1778,6 +1778,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,19 +32,19 @@
  @end table
  
  
-Index: gnupg-2.1.3/g10/gpg.c
+Index: gnupg-2.1.9/g10/gpg.c
 ===
 gnupg-2.1.3.orig/g10/gpg.c 2015-04-11 20:48:01.0 +0200
-+++ gnupg-2.1.3/g10/gpg.c  2015-04-11 20:48:48.0 +0200
-@@ -385,6 +385,7 @@ enum cmd_and_opt_values
- oFakedSystemTime,
+--- gnupg-2.1.9.orig/g10/gpg.c
 gnupg-2.1.9/g10/gpg.c
+@@ -386,6 +386,7 @@ enum cmd_and_opt_values
  oNoAutostart,
  oPrintPKARecords,
+ oPrintDANERecords,
 +oSetLegacyFips,
  
  oNoop
};
-@@ -777,6 +778,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -780,6 +781,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages,  "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -52,7 +52,7 @@
  
/* These two are aliases to help users of the PGP command line
   product use gpg with minimal pain.  Many commands are common
-@@ -3170,6 +3172,13 @@ main (int argc, char **argv)
+@@ -3188,6 +3190,13 @@ main (int argc, char **argv)
  
case oNoAutostart: opt.autostart = 0; break;
  

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-09-16 10:37:06

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is "gpg2"

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-08-17 
15:33:42.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-09-16 
10:37:07.0 +0200
@@ -1,0 +2,17 @@
+Fri Sep 11 06:02:23 UTC 2015 - astie...@suse.com
+
+- GnuPG 2.1.8:
+ * gpg: Sending very large keys to the keyservers works again.
+ * gpg: Validity strings in key listings are now again translatable.
+ * gpg: Emit FAILURE status lines to help GPGME.
+ * gpg: Does not anymore link to Libksba to reduce dependencies.
+ * gpgsm: Export of secret keys via Assuan is now possible.
+ * agent: Raise the maximum passphrase length from 100 to 255 bytes.
+ * agent: Fix regression using EdDSA keys with ssh.
+ * Does not anymore use a build timestamp by default.
+ * The fallback encoding for broken locale settings changed
+   from Latin-1 to UTF-8.
+ * Many code cleanups and improved internal documentation.
+ * Various minor bug fixes.
+
+---

Old:

  gnupg-2.1.7.tar.bz2
  gnupg-2.1.7.tar.bz2.sig

New:

  gnupg-2.1.8.tar.bz2
  gnupg-2.1.8.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.3bplCk/_old  2015-09-16 10:37:08.0 +0200
+++ /var/tmp/diff_new_pack.3bplCk/_new  2015-09-16 10:37:08.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.7
+Version:2.1.8
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -27,6 +27,7 @@
 Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 # https://www.gnupg.org/signature_key.html
 Source3:%{name}.keyring
+Source99:   %{name}.changes
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-2.0.18-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
@@ -91,6 +92,7 @@
 %endif
 export CFLAGS="%{optflags} ${PIE}"
 export LDFLAGS=-pie
+date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+ -r %{SOURCE99})
 %configure \
 --libexecdir=%{_libdir} \
 --docdir=%{_docdir}/%{name} \
@@ -104,7 +106,8 @@
 --enable-gpgtar \
 --enable-large-rsa \
 --enable-large-secmem \
---with-gnu-ld
+--with-gnu-ld \
+--enable-build-timestamp=$date
 
 make %{?_smp_mflags}
 
@@ -140,7 +143,7 @@
 %check
 %if ! 0%{?qemu_user_space_build}
 %ifnarch ppc64
-make check
+make %{?_smp_mflags} check
 %endif
 %endif
 
@@ -155,8 +158,8 @@
 
 %files
 %defattr(-,root,root)
-%doc %{_infodir}/gnupg*
-%doc %{_mandir}/*/*.gz
+%{_infodir}/gnupg*
+%{_mandir}/*/*.gz
 %doc %{_docdir}/%{name}
 %{_bindir}/*
 %{_libdir}/[^d]*

++ gnupg-2.1.7.tar.bz2 -> gnupg-2.1.8.tar.bz2 ++
 103829 lines of diff (skipped)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-08-17 15:33:41

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-07-16 
17:18:48.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-08-17 
15:33:42.0 +0200
@@ -1,0 +2,15 @@
+Wed Aug 12 10:58:48 UTC 2015 - astie...@suse.com
+
+- GnuPG 2.1.7:
+ * gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used.
+ * gpg: In the --edit-key menu: Removed the need for toggle, changed
+   how secret keys are indicated, new commands fpr * and grip.
+ * gpg: More fixes related to legacy keys in a keyring.
+ * gpgv: Does now also work with a trustedkeys.kbx file.
+ * scd: Support some feature from the OpenPGP card 3.0 specs.
+ * scd: Improved ECC support
+ * agent: New option --force for the DELETE_KEY command.
+ * Dropped deprecated gpgsm-gencert.sh
+ * Various other bug fixes.
+
+---

Old:

  gnupg-2.1.6.tar.bz2
  gnupg-2.1.6.tar.bz2.sig

New:

  gnupg-2.1.7.tar.bz2
  gnupg-2.1.7.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.ac1BSP/_old  2015-08-17 15:33:43.0 +0200
+++ /var/tmp/diff_new_pack.ac1BSP/_new  2015-08-17 15:33:43.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.6
+Version:2.1.7
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+

++ gnupg-2.1.6.tar.bz2 - gnupg-2.1.7.tar.bz2 ++
 99895 lines of diff (skipped)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-07-16 17:18:47

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-06-24 
20:28:23.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-07-16 
17:18:48.0 +0200
@@ -1,0 +2,31 @@
+Thu Jul  2 14:26:21 UTC 2015 - astie...@suse.com
+
+- do not run checks on ppc64 for now
+
+---
+Wed Jul  1 14:15:28 UTC 2015 - astie...@suse.com
+
+- GnuPG 2.1.6:
+ * agent: New option --verify for the PASSWD command.
+ * gpgsm: Add command option offline as an alternative to
+   --disable-dirmngr.
+ * gpg: Do not prompt multiple times for a password in pinentry
+   loopback mode.
+ * Allow the use of debug category names with --debug.
+ * Using gpg-agent and gpg/gpgsm with different locales will now show
+   the correct translations in Pinentry.
+ * gpg: Improve speed of --list-sigs and --check-sigs.
+ * gpg: Make --list-options show-sig-subpackets work again.
+ * gpg: Fix an export problem for old keyrings with PGP-2 keys.
+ * scd: Support PIN-pads on more readers.
+ * dirmngr: Properly cleanup zombie LDAP helper processes and avoid
+   hangs on dirmngr shutdown.
+ * Various other bug fixes.
+- remove documentation make workaround, fixed upstream
+
+---
+Sun Jun 28 13:14:03 UTC 2015 - sch...@linux-m68k.org
+
+- Enable workaround for missing dependencies everywhere
+
+---

Old:

  gnupg-2.1.5.tar.bz2
  gnupg-2.1.5.tar.bz2.sig

New:

  gnupg-2.1.6.tar.bz2
  gnupg-2.1.6.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.o5Qo5U/_old  2015-07-16 17:18:49.0 +0200
+++ /var/tmp/diff_new_pack.o5Qo5U/_new  2015-07-16 17:18:49.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.5
+Version:2.1.6
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -106,13 +106,6 @@
 --enable-large-secmem \
 --with-gnu-ld
 
-# https://lists.gnupg.org/pipermail/gnupg-devel/2015-June/030018.html
-%if 0%{?suse_version} = 1320
-pushd doc
-make defs.inc
-popd
-%endif
-#
 make %{?_smp_mflags}
 
 %install
@@ -146,8 +139,10 @@
 
 %check
 %if ! 0%{?qemu_user_space_build}
+%ifnarch ppc64
 make check
 %endif
+%endif
 
 %post
 %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz

++ gnupg-2.1.5.tar.bz2 - gnupg-2.1.6.tar.bz2 ++
 75260 lines of diff (skipped)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-06-24 20:28:22

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-06-12 
20:24:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-06-24 
20:28:23.0 +0200
@@ -1,0 +2,6 @@
+Mon Jun 15 13:20:33 UTC 2015 - astie...@suse.com
+
+- fix build with openSUSE 13.2 and earlier, call make to
+  compensate for incorrect documentation dependencies.
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.XHFodm/_old  2015-06-24 20:28:24.0 +0200
+++ /var/tmp/diff_new_pack.XHFodm/_new  2015-06-24 20:28:24.0 +0200
@@ -106,6 +106,13 @@
 --enable-large-secmem \
 --with-gnu-ld
 
+# https://lists.gnupg.org/pipermail/gnupg-devel/2015-June/030018.html
+%if 0%{?suse_version} = 1320
+pushd doc
+make defs.inc
+popd
+%endif
+#
 make %{?_smp_mflags}
 
 %install

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-06-12 20:24:45

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-05-19 
23:28:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-06-12 
20:24:46.0 +0200
@@ -1,0 +2,10 @@
+Thu Jun 11 14:32:09 UTC 2015 - astie...@suse.com
+
+- GnuPG 2.1.5:
+ * Support for an external passphrase cache.
+ * Support for the forthcoming version 3 OpenPGP smartcard.
+ * Manuals now show the actual used file names.
+ * Prepared for improved integration with Emacs.
+ * Code cleanups and minor bug fixes.
+
+---

Old:

  gnupg-2.1.4.tar.bz2
  gnupg-2.1.4.tar.bz2.sig

New:

  gnupg-2.1.5.tar.bz2
  gnupg-2.1.5.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.IQL2sS/_old  2015-06-12 20:24:48.0 +0200
+++ /var/tmp/diff_new_pack.IQL2sS/_new  2015-06-12 20:24:48.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.4
+Version:2.1.5
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+

++ gnupg-2.1.4.tar.bz2 - gnupg-2.1.5.tar.bz2 ++
 61149 lines of diff (skipped)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-05-19 23:28:47

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-05-15 
09:02:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-05-19 
23:28:49.0 +0200
@@ -1,0 +2,5 @@
+Sun May 17 08:24:15 UTC 2015 - meiss...@suse.com
+
+- info deinstall needs to be in %preun
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.lhKSvn/_old  2015-05-19 23:28:50.0 +0200
+++ /var/tmp/diff_new_pack.lhKSvn/_new  2015-05-19 23:28:50.0 +0200
@@ -145,7 +145,7 @@
 %post
 %install_info --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz
 
-%postun
+%preun
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz
 
 %files lang -f gnupg2.lang

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-05-15 09:02:43

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-04-13 
20:29:47.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-05-15 
09:02:46.0 +0200
@@ -1,0 +2,17 @@
+Tue May 12 18:04:36 UTC 2015 - astie...@suse.com
+
+- update to 2.1.4:
+ * gpg: Add command --quick-adduid to non-interacitivly add a new
+   user id to an existing key.
+ * gpg: Do no enable honor-keyserver-url by default.  Make it work
+   if enabled.
+ * gpg: Display the serial number in the --card-staus output again.
+ * agent: Support for external password managers.
+   Add option --no-allow-external-cache.
+ * scdaemon: Improved handling of extended APDUs.
+ * Make HTTP proxies work again.
+ * All network access including DNS as been moved to Dirmngr.
+ * Allow building without LDAP support.
+ * Fixed lots of smaller bugs.
+
+---

Old:

  gnupg-2.1.3.tar.bz2
  gnupg-2.1.3.tar.bz2.sig

New:

  gnupg-2.1.4.tar.bz2
  gnupg-2.1.4.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.6dXdHJ/_old  2015-05-15 09:02:47.0 +0200
+++ /var/tmp/diff_new_pack.6dXdHJ/_new  2015-05-15 09:02:47.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.3
+Version:2.1.4
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+

++ gnupg-2.1.3.tar.bz2 - gnupg-2.1.4.tar.bz2 ++
 194452 lines of diff (skipped)

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-04-13 20:29:46

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-03-27 
09:38:02.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-04-13 
20:29:47.0 +0200
@@ -1,0 +2,30 @@
+Sat Apr 11 18:59:42 UTC 2015 - astie...@suse.com
+
+- update to 2.1.3:
+ * gpg: LDAP keyservers are now supported by 2.1.
+ * gpg: New option --with-icao-spelling.
+ * gpg: New option --print-pka-records.  Changed the PKA method to
+   use CERT records and hashed names.
+ * gpg: New command --list-gcrypt-config.  New parameter curve
+   for --list-config.
+ * gpg: Print a NEWSIG status line like gpgsm always did.
+ * gpg: Print MPI values with --list-packets and --verbose.
+ * gpg: Write correct MPI lengths with ECC keys.
+ * gpg: Skip legacy PGP-2 keys while searching.
+   (drop 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
+now upstream)
+ * gpg: Improved searching for mail addresses when using a keybox.
+ * gpgsm: Changed default algos to AES-128 and SHA-256.
+ * gpgtar: Fixed extracting files with sizes of a multiple of 512.
+ * dirmngr: Fixed SNI handling for hkps pools.
+   (drop hkps-fix-host-name-verification-when-using-pools.patch
+now upstream)
+ * dirmngr: extra-certs and trusted-certs are now always loaded
+   from the sysconfig dir instead of the homedir.
+ * Fixed possible problems due to compiler optimization, two minor
+   regressions, and other bugs.
+- refreshed for context changes:
+  * gnupg-2.0.18-files-are-digests.patch
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+---

Old:

  0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
  gnupg-2.1.2.tar.bz2
  gnupg-2.1.2.tar.bz2.sig
  hkps-fix-host-name-verification-when-using-pools.patch

New:

  gnupg-2.1.3.tar.bz2
  gnupg-2.1.3.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.aFFBcv/_old  2015-04-13 20:29:48.0 +0200
+++ /var/tmp/diff_new_pack.aFFBcv/_new  2015-04-13 20:29:48.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.2
+Version:2.1.3
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -33,8 +33,6 @@
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch15:0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
-Patch16:hkps-fix-host-name-verification-when-using-pools.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  gnutls-devel = 3.0
@@ -82,8 +80,6 @@
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch15 -p1
-%patch16 -p1
 
 %build
 # build PIEs (position independent executables) for address space 
randomisation:

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.aFFBcv/_old  2015-04-13 20:29:48.0 +0200
+++ /var/tmp/diff_new_pack.aFFBcv/_new  2015-04-13 20:29:48.0 +0200
@@ -1,14 +1,14 @@
 ---
  g10/gpg.c |4 +++
  g10/options.h |1 
- g10/sign.c|   66 
+-
- 3 files changed, 66 insertions(+), 5 deletions(-)
+ g10/sign.c|   68 
--
+ 3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.2/g10/gpg.c
+Index: gnupg-2.1.3/g10/gpg.c
 ===
 gnupg-2.1.2.orig/g10/gpg.c
-+++ gnupg-2.1.2/g10/gpg.c
-@@ -349,6 +349,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.3.orig/g10/gpg.c 2015-04-06 14:03:32.0 +0200
 gnupg-2.1.3/g10/gpg.c  2015-04-11 20:45:24.0 +0200
+@@ -352,6 +352,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -730,6 +731,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -738,6 +739,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences,
   personal-compress-preferences, 
@),
ARGPARSE_s_s (oFakedSystemTime, faked-system-time, @),
@@ -24,7 +24,7 @@
  
/* Aliases.  I constantly mistype these, and assume other people do
   as well. */
-@@ -2127,6 +2129,7 @@ main (int argc, char **argv)
+@@ -2148,6 +2150,7 @@ main (int argc, char **argv)
  opt.def_cert_expire = 0;
  set_homedir (default_homedir ());
  opt.passphrase_repeat = 1;
@@ -32,7 +32,7 @@
  

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-03-27 09:38:00

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-03-23 
12:16:23.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-03-27 
09:38:02.0 +0100
@@ -1,0 +2,6 @@
+Mon Mar 23 11:48:24 UTC 2015 - idon...@suse.com
+
+- Add hkps-fix-host-name-verification-when-using-pools.patch to
+  fix hkps support w/ pools. Upstream commit dc10d46.
+
+---

New:

  hkps-fix-host-name-verification-when-using-pools.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.rBpEon/_old  2015-03-27 09:38:03.0 +0100
+++ /var/tmp/diff_new_pack.rBpEon/_new  2015-03-27 09:38:03.0 +0100
@@ -34,6 +34,7 @@
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 Patch15:0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
+Patch16:hkps-fix-host-name-verification-when-using-pools.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  gnutls-devel = 3.0
@@ -82,6 +83,7 @@
 %patch9 -p1
 %patch11 -p1
 %patch15 -p1
+%patch16 -p1
 
 %build
 # build PIEs (position independent executables) for address space 
randomisation:



++ hkps-fix-host-name-verification-when-using-pools.patch ++
From dc10d466bff53821f23d2cb4814c259d40c5d9c5 Mon Sep 17 00:00:00 2001
From: Werner Koch w...@gnupg.org
Date: Thu, 19 Mar 2015 15:37:05 +0100
Subject: [PATCH] hkps: Fix host name verification when using pools.

* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--

GnuPG-bug-id: 1792

Thanks to davidw for figuring out the problem.

Signed-off-by: Werner Koch w...@gnupg.org
---
 common/http.c   |  6 --
 dirmngr/ks-engine-hkp.c | 25 ++---
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/common/http.c b/common/http.c
index 50c0692..12e3fcb 100644
--- a/common/http.c
+++ b/common/http.c
@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char 
*auth,
 }
 
 # if HTTP_USE_NTBTLS
-  err = ntbtls_set_hostname (hd-session-tls_session, server);
+  err = ntbtls_set_hostname (hd-session-tls_session,
+ hd-session-servername);
   if (err)
 {
   log_info (ntbtls_set_hostname failed: %s\n, gpg_strerror (err));
@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char 
*auth,
 # elif HTTP_USE_GNUTLS
   rc = gnutls_server_name_set (hd-session-tls_session,
GNUTLS_NAME_DNS,
-   server, strlen (server));
+   hd-session-servername,
+   strlen (hd-session-servername));
   if (rc  0)
 log_info (gnutls_server_name_set failed: %s\n, gnutls_strerror (rc));
 # endif /*HTTP_USE_GNUTLS*/
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index ea607cb..0568094 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int 
force_reselect,
   hi = hosttable[idx];
   if (hi-pool)
 {
+  /* Deal with the pool name before selecting a host. */
+  if (r_poolname  hi-cname)
+{
+  *r_poolname = xtrystrdup (hi-cname);
+  if (!*r_poolname)
+return gpg_error_from_syserror ();
+}
+
   /* If the currently selected host is now marked dead, force a
  re-selection .  */
   if (force_reselect)
@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int 
force_reselect,
   if (hi-poolidx == -1)
 {
   log_error (no alive host found in pool '%s'\n, name);
+  if (r_poolname)
+{
+  xfree (*r_poolname);
+  *r_poolname = NULL;
+}
   return gpg_error (GPG_ERR_NO_KEYSERVER);
 }
 }
@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int 
force_reselect,
   if (hi-dead)
 {
   log_error (host '%s' marked as dead\n, hi-name);
+  if (r_poolname)
+{
+  xfree (*r_poolname);
+  *r_poolname = NULL;
+}
   return gpg_error (GPG_ERR_NO_KEYSERVER);
 }
 
@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int 
force_reselect,
 *r_httpflags |= 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-03-23 12:16:22

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-03-01 
14:52:10.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-03-23 
12:16:23.0 +0100
@@ -1,0 +2,9 @@
+Thu Mar 19 15:56:12 UTC 2015 - astie...@suse.com
+
+- Ensure secure memory can be used with default 64k memlock limit
+  Fixes [boo#915931], removes gnupg-large_keys.patch
+- Removed gnupg-remove_development_version_warning.patch, obsolete
+- Removed gnupg-2.0.4-install_tools.diff, replaced by spec install
+- Removed autoconf requirement and autoreconf calls thus obsoleted
+
+---

Old:

  gnupg-2.0.4-install_tools.diff
  gnupg-large_keys.patch
  gnupg-remove_development_version_warning.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.ivuJ8t/_old  2015-03-23 12:16:24.0 +0100
+++ /var/tmp/diff_new_pack.ivuJ8t/_new  2015-03-23 12:16:24.0 +0100
@@ -27,17 +27,13 @@
 Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 # https://www.gnupg.org/signature_key.html
 Source3:%{name}.keyring
-Patch2: gnupg-2.0.4-install_tools.diff
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-2.0.18-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:gnupg-remove_development_version_warning.patch
-Patch14:gnupg-large_keys.patch
 Patch15:0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
-BuildRequires:  automake = 1.14
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  gnutls-devel = 3.0
@@ -79,19 +75,15 @@
 
 %prep
 %setup -q -n gnupg-%{version}
-%patch2
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
-%patch14 -p1
 %patch15 -p1
 
 %build
-autoreconf -fi
 # build PIEs (position independent executables) for address space 
randomisation:
 %ifarch s390x %{sparc}
 # s390x needs to use the large PIE model (at least for gpg.c):
@@ -138,6 +130,10 @@
 # install scdaemon to %{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
+# install legacy tools
+install -m 755 tools/gpg-zip %{buildroot}/%{_bindir}
+install -m 755 tools/gpgsplit %{buildroot}/%{_bindir}
+
 %find_lang gnupg2
 %if 0%{?suse_version}  1020
 %fdupes %{buildroot}



-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-03-01 14:52:09

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-02-14 
13:54:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-03-01 
14:52:10.0 +0100
@@ -1,0 +2,6 @@
+Tue Feb 24 08:10:22 UTC 2015 - astie...@suse.com
+
+- Fix invalid packet read error when reading keyrings [boo#914625]
+  add 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
+
+---

New:

  0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.mREGL8/_old  2015-03-01 14:52:11.0 +0100
+++ /var/tmp/diff_new_pack.mREGL8/_new  2015-03-01 14:52:11.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,6 +36,7 @@
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:gnupg-remove_development_version_warning.patch
 Patch14:gnupg-large_keys.patch
+Patch15:0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
 BuildRequires:  automake = 1.14
 BuildRequires:  expect
 BuildRequires:  fdupes
@@ -87,6 +88,7 @@
 %patch11 -p1
 %patch12 -p1
 %patch14 -p1
+%patch15 -p1
 
 %build
 autoreconf -fi

++ 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch ++
From a8116aacd91b7e775762a62c268fab6cc3c77438 Mon Sep 17 00:00:00 2001
From: Werner Koch w...@gnupg.org
Date: Mon, 23 Feb 2015 16:37:57 +0100
Subject: [PATCH] gpg: Skip legacy keys while searching keyrings.

* g10/getkey.c (search_modes_are_fingerprint): New.
(lookup): Skip over legacy keys.
--

GnuPG-bug-id: 1847
Signed-off-by: Werner Koch w...@gnupg.org
---
 g10/getkey.c | 39 +--
 1 file changed, 37 insertions(+), 2 deletions(-)

diff --git a/g10/getkey.c b/g10/getkey.c
index 76ee493..116753c 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -2525,6 +2525,29 @@ found:
 }
 
 
+/* Return true if all the search modes are fingerprints.  */
+static int
+search_modes_are_fingerprint (getkey_ctx_t ctx)
+{
+  size_t n, found;
+
+  for (n=found=0; n  ctx-nitems; n++)
+{
+  switch (ctx-items[n].mode)
+{
+case KEYDB_SEARCH_MODE_FPR16:
+case KEYDB_SEARCH_MODE_FPR20:
+case KEYDB_SEARCH_MODE_FPR:
+  found++;
+  break;
+default:
+  break;
+}
+}
+  return found  found == ctx-nitems;
+}
+
+
 /* The main function to lookup a key.  On success the found keyblock
is stored at RET_KEYBLOCK and also in CTX.  If WANT_SECRET is true
a corresponding secret key is required.  */
@@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int 
want_secret)
   int rc;
   int no_suitable_key = 0;
 
-  rc = 0;
-  while (!(rc = keydb_search (ctx-kr_handle, ctx-items, ctx-nitems, NULL)))
+  for (;;)
 {
+  rc = keydb_search (ctx-kr_handle, ctx-items, ctx-nitems, NULL);
+  /* Skip over all legacy keys but only if they are not requested
+ by fingerprints.
+ Fixme: The lower level keydb code should actually do that but
+ then it would be harder to report the number of skipped
+ legacy keys during import. */
+  if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
+   !(ctx-nitems  ctx-items-mode == KEYDB_SEARCH_MODE_FIRST)
+   !search_modes_are_fingerprint (ctx))
+continue;
+  if (rc)
+break;
+
   /* If we are searching for the first key we have to make sure
  that the next iteration does not do an implicit reset.
  This can be triggered by an empty key ring. */
-- 
2.1.4



-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-02-14 13:54:21

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2015-01-21 
21:50:37.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-02-14 
13:54:24.0 +0100
@@ -1,0 +2,26 @@
+Wed Feb 11 21:48:13 UTC 2015 - astie...@suse.com
+
+- update to 2.1.2:
+ * gpg: The parameter 'Passphrase' for batch key generation works
+   again.
+ * gpg: Using a passphrase option in batch mode now has the
+   expected effect on --quick-gen-key.
+ * gpg: Improved reporting of unsupported PGP-2 keys.
+ * gpg: Added support for algo names when generating keys using
+   --command-fd.
+ * gpg: Fixed DoS based on bogus and overlong key packets.
+ * agent: When setting --default-cache-ttl the value
+   for --max-cache-ttl is adjusted to be not lower than the former.
+ * agent: Fixed problems with the new --extra-socket.
+ * agent: Made --allow-loopback-pinentry changeable with gpgconf.
+ * agent: Fixed importing of unprotected openpgp keys.
+ * agent: Now tries to use a fallback pinentry if the standard
+   pinentry is not installed.
+ * scd: Added support for ECDH.
+ * Fixed several bugs related to bogus keyrings and improved some
+   other code.
+- in gnupg-2.0.18-files-are-digests.patch, change buffer_to_u32 to
+  buf32_to_u32 from host2net.h to match upstream changes
+- now requires automake 1.14
+
+---

Old:

  gnupg-2.1.1.tar.bz2
  gnupg-2.1.1.tar.bz2.sig

New:

  gnupg-2.1.2.tar.bz2
  gnupg-2.1.2.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.B36gId/_old  2015-02-14 13:54:25.0 +0100
+++ /var/tmp/diff_new_pack.B36gId/_new  2015-02-14 13:54:25.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.1
+Version:2.1.2
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -36,7 +36,7 @@
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:gnupg-remove_development_version_warning.patch
 Patch14:gnupg-large_keys.patch
-BuildRequires:  automake = 1.10
+BuildRequires:  automake = 1.14
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  gnutls-devel = 3.0

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.B36gId/_old  2015-02-14 13:54:25.0 +0100
+++ /var/tmp/diff_new_pack.B36gId/_new  2015-02-14 13:54:25.0 +0100
@@ -4,10 +4,10 @@
  g10/sign.c|   66 
+-
  3 files changed, 66 insertions(+), 5 deletions(-)
 
-Index: gnupg-2.1.1/g10/gpg.c
+Index: gnupg-2.1.2/g10/gpg.c
 ===
 gnupg-2.1.1.orig/g10/gpg.c
-+++ gnupg-2.1.1/g10/gpg.c
+--- gnupg-2.1.2.orig/g10/gpg.c
 gnupg-2.1.2/g10/gpg.c
 @@ -349,6 +349,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
@@ -24,7 +24,7 @@
  
/* Aliases.  I constantly mistype these, and assume other people do
   as well. */
-@@ -2125,6 +2127,7 @@ main (int argc, char **argv)
+@@ -2127,6 +2129,7 @@ main (int argc, char **argv)
  opt.def_cert_expire = 0;
  set_homedir (default_homedir ());
  opt.passphrase_repeat = 1;
@@ -32,7 +32,7 @@
  opt.emit_version = 1; /* Limit to the major number.  */
  
  /* Check whether we have a config file on the command line.  */
-@@ -2630,6 +2633,7 @@ main (int argc, char **argv)
+@@ -2632,6 +2635,7 @@ main (int argc, char **argv)
opt.verify_options=~VERIFY_SHOW_PHOTOS;
break;
  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@@ -40,10 +40,10 @@
  
  case oForceMDC: opt.force_mdc = 1; break;
  case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.1/g10/options.h
+Index: gnupg-2.1.2/g10/options.h
 ===
 gnupg-2.1.1.orig/g10/options.h
-+++ gnupg-2.1.1/g10/options.h
+--- gnupg-2.1.2.orig/g10/options.h
 gnupg-2.1.2/g10/options.h
 @@ -192,6 +192,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
@@ -52,10 +52,19 @@
struct groupitem *grouplist;
int 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2015-01-21 21:50:33

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-12-29 
00:32:01.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2015-01-21 
21:50:37.0 +0100
@@ -1,0 +2,36 @@
+Fri Dec 26 21:15:55 UTC 2014 - andreas.stie...@gmx.de
+
+- update to 2.1.1:
+  * gpg: Detect faulty use of --verify on detached signatures.
+  * gpg: New import option keep-ownertrust.
+  * gpg: New sub-command factory-reset for --card-edit.
+  * gpg: A stub key for smartcards is now created by --card-status.
+  * gpg: Fixed regression in --refresh-keys.
+  * gpg: Fixed regresion in %g and %p codes for --sig-notation.
+  * gpg: Fixed best matching hash algo detection for ECDSA and EdDSA.
+  * gpg: Improved perceived speed of secret key listisngs.
+  * gpg: Print number of skipped PGP-2 keys on import.
+  * gpg: Removed the option aliases --throw-keyid and --notation-data;
+use --throw-keyids and --set-notation instead.
+  * gpg: New import option keep-ownertrust.
+  * gpg: Skip too large keys during import.
+  * gpg,gpgsm: New option --no-autostart to avoid starting gpg-agent or
+dirmngr.
+  * gpg-agent: New option --extra-socket to provide a restricted
+command set for use with remote clients.
+  * gpgconf --kill does not anymore start a service only to kill it.
+  * gpg-pconnect-agent: Add convenience option --uiserver.
+  * More translations (but most of them are not complete).
+  * To support remotely mounted home directories, the IPC sockets may
+now be redirected.  This feature requires Libassuan 2.2.0.
+  * Improved portability and the usual bunch of bug fixes.
+- removed patch not part of upstream release:
+gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
+- refresh for context changes:
+gnupg-2.0.18-files-are-digests.patch
+gnupg-2.0.4-install_tools.diff
+- refresh for upstream code changes:
+gnupg-add_legacy_FIPS_mode_option.patch
+gnupg-detect_FIPS_mode.patch (MD5 removed)
+
+---

Old:

  gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
  gnupg-2.1.0.tar.bz2
  gnupg-2.1.0.tar.bz2.sig

New:

  gnupg-2.1.1.tar.bz2
  gnupg-2.1.1.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.6urktz/_old  2015-01-21 21:50:39.0 +0100
+++ /var/tmp/diff_new_pack.6urktz/_new  2015-01-21 21:50:39.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.1.0
+Version:2.1.1
 Release:0
 Summary:GnuPG 2
 License:GPL-3.0+
@@ -35,7 +35,6 @@
 Patch9: gnupg-detect_FIPS_mode.patch
 Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:gnupg-remove_development_version_warning.patch
-Patch13:gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
 Patch14:gnupg-large_keys.patch
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
@@ -48,7 +47,7 @@
 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions 
GCRYCTL_INACTIVATE_FIPS_FLAG
 # raising gcrypt requirement from 1.4.0
 BuildRequires:  libgcrypt-devel = 1.6.1
-BuildRequires:  libgpg-error-devel = 1.15
+BuildRequires:  libgpg-error-devel = 1.16
 BuildRequires:  libksba-devel = 1.2.0
 BuildRequires:  libusb-devel
 BuildRequires:  makeinfo
@@ -87,7 +86,6 @@
 %patch9 -p1
 %patch11 -p1
 %patch12 -p1
-%patch13 -p1
 %patch14 -p1
 
 %build

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.6urktz/_old  2015-01-21 21:50:39.0 +0100
+++ /var/tmp/diff_new_pack.6urktz/_new  2015-01-21 21:50:39.0 +0100
@@ -4,10 +4,10 @@
  g10/sign.c|   66 
+-
  3 files changed, 66 insertions(+), 5 deletions(-)
 
-Index: gnupg-2.1.0/g10/gpg.c
+Index: gnupg-2.1.1/g10/gpg.c
 ===
 gnupg-2.1.0.orig/g10/gpg.c 2014-11-07 11:35:21.599605797 +0100
-+++ gnupg-2.1.0/g10/gpg.c  2014-11-07 16:50:14.742067262 +0100
+--- gnupg-2.1.1.orig/g10/gpg.c
 gnupg-2.1.1/g10/gpg.c
 @@ -349,6 +349,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
@@ -16,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -733,6 +734,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -730,6 +731,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalCompressPreferences,
   personal-compress-preferences, 
@),
ARGPARSE_s_s 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-12-16 14:50:42

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-12-09 
09:13:29.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-12-16 
14:50:24.0 +0100
@@ -1,0 +2,5 @@
+Wed Dec  3 22:37:59 UTC 2014 - andreas.stie...@gmx.de
+
+- update build requirement versions that changed with 2.1.0
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.f7k0XN/_old  2014-12-16 14:50:28.0 +0100
+++ /var/tmp/diff_new_pack.f7k0XN/_new  2014-12-16 14:50:28.0 +0100
@@ -39,19 +39,19 @@
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
 BuildRequires:  fdupes
-BuildRequires:  gnutls-devel
+BuildRequires:  gnutls-devel = 3.0
 BuildRequires:  libadns-devel
-BuildRequires:  libassuan-devel = 2.0.0
+BuildRequires:  libassuan-devel = 2.1.0
 BuildRequires:  libbz2-devel
 BuildRequires:  libcurl-devel = 7.10
 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions 
GCRYCTL_INACTIVATE_FIPS_FLAG
 # raising gcrypt requirement from 1.4.0
 BuildRequires:  libgcrypt-devel = 1.6.1
-BuildRequires:  libgpg-error-devel = 1.11
-BuildRequires:  libksba-devel = 1.0.7
+BuildRequires:  libgpg-error-devel = 1.15
+BuildRequires:  libksba-devel = 1.2.0
 BuildRequires:  libusb-devel
 BuildRequires:  makeinfo
-BuildRequires:  npth-devel
+BuildRequires:  npth-devel = 0.91
 BuildRequires:  openldap2-devel
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel



-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-12-09 09:13:50

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-08-15 
09:58:17.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-12-09 
09:13:29.0 +0100
@@ -1,0 +2,56 @@
+Wed Nov 26 19:21:15 UTC 2014 - andreas.stie...@gmx.de
+
+- fix buffer overflow in OID to string conversion function
+  [boo#907198], adding
+  gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
+
+---
+Tue Nov 11 16:10:04 UTC 2014 - vci...@suse.com
+
+- obsolete dirmngr (shipped with gpg since 2.1.0)
+- spec cleanup after previous update
+- get rid of THIS IS A DEVELOPMENT VERSION warning
+  http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
+  * added gnupg-remove_development_version_warning.patch
+
+---
+Thu Nov  6 17:32:39 UTC 2014 - vci...@suse.com
+
+- upgrade to 2.1.0 (modern)
+  - The file secring.gpg is not anymore used to store the secret
+keys.  Merging of secret keys is now supported.
+  - All support for PGP-2 keys has been removed for security reasons.
+  - The standard key generation interface is now much leaner.  This
+will help a new user to quickly generate a suitable key.
+  - Support for Elliptic Curve Cryptography (ECC) is now available.
+  - Commands to create and sign keys from the command line without any
+extra prompts are now available.
+  - The Pinentry may now show the new passphrase entry and the
+passphrase confirmation entry in one dialog.
+  - There is no more need to manually start the gpg-agent.  It is now
+started by any part of GnuPG as needed.
+  - Problems with importing keys with the same long key id have been
+addressed.
+  - The Dirmngr is now part of GnuPG proper and also takes care of
+accessing keyserver.
+  - Keyserver pools are now handled in a smarter way.
+  - A new format for locally storing the public keys is now used.
+This considerable speeds up operations on large keyrings.
+  - Revocation certificates are now created by default.
+  - Card support has been updated, new readers and token types are
+supported.
+  - The format of the key listing has been changed to better identify
+the properties of a key.
+  - The gpg-agent may now be used on Windows as a Pageant replacement
+for Putty in the same way it is used for years on Unix as
+ssh-agent replacement.
+  - Creation of X.509 certificates has been improved.  It is now also
+possible to export them directly in PKCS#8 and PEM format for use
+on TLS servers.
+- dropped patches:
+  * gnupg-2.0.20-automake113.diff
+  * gnupg-2.0.18-tmpdir.diff (socket is created in homedir now)
+- refresh most of the remaining patches
+- added new BuildRequires: gnutls-devel, pkg-config, npth-devel
+
+---

Old:

  gnupg-2.0.18-tmpdir.diff
  gnupg-2.0.20-automake113.diff
  gnupg-2.0.26.tar.bz2
  gnupg-2.0.26.tar.bz2.sig

New:

  gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
  gnupg-2.1.0.tar.bz2
  gnupg-2.1.0.tar.bz2.sig
  gnupg-remove_development_version_warning.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.bHPm0h/_old  2014-12-09 09:13:30.0 +0100
+++ /var/tmp/diff_new_pack.bHPm0h/_new  2014-12-09 09:13:30.0 +0100
@@ -17,11 +17,29 @@
 
 
 Name:   gpg2
-Version:2.0.26
+Version:2.1.0
 Release:0
+Summary:GnuPG 2
+License:GPL-3.0+
+Group:  Productivity/Networking/Security
+Url:http://www.gnupg.org/aegypten2/
+Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
+Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
+# https://www.gnupg.org/signature_key.html
+Source3:%{name}.keyring
+Patch2: gnupg-2.0.4-install_tools.diff
+Patch4: gnupg-2.0.9-langinfo.patch
+Patch5: gnupg-2.0.18-files-are-digests.patch
+Patch6: gnupg-dont-fail-with-seahorse-agent.patch
+Patch8: gnupg-set_umask_before_open_outfile.patch
+Patch9: gnupg-detect_FIPS_mode.patch
+Patch11:gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:gnupg-remove_development_version_warning.patch
+Patch13:gnupg-2.1.0-boo-907198-openpgp_oid_to_str-buffer-overflow.patch
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
 BuildRequires:  fdupes

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-08-15 09:58:15

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-07-08 
13:01:51.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-08-15 
09:58:17.0 +0200
@@ -1,0 +2,12 @@
+Tue Aug 12 20:19:45 UTC 2014 - andreas.stie...@gmx.de
+
+- update to 2.0.26:
+ * gpg: Fix a regression in 2.0.24 if a subkey id is given
+   to --recv-keys et al.
+ * gpg: Cap attribute packets at 16MB.
+ * gpgsm: Auto-create the .gnupg home directory in the same
+   way gpg does.
+ * scdaemon: Allow for certificates  1024 when using PC/SC.
+- remove URL from package keyring, upstream file metadata changes
+
+---

Old:

  gnupg-2.0.25.tar.bz2
  gnupg-2.0.25.tar.bz2.sig

New:

  gnupg-2.0.26.tar.bz2
  gnupg-2.0.26.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.SqOuPs/_old  2014-08-15 09:58:19.0 +0200
+++ /var/tmp/diff_new_pack.SqOuPs/_new  2014-08-15 09:58:19.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.0.25
+Version:2.0.26
 Release:0
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
@@ -57,7 +57,8 @@
 Group:  Productivity/Networking/Security
 Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
 Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
-Source3:https://www.gnupg.org/signature_key.html#/%{name}.keyring
+# https://www.gnupg.org/signature_key.html
+Source3:%{name}.keyring
 Patch1: gnupg-2.0.18-tmpdir.diff
 Patch2: gnupg-2.0.4-install_tools.diff
 Patch4: gnupg-2.0.9-langinfo.patch

++ gnupg-2.0.25.tar.bz2 - gnupg-2.0.26.tar.bz2 ++
 27611 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-07-08 13:01:50

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-06-25 
21:20:02.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-07-08 
13:01:51.0 +0200
@@ -1,0 +2,20 @@
+Tue Jul  1 21:05:55 UTC 2014 - andreas.stie...@gmx.de
+
+- gnupg-add_legacy_FIPS_mode_option.patch (part of [bnc#856312])
+  mentions GCRYCTL_INACTIVATE_FIPS_FLAG, raising the requirement
+  for gcrypt from 1.4.0 (from configure) to 1.6.1 where said flag
+  was introduced. Require this version to build.
+
+---
+Mon Jun 30 18:52:36 UTC 2014 - andreas.stie...@gmx.de
+
+- update to 2.0.25:
+ * gpg: Fix a regression in 2.0.24 if more than one keyid is given
+   to --recv-keys et al.
+ * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended
+   key generation.
+ * gpgsm: Fix a DISPLAY related problem with
+   --export-secret-key-p12.
+ * scdaemon: Support reader Gemalto IDBridge CT30.
+
+---

Old:

  gnupg-2.0.24.tar.bz2
  gnupg-2.0.24.tar.bz2.sig

New:

  gnupg-2.0.25.tar.bz2
  gnupg-2.0.25.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.6gvmZ1/_old  2014-07-08 13:01:53.0 +0200
+++ /var/tmp/diff_new_pack.6gvmZ1/_new  2014-07-08 13:01:53.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.0.24
+Version:2.0.25
 Release:0
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
@@ -26,7 +26,9 @@
 BuildRequires:  libassuan-devel = 2.0.0
 BuildRequires:  libbz2-devel
 BuildRequires:  libcurl-devel = 7.10
-BuildRequires:  libgcrypt-devel = 1.4.0
+# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions 
GCRYCTL_INACTIVATE_FIPS_FLAG
+# raising gcrypt requirement from 1.4.0
+BuildRequires:  libgcrypt-devel = 1.6.1
 BuildRequires:  libgpg-error-devel = 1.11
 BuildRequires:  libksba-devel = 1.0.7
 BuildRequires:  libusb-devel

++ gnupg-2.0.24.tar.bz2 - gnupg-2.0.25.tar.bz2 ++
 28845 lines of diff (skipped)


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-06-25 21:19:59

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-06-18 
10:59:13.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-06-25 
21:20:02.0 +0200
@@ -1,0 +2,18 @@
+Tue Jun 24 22:25:12 UTC 2014 - andreas.stie...@gmx.de
+
+- update to 2.0.24
+  Contains a security fix to stop a possible DoS using garbled
+  compressed data packets which can be used to put gpg into an
+  infinite loop. [bnc#884130] [CVE-2014-4617]
+  * gpg: Avoid DoS due to garbled compressed data packets.
+- further:
+  * gpg: Screen keyserver responses to avoid importing unwanted
+keys from rogue servers.
+  * gpg: The validity of user ids is now shown by default. To
+revert this add list-options no-show-uid-validity to gpg.conf
+  * gpg: Print more specific reason codes with the INV_RECP status.
+  * gpg: Allow loading of a cert only key to an OpenPGP card.
+  * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt
+1.6.
+
+---

Old:

  gnupg-2.0.23.tar.bz2
  gnupg-2.0.23.tar.bz2.sig

New:

  gnupg-2.0.24.tar.bz2
  gnupg-2.0.24.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.leYkxV/_old  2014-06-25 21:20:04.0 +0200
+++ /var/tmp/diff_new_pack.leYkxV/_new  2014-06-25 21:20:04.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.0.23
+Version:2.0.24
 Release:0
 BuildRequires:  automake = 1.10
 BuildRequires:  expect

++ gnupg-2.0.23.tar.bz2 - gnupg-2.0.24.tar.bz2 ++
 52425 lines of diff (skipped)

++ gpg2.keyring ++
--- /var/tmp/diff_new_pack.leYkxV/_old  2014-06-25 21:20:06.0 +0200
+++ /var/tmp/diff_new_pack.leYkxV/_new  2014-06-25 21:20:06.0 +0200
@@ -7,7 +7,7 @@
 meta http-equiv=Content-Type content=text/html;charset=utf-8/
 meta name=title content=GnuPG - Signature Key/
 meta name=generator content=Org-mode/
-meta name=generated content=㢛/
+meta name=generated content=㢰/
 meta name=author content=Werner Koch/
 meta name=description content=/
 meta name=keywords content=/

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-06-18 10:59:08

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-05-02 
19:21:28.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-06-18 
10:59:13.0 +0200
@@ -1,0 +2,28 @@
+Tue Jun  3 21:55:34 UTC 2014 - andreas.stie...@gmx.de
+
+- update to 2.0.23:
+ * gpg: Reject signatures made using the MD5 hash algorithm unless the
+   new option --allow-weak-digest-algos or --pgp2 are given.
+ * gpg: Do not create a trustdb file if --trust-model=always is used.
+ * gpg: Only the major version number is by default included in the
+   armored output.
+ * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
+   communication with the gpg-agent.
+ * gpg: The format of the fallback key listing (gpg KEYFILE) is now more
+   aligned to the regular key listing (gpg -k).
+ * gpg: The option--show-session-key prints its output now before the
+   decryption of the bulk message starts.
+ * gpg: New %U expando for the photo viewer.
+ * gpgsm: Improved handling of re-issued CA certificates.
+ * scdaemon: Various fixes for pinpad equipped card readers.
+ * Minor bug fixes.
+- Packaging changes:
+  * add gpgtar utility
+  * update and use use source URL for tarball signing key
+  * removed gnupg-2.0.9-RSA_ES.patch, applied upstream
+  * updated for context changes:
+gnupg-add_legacy_FIPS_mode_option.patch
+gnupg-2.0.18-files-are-digests.patch
+gnupg-dont-fail-with-seahorse-agent.patch
+
+---

Old:

  gnupg-2.0.22.tar.bz2
  gnupg-2.0.22.tar.bz2.sig
  gnupg-2.0.9-RSA_ES.patch

New:

  gnupg-2.0.23.tar.bz2
  gnupg-2.0.23.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.W9rP5m/_old  2014-06-18 10:59:14.0 +0200
+++ /var/tmp/diff_new_pack.W9rP5m/_new  2014-06-18 10:59:14.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.0.22
+Version:2.0.23
 Release:0
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
@@ -55,9 +55,9 @@
 Group:  Productivity/Networking/Security
 Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
 Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
+Source3:https://www.gnupg.org/signature_key.html#/%{name}.keyring
 Patch1: gnupg-2.0.18-tmpdir.diff
 Patch2: gnupg-2.0.4-install_tools.diff
-Patch3: gnupg-2.0.9-RSA_ES.patch
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-2.0.18-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
@@ -78,7 +78,6 @@
 %setup  -q -n gnupg-%version
 %patch1 -p1
 %patch2
-%patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
@@ -108,6 +107,7 @@
 --enable-ldap \
 --enable-gpgsm=yes \
 --enable-gpg \
+--enable-gpgtar \
 --with-gnu-ld
 
 make %{?_smp_mflags}

++ gnupg-2.0.18-files-are-digests.patch ++
--- /var/tmp/diff_new_pack.W9rP5m/_old  2014-06-18 10:59:14.0 +0200
+++ /var/tmp/diff_new_pack.W9rP5m/_new  2014-06-18 10:59:14.0 +0200
@@ -1,7 +1,14 @@
-diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c
 gnupg-2.0.18.orig/g10/gpg.c2011-07-22 13:00:44.0 +0100
-+++ gnupg-2.0.18/g10/gpg.c 2011-08-06 21:07:32.0 +0100
-@@ -341,6 +341,7 @@ enum cmd_and_opt_values
+---
+ g10/gpg.c |4 +++
+ g10/options.h |1 
+ g10/sign.c|   66 
+-
+ 3 files changed, 66 insertions(+), 5 deletions(-)
+
+Index: gnupg-2.0.23/g10/gpg.c
+===
+--- gnupg-2.0.23.orig/g10/gpg.c2014-06-03 22:36:44.0 +0100
 gnupg-2.0.23/g10/gpg.c 2014-06-03 22:36:55.0 +0100
+@@ -345,6 +345,7 @@ enum cmd_and_opt_values
  oTTYtype,
  oLCctype,
  oLCmessages,
@@ -9,7 +16,7 @@
  oXauthority,
  oGroup,
  oUnGroup,
-@@ -706,6 +707,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPersonalDigestPreferences, 
personal-digest-preferences,@),
ARGPARSE_s_s (oPersonalCompressPreferences,
   personal-compress-preferences, 
@),
@@ -17,15 +24,15 @@
  
/* Aliases.  I constantly mistype these, and assume other people do
   as well. */
-@@ -1996,6 +1998,7 @@ main (int argc, char **argv)
+@@ -2001,6 +2003,7 @@ main (int argc, char **argv)
  

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-05-02 19:21:25

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2014-02-17 
07:18:18.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-05-02 
19:21:28.0 +0200
@@ -1,0 +2,10 @@
+Tue Apr 29 12:06:03 UTC 2014 - vci...@suse.com
+
+- add patch by Stephan Mueller which adds an option to enable
+  legacy ciphers in FIPS mode
+  * added gnupg-add_legacy_FIPS_mode_option.patch
+  (part of bnc#856312)
+- added BuildRequires: makeinfo (to build info pages from the
+  patched gnupg.texi)
+
+---

New:

  gnupg-add_legacy_FIPS_mode_option.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.WbRPY0/_old  2014-05-02 19:21:28.0 +0200
+++ /var/tmp/diff_new_pack.WbRPY0/_new  2014-05-02 19:21:28.0 +0200
@@ -30,6 +30,7 @@
 BuildRequires:  libgpg-error-devel = 1.11
 BuildRequires:  libksba-devel = 1.0.7
 BuildRequires:  libusb-devel
+BuildRequires:  makeinfo
 BuildRequires:  openldap2-devel
 BuildRequires:  readline-devel
 BuildRequires:  zlib-devel
@@ -64,6 +65,7 @@
 Patch9: gnupg-detect_FIPS_mode.patch
 # PATCH-FIX-OPENSUSE co...@suse.de -- automake 1.13 already includes $SHELL
 Patch10:gnupg-2.0.20-automake113.diff
+Patch11:gnupg-add_legacy_FIPS_mode_option.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
@@ -83,6 +85,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 %build
 autoreconf -fi


++ gnupg-add_legacy_FIPS_mode_option.patch ++
Index: gnupg-2.0.22/doc/gpg.texi
===
--- gnupg-2.0.22.orig/doc/gpg.texi  2013-10-04 19:08:32.0 +0200
+++ gnupg-2.0.22/doc/gpg.texi   2014-04-30 12:42:35.129468147 +0200
@@ -1795,6 +1795,24 @@ implies, this option is for experts only
 understand the implications of what it allows you to do, leave this
 off. @option{--no-expert} disables this option.
 
+@item --set-legacy-fips
+@itemx --set-legacy-fips
+@opindex set-legacy-fips
+Enable legacy support even when the libgcrypt library is in FIPS 140-2
+mode. The legacy mode of libgcrypt allows the use of all ciphers,
+including non-approved ciphers. This mode is needed when for legacy
+reasons a message must be encrypted or decrypted. Legacy reasons for
+decryptions include the decryption of old messages created with a
+public key that use cipher settings which do not meet FIPS 140-2
+requirements. Legacy reasons for encryption include the encryption
+of messages with a recipients public key where the recipient is not
+bound to FIPS 140-2 regulation and therefore provided a key using
+non-approved ciphers. Although the legacy mode is a violation of strict
+FIPS 140-2 rule interpretations, it is wise to use this mode or
+either not being able to access old messages or not being able
+to create encrypted messages to a recipient that is not adhering
+to FIPS 140-2 rules.
+
 @end table
 
 
Index: gnupg-2.0.22/g10/gpg.c
===
--- gnupg-2.0.22.orig/g10/gpg.c 2014-04-30 12:42:35.117468014 +0200
+++ gnupg-2.0.22/g10/gpg.c  2014-04-30 12:42:35.129468147 +0200
@@ -368,6 +368,7 @@ enum cmd_and_opt_values
 oDisableDSA2,
 oAllowMultipleMessages,
 oNoAllowMultipleMessages,
+oSetLegacyFips,
 
 oNoop
   };
@@ -744,6 +745,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oDisableDSA2, disable-dsa2, @),
   ARGPARSE_s_n (oAllowMultipleMessages,  allow-multiple-messages, @),
   ARGPARSE_s_n (oNoAllowMultipleMessages, no-allow-multiple-messages, @),
+  ARGPARSE_s_n (oSetLegacyFips, set-legacy-fips, @),
 
   /* These two are aliases to help users of the PGP command line
  product use gpg with minimal pain.  Many commands are common
@@ -2948,6 +2950,13 @@ main (int argc, char **argv)
opt.flags.allow_multiple_messages=0;
break;
 
+ case oSetLegacyFips:
+   if(gcry_fips_mode_active())
+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, Enable legacy 
support in FIPS 140-2 mode);
+   else
+ log_info (Command set-legacy-fips ignored as libgcrypt is not in 
FIPS mode\n);
+   break;
+
  case oNoop: break;
 
  default:
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2014-02-17 07:18:17

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-10-06 
14:52:48.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2014-02-17 
07:18:18.0 +0100
@@ -1,0 +2,5 @@
+Fri Feb 14 16:14:14 UTC 2014 - vci...@suse.com
+
+- install scdaemon to /usr/bin (bnc#863645)
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.jjeKza/_old  2014-02-17 07:18:18.0 +0100
+++ /var/tmp/diff_new_pack.jjeKza/_new  2014-02-17 07:18:18.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -126,6 +126,8 @@
 rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot
 # additional files to documentation directory
 install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ 
$RPM_BUILD_ROOT/%{_docdir}/%{name}
+# install scdaemon to %{_bindir} (bnc#863645)
+mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 %find_lang gnupg2
 %if 0%{?suse_version}  1020
 %fdupes %buildroot


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-10-06 14:52:46

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-09-17 
15:02:37.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-10-06 
14:52:48.0 +0200
@@ -1,0 +2,11 @@
+Sat Oct  5 11:44:42 UTC 2013 - andreas.stie...@gmx.de
+
+- update to 2.0.22 [bnc#844175]
+  * Fixed possible infinite recursion in the compressed packet
+parser. [CVE-2013-4402]
+  * Improved support for some card readers.
+  * Prepared building with the forthcoming Libgcrypt 1.6.
+  * Protect against rogue keyservers sending secret keys.
+- remove gpg2-CVE-2013-4351.patch, committed upstream
+
+---

Old:

  gnupg-2.0.21.tar.bz2
  gnupg-2.0.21.tar.bz2.sig
  gpg2-CVE-2013-4351.patch

New:

  gnupg-2.0.22.tar.bz2
  gnupg-2.0.22.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.5Mrvaf/_old  2013-10-06 14:52:49.0 +0200
+++ /var/tmp/diff_new_pack.5Mrvaf/_new  2013-10-06 14:52:49.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.0.21
+Version:2.0.22
 Release:0
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
@@ -64,7 +64,6 @@
 Patch9: gnupg-detect_FIPS_mode.patch
 # PATCH-FIX-OPENSUSE co...@suse.de -- automake 1.13 already includes $SHELL
 Patch10:gnupg-2.0.20-automake113.diff
-Patch11:gpg2-CVE-2013-4351.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
@@ -84,7 +83,6 @@
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
-%patch11 -p1
 
 %build
 autoreconf -fi

++ gnupg-2.0.21.tar.bz2 - gnupg-2.0.22.tar.bz2 ++
 86519 lines of diff (skipped)

++ gnupg-2.0.9-RSA_ES.patch ++
--- /var/tmp/diff_new_pack.5Mrvaf/_old  2013-10-06 14:52:51.0 +0200
+++ /var/tmp/diff_new_pack.5Mrvaf/_new  2013-10-06 14:52:51.0 +0200
@@ -3,43 +3,43 @@
 # g10/misc.c |8 
 # 1 file changed, 8 insertions(+)
 #
-Index: gnupg-2.0.20/g10/misc.c
+Index: gnupg-2.0.22/g10/misc.c
 ===
 gnupg-2.0.20.orig/g10/misc.c   2013-05-10 13:55:47.0 +0100
-+++ gnupg-2.0.20/g10/misc.c2013-05-10 19:57:18.0 +0100
-@@ -1326,6 +1326,8 @@ pubkey_get_npkey( int algo )
+--- gnupg-2.0.22.orig/g10/misc.c   2013-10-04 16:54:48.0 +0100
 gnupg-2.0.22/g10/misc.c2013-10-05 12:39:16.0 +0100
+@@ -1333,6 +1333,8 @@ pubkey_get_npkey( int algo )
  
if (algo == GCRY_PK_ELG_E)
  algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, n))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+  GCRYCTL_GET_ALGO_NPKEY, NULL, n))
  n = 0;
-   return n;
-@@ -1339,6 +1341,8 @@ pubkey_get_nskey( int algo )
+@@ -1353,6 +1355,8 @@ pubkey_get_nskey( int algo )
  
if (algo == GCRY_PK_ELG_E)
  algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, n ))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+  GCRYCTL_GET_ALGO_NSKEY, NULL, n ))
  n = 0;
-   return n;
-@@ -1352,6 +1356,8 @@ pubkey_get_nsig( int algo )
+@@ -1373,6 +1377,8 @@ pubkey_get_nsig( int algo )
  
if (algo == GCRY_PK_ELG_E)
  algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, n))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+  GCRYCTL_GET_ALGO_NSIGN, NULL, n))
  n = 0;
-   return n;
-@@ -1365,6 +1371,8 @@ pubkey_get_nenc( int algo )
+@@ -1393,6 +1399,8 @@ pubkey_get_nenc( int algo )
  
if (algo == GCRY_PK_ELG_E)
  algo = GCRY_PK_ELG;
 +  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
 +algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, n ))
+   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+  GCRYCTL_GET_ALGO_NENCR, NULL, n ))
  n = 0;
-   return n;

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-09-17 15:02:35

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-08-21 
13:45:39.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-09-17 
15:02:37.0 +0200
@@ -1,0 +2,5 @@
+Mon Sep 16 11:08:55 UTC 2013 - vci...@suse.com
+
+- fix CVE-2013-4351 (bnc#840510)
+
+---

New:

  gpg2-CVE-2013-4351.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.CwZzc6/_old  2013-09-17 15:02:37.0 +0200
+++ /var/tmp/diff_new_pack.CwZzc6/_new  2013-09-17 15:02:37.0 +0200
@@ -64,6 +64,7 @@
 Patch9: gnupg-detect_FIPS_mode.patch
 # PATCH-FIX-OPENSUSE co...@suse.de -- automake 1.13 already includes $SHELL
 Patch10:gnupg-2.0.20-automake113.diff
+Patch11:gpg2-CVE-2013-4351.patch
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
@@ -83,6 +84,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 %build
 autoreconf -fi


++ gpg2-CVE-2013-4351.patch ++
commit 8f8f3984e82a025cf1384132a419f67f39c7e07d 
Author: Werner Koch wk at gnupg.org
Date:   Fri Mar 15 15:46:03 2013 +0100

gpg: Distinguish between missing and cleared key flags.

* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.

Modified g10/getkey.c
Index: gnupg-2.0.9/g10/getkey.c
===
--- gnupg-2.0.9.orig/g10/getkey.c   2013-09-16 16:51:02.752624501 +0200
+++ gnupg-2.0.9/g10/getkey.c2013-09-16 16:54:20.955952692 +0200
@@ -1457,13 +1457,19 @@ parse_key_usage(PKT_signature *sig)
 
   if(flags)
key_usage |= PUBKEY_USAGE_UNKNOWN;
+
+  if (!key_usage)
+   key_usage |= PUBKEY_USAGE_NONE;
 }
+  else if (p) /* Key flags of length zero.  */
+key_usage |= PUBKEY_USAGE_NONE;
 
   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
  capability that we do not handle.  This serves to distinguish
  between a zero key usage which we handle as the default
  capabilities for that algorithm, and a usage that we do not
- handle. */
+ handle.  Likewise we use PUBKEY_USAGE_NONE to indicate that
+ key_flags have been given but they do not specify any usage.  */
 
   return key_usage;
 }
Index: gnupg-2.0.9/include/cipher.h
===
--- gnupg-2.0.9.orig/include/cipher.h   2013-09-16 16:51:02.752624501 +0200
+++ gnupg-2.0.9/include/cipher.h2013-09-16 16:56:27.028429026 +0200
@@ -62,6 +62,11 @@
 #define PUBKEY_USAGE_CERTGCRY_PK_USAGE_CERT  /* Also good to certify keys. 
*/
 #define PUBKEY_USAGE_AUTHGCRY_PK_USAGE_AUTH  /* Good for authentication. */
 #define PUBKEY_USAGE_UNKNOWN GCRY_PK_USAGE_UNKN  /* Unknown usage flag. */
+#define PUBKEY_USAGE_NONE256 /* No usage given. */
+#if  (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR | GCRY_PK_USAGE_CERT \
+  | GCRY_PK_USAGE_AUTH | GCRY_PK_USAGE_UNKN) = 256
+# error Please choose another value for PUBKEY_USAGE_NONE
+#endif
 
 #define DIGEST_ALGO_MD5   /*  1 */ GCRY_MD_MD5
 #define DIGEST_ALGO_SHA1  /*  2 */ GCRY_MD_SHA1
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-08-21 13:45:37

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-06-18 
10:20:26.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-08-21 
13:45:39.0 +0200
@@ -1,0 +2,15 @@
+Mon Aug 19 17:59:48 UTC 2013 - andreas.stie...@gmx.de
+
+- update to 2.0.21
+ * gpg-agent: By default the users are now asked via the Pinentry
+   whether they trust an X.509 root key.  To prohibit interactive
+   marking of such keys, the new option --no-allow-mark-trusted may
+   be used.
+ * gpg-agent: The command KEYINFO has options to add info from
+   sshcontrol.
+ * The included ssh agent does now support ECDSA keys.
+- now requires libgpg-error 1.11
+- update gnupg-2.0.9-langinfo.patch for upstream whitespace changes
+- drop gnupg-broken-curl-test.patch, no longer required
+
+---

Old:

  gnupg-2.0.20.tar.bz2
  gnupg-2.0.20.tar.bz2.sig
  gnupg-broken-curl-test.patch

New:

  gnupg-2.0.21.tar.bz2
  gnupg-2.0.21.tar.bz2.sig



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.OWoVij/_old  2013-08-21 13:45:40.0 +0200
+++ /var/tmp/diff_new_pack.OWoVij/_new  2013-08-21 13:45:40.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   gpg2
-Version:2.0.20
+Version:2.0.21
 Release:0
 BuildRequires:  automake = 1.10
 BuildRequires:  expect
@@ -27,7 +27,7 @@
 BuildRequires:  libbz2-devel
 BuildRequires:  libcurl-devel = 7.10
 BuildRequires:  libgcrypt-devel = 1.4.0
-BuildRequires:  libgpg-error-devel = 1.7
+BuildRequires:  libgpg-error-devel = 1.11
 BuildRequires:  libksba-devel = 1.0.7
 BuildRequires:  libusb-devel
 BuildRequires:  openldap2-devel
@@ -60,7 +60,6 @@
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-2.0.18-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
-Patch7: gnupg-broken-curl-test.patch
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
 # PATCH-FIX-OPENSUSE co...@suse.de -- automake 1.13 already includes $SHELL
@@ -78,10 +77,9 @@
 %patch1 -p1
 %patch2
 %patch3 -p1
-%patch4
+%patch4 -p1
 %patch5 -p1
 %patch6 -p1
-%patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1

++ gnupg-2.0.20.tar.bz2 - gnupg-2.0.21.tar.bz2 ++
 35348 lines of diff (skipped)

++ gnupg-2.0.9-langinfo.patch ++
--- /var/tmp/diff_new_pack.OWoVij/_old  2013-08-21 13:45:42.0 +0200
+++ /var/tmp/diff_new_pack.OWoVij/_new  2013-08-21 13:45:42.0 +0200
@@ -1,11 +1,15 @@
 # fix [bnc#305725] - non latin characters displayed incorrectly by pinentry
-Index: jnlib/utf8conv.c
+---
+# jnlib/utf8conv.c |1 +
+# 1 file changed, 1 insertion(+)
+#
+Index: gnupg-2.0.21/jnlib/utf8conv.c
 ===
 jnlib/utf8conv.c.orig  2008-11-04 15:39:06.0 +0100
-+++ jnlib/utf8conv.c   2009-06-18 11:42:36.0 +0200
-@@ -203,6 +203,7 @@ set_native_charset (const char *newset)
+--- gnupg-2.0.21.orig/jnlib/utf8conv.c 2013-08-19 09:55:30.0 +0100
 gnupg-2.0.21/jnlib/utf8conv.c  2013-08-19 18:53:22.0 +0100
+@@ -148,6 +148,7 @@ set_native_charset (const char *newset)
  #else /*!HAVE_W32_SYSTEM*/
-   
+ 
  #ifdef HAVE_LANGINFO_CODESET
 +setlocale(LC_ALL, );
newset = nl_langinfo (CODESET);

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-06-18 10:20:25

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-05-16 
15:35:21.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-06-18 
10:20:26.0 +0200
@@ -1,0 +2,10 @@
+Mon Jun 17 12:48:24 UTC 2013 - co...@suse.com
+
+- revert usage of gpg-offline to avoid cycles
+
+---
+Mon Jun 17 12:40:10 UTC 2013 - co...@suse.com
+
+- add gnupg-2.0.20-automake113.diff to fix build with automake 1.13
+
+---

New:

  gnupg-2.0.20-automake113.diff



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.9vgHJJ/_old  2013-06-18 10:20:26.0 +0200
+++ /var/tmp/diff_new_pack.9vgHJJ/_new  2013-06-18 10:20:26.0 +0200
@@ -38,9 +38,6 @@
 %else
 BuildRequires:  pth = 1.3.7
 %endif
-%if 0%{?suse_version} = 1230
-BuildRequires:  gpg-offline
-%endif
 Url:http://www.gnupg.org/aegypten2/
 PreReq: %install_info_prereq
 Requires:   dirmngr
@@ -66,6 +63,8 @@
 Patch7: gnupg-broken-curl-test.patch
 Patch8: gnupg-set_umask_before_open_outfile.patch
 Patch9: gnupg-detect_FIPS_mode.patch
+# PATCH-FIX-OPENSUSE co...@suse.de -- automake 1.13 already includes $SHELL
+Patch10:gnupg-2.0.20-automake113.diff
 
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
@@ -75,7 +74,6 @@
 
 %lang_package
 %prep
-%{?gpg_verify: %gpg_verify %{S:2}}
 %setup  -q -n gnupg-%version
 %patch1 -p1
 %patch2
@@ -86,6 +84,7 @@
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 
 %build
 autoreconf -fi

++ gnupg-2.0.20-automake113.diff ++
Index: gnupg-2.0.20/tests/openpgp/Makefile.am
===
--- gnupg-2.0.20.orig/tests/openpgp/Makefile.am
+++ gnupg-2.0.20/tests/openpgp/Makefile.am
@@ -25,7 +25,7 @@ required_pgms = ../../g10/gpg2 ../../age
 
 
 TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C \
-   ../../agent/gpg-agent --quiet --daemon sh
+   ../../agent/gpg-agent --quiet --daemon
 
 
 TESTS = version.test mds.test \

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-05-16 10:59:32

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-03-28 
13:16:14.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-05-16 
10:59:33.0 +0200
@@ -1,0 +2,26 @@
+Fri May 10 19:33:24 UTC 2013 - andreas.stie...@gmx.de
+
+- update to 2.0.20
+ * Decryption using smartcards keys  3072 bit does now work.
+ * New meta option ignore-invalid-option to allow using the same
+   option file by other GnuPG versions.
+ * gpg: The hash algorithm is now printed for sig records in key listings.
+ * gpg: Skip invalid keyblock packets during import to avoid a DoS.
+ * gpg: Correctly handle ports from DNS SRV records.
+ * keyserver: Improve use of SRV records
+ * gpg-agent: Avoid tty corruption when killing pinentry.
+ * scdaemon: Improve detection of card insertion and removal.
+ * scdaemon: Rename option --disable-keypad to --disable-pinpad.
+ * scdaemon: Better support for CCID readers.  Now, the internal CCID
+   driver supports readers without the auto configuration feature.
+ * scdaemon: Add pinpad input for PC/SC, if your reader has pinpad and
+   it supports variable length PIN input, and you specify
+   --enable-pinpad-varlen option.
+ * scdaemon: New option --enable-pinpad-varlen.
+ * scdaemon: Install into libexecdir to avoid accidental execution
+   from the command line.
+ * Assorted bug fixes.
+- refresh gnupg-2.0.9-RSA_ES.patch
+- verify gpg signature of source tarball
+
+---

Old:

  gnupg-2.0.19.tar.bz2

New:

  gnupg-2.0.20.tar.bz2
  gnupg-2.0.20.tar.bz2.sig
  gpg2.keyring



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.hhcZnX/_old  2013-05-16 10:59:34.0 +0200
+++ /var/tmp/diff_new_pack.hhcZnX/_new  2013-05-16 10:59:34.0 +0200
@@ -17,9 +17,9 @@
 
 
 Name:   gpg2
-Version:2.0.19
+Version:2.0.20
 Release:0
-BuildRequires:  automake
+BuildRequires:  automake = 1.10
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -38,6 +38,9 @@
 %else
 BuildRequires:  pth = 1.3.7
 %endif
+%if 0%{?suse_version} = 1230
+BuildRequires:  gpg-offline
+%endif
 Url:http://www.gnupg.org/aegypten2/
 PreReq: %install_info_prereq
 Requires:   dirmngr
@@ -53,6 +56,7 @@
 License:GPL-3.0+
 Group:  Productivity/Networking/Security
 Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
+Source2:ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
 Patch1: gnupg-2.0.18-tmpdir.diff
 Patch2: gnupg-2.0.4-install_tools.diff
 Patch3: gnupg-2.0.9-RSA_ES.patch
@@ -68,6 +72,7 @@
 
 %lang_package
 %prep
+%{?gpg_verify: %gpg_verify %{S:2}}
 %setup  -q -n gnupg-%version
 %patch1 -p1
 %patch2

++ gnupg-2.0.19.tar.bz2 - gnupg-2.0.20.tar.bz2 ++
 131598 lines of diff (skipped)

++ gnupg-2.0.9-RSA_ES.patch ++
--- /var/tmp/diff_new_pack.hhcZnX/_old  2013-05-16 10:59:37.0 +0200
+++ /var/tmp/diff_new_pack.hhcZnX/_new  2013-05-16 10:59:37.0 +0200
@@ -1,9 +1,13 @@
 # adds back support for deprecated RSA_E, RSA_S algorithms
-Index: gnupg-2.0.13/g10/misc.c
+---
+# g10/misc.c |8 
+# 1 file changed, 8 insertions(+)
+#
+Index: gnupg-2.0.20/g10/misc.c
 ===
 gnupg-2.0.13.orig/g10/misc.c   2009-07-16 08:22:45.0 +0200
-+++ gnupg-2.0.13/g10/misc.c2009-11-13 13:19:39.0 +0100
-@@ -1308,6 +1308,8 @@ pubkey_get_npkey( int algo )
+--- gnupg-2.0.20.orig/g10/misc.c   2013-05-10 13:55:47.0 +0100
 gnupg-2.0.20/g10/misc.c2013-05-10 19:57:18.0 +0100
+@@ -1326,6 +1326,8 @@ pubkey_get_npkey( int algo )
  
if (algo == GCRY_PK_ELG_E)
  algo = GCRY_PK_ELG;
@@ -12,7 +16,7 @@
if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, n))
  n = 0;
return n;
-@@ -1321,6 +1323,8 @@ pubkey_get_nskey( int algo )
+@@ -1339,6 +1341,8 @@ pubkey_get_nskey( int algo )
  
if (algo == GCRY_PK_ELG_E)
  algo = GCRY_PK_ELG;
@@ -21,7 +25,7 @@
if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, n ))
  n = 0;
return n;
-@@ -1334,6 +1338,8 @@ pubkey_get_nsig( int algo )
+@@ -1352,6 +1356,8 @@ pubkey_get_nsig( int algo )
  
if (algo == GCRY_PK_ELG_E)
  algo = GCRY_PK_ELG;
@@ -30,8 +34,8 @@
if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, n))
  n = 0;
return n;
-@@ 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-05-16 15:35:19

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-05-16 
10:59:33.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-05-16 
15:35:21.0 +0200
@@ -1,0 +2,8 @@
+Tue May 14 14:00:45 UTC 2013 - vci...@suse.com
+
+- set safe umask before creating a plaintext file (bnc#780943)
+  added gpg2-set_umask_before_open_outfile.patch
+- select proper ciphers when running in FIPS mode (bnc#808958)
+  added gnupg-detect_FIPS_mode.patch
+
+---

New:

  gnupg-detect_FIPS_mode.patch
  gnupg-set_umask_before_open_outfile.patch



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.iUuveU/_old  2013-05-16 15:35:22.0 +0200
+++ /var/tmp/diff_new_pack.iUuveU/_new  2013-05-16 15:35:22.0 +0200
@@ -64,6 +64,9 @@
 Patch5: gnupg-2.0.18-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
 Patch7: gnupg-broken-curl-test.patch
+Patch8: gnupg-set_umask_before_open_outfile.patch
+Patch9: gnupg-detect_FIPS_mode.patch
+
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -81,6 +84,8 @@
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 %build
 autoreconf -fi


++ gnupg-detect_FIPS_mode.patch ++
Index: gnupg-2.0.19/g10/encode.c
===
--- gnupg-2.0.19.orig/g10/encode.c  2013-03-14 14:23:58.009483967 +0100
+++ gnupg-2.0.19/g10/encode.c   2013-03-14 15:49:50.524306304 +0100
@@ -732,7 +732,10 @@ encrypt_filter( void *opaque, int contro
if( efx-cfx.dek-algo == -1 ) {
 /* because 3DES is implicitly in the prefs, this can only
  * happen if we do not have any public keys in the list */
-   efx-cfx.dek-algo = DEFAULT_CIPHER_ALGO;
+  /* Libgcrypt manual says that gcry_version_check must be 
called
+ before calling gcry_fips_mode_active. */
+   gcry_check_version (NULL);
+   efx-cfx.dek-algo = gcry_fips_mode_active() ? 
CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
 }
 
 /* In case 3DES has been selected, print a warning if
Index: gnupg-2.0.19/g10/gpg.c
===
--- gnupg-2.0.19.orig/g10/gpg.c 2013-03-14 14:24:00.031545611 +0100
+++ gnupg-2.0.19/g10/gpg.c  2013-03-14 14:24:37.495687612 +0100
@@ -1975,7 +1975,7 @@ main (int argc, char **argv)
 opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
 opt.s2k_mode = 3; /* iterated+salted */
 opt.s2k_count = 0; /* Auto-calibrate when needed.  */
-opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
+opt.s2k_cipher_algo = gcry_fips_mode_active() ? CIPHER_ALGO_AES : 
CIPHER_ALGO_CAST5;
 opt.completes_needed = 1;
 opt.marginals_needed = 3;
 opt.max_cert_depth = 5;
Index: gnupg-2.0.19/g10/mainproc.c
===
--- gnupg-2.0.19.orig/g10/mainproc.c2013-03-14 14:23:58.011484028 +0100
+++ gnupg-2.0.19/g10/mainproc.c 2013-03-14 15:50:50.970127383 +0100
@@ -685,9 +685,15 @@ proc_plaintext( CTX c, PACKET *pkt )
   often.  There is no good way to specify what algorithms to
   use in that case, so these three are the historical
   answer. */
-   gcry_md_enable( c-mfx.md, DIGEST_ALGO_RMD160 );
+
+   /* Libgcrypt manual says that gcry_version_check must be called
+  before calling gcry_fips_mode_active. */
+   gcry_check_version (NULL);
+   if( !gcry_fips_mode_active() )
+ gcry_md_enable( c-mfx.md, DIGEST_ALGO_RMD160 );
gcry_md_enable( c-mfx.md, DIGEST_ALGO_SHA1 );
-   gcry_md_enable( c-mfx.md, DIGEST_ALGO_MD5 );
+   if( !gcry_fips_mode_active() )
+ gcry_md_enable( c-mfx.md, DIGEST_ALGO_MD5 );
   }
 if( opt.pgp2_workarounds  only_md5  !opt.skip_verify ) {
/* This is a kludge to work around a bug in pgp2.  It does only
++ gnupg-set_umask_before_open_outfile.patch ++
Index: gnupg-2.0.20/g10/plaintext.c
===
--- gnupg-2.0.20.orig/g10/plaintext.c   2013-05-13 14:26:49.290737159 +0200
+++ gnupg-2.0.20/g10/plaintext.c2013-05-13 14:43:21.740575875 +0200
@@ -25,6 +25,7 @@
 #include errno.h
 #include assert.h
 #include sys/types.h
+#include 

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-03-28 13:16:11

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2013-01-17 
09:39:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-03-28 
13:16:14.0 +0100
@@ -1,0 +2,6 @@
+Wed Mar 27 12:16:19 UTC 2013 - mmeis...@suse.com
+
+- Added url as source.
+  Please see http://en.opensuse.org/SourceUrls
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.fgxzLI/_old  2013-03-28 13:16:16.0 +0100
+++ /var/tmp/diff_new_pack.fgxzLI/_new  2013-03-28 13:16:16.0 +0100
@@ -52,7 +52,7 @@
 Summary:GnuPG 2
 License:GPL-3.0+
 Group:  Productivity/Networking/Security
-Source: gnupg-%{version}.tar.bz2
+Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
 Patch1: gnupg-2.0.18-tmpdir.diff
 Patch2: gnupg-2.0.4-install_tools.diff
 Patch3: gnupg-2.0.9-RSA_ES.patch

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2013-01-17 09:39:23

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2012-04-19 
08:48:52.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2013-01-17 
09:39:24.0 +0100
@@ -1,0 +2,6 @@
+Fri Jan 11 20:26:50 UTC 2013 - lazy.k...@opensuse.org
+
+- BuildRequires: libbz2-devel (support BZIP2 compression
+  algorithm) (bnc#798175).
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.iMJrMk/_old  2013-01-17 09:39:25.0 +0100
+++ /var/tmp/diff_new_pack.iMJrMk/_new  2013-01-17 09:39:25.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,6 +24,7 @@
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
 BuildRequires:  libassuan-devel = 2.0.0
+BuildRequires:  libbz2-devel
 BuildRequires:  libcurl-devel = 7.10
 BuildRequires:  libgcrypt-devel = 1.4.0
 BuildRequires:  libgpg-error-devel = 1.7

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory checked in 
at 2011-12-06 17:58:48

Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
 and  /work/SRC/openSUSE:Factory/.gpg2.new (New)


Package is gpg2, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes2011-10-02 
10:09:58.0 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes   2011-12-06 
17:59:23.0 +0100
@@ -1,0 +2,10 @@
+Tue Dec  6 10:58:36 UTC 2011 - vci...@suse.com
+
+- fixed licence to GPL-3.0+ (bnc#734878)
+
+---
+Wed Nov 30 09:55:47 UTC 2011 - co...@suse.com
+
+- add automake as buildrequire to avoid implicit dependency
+
+---



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.8u8MMW/_old  2011-12-06 17:59:25.0 +0100
+++ /var/tmp/diff_new_pack.8u8MMW/_new  2011-12-06 17:59:25.0 +0100
@@ -15,12 +15,12 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
 
 
 Name:   gpg2
 Version:2.0.18
 Release:4
+BuildRequires:  automake
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libgpg-error-devel = 1.7
@@ -39,10 +39,9 @@
 BuildRequires:  pth = 1.3.7
 %endif
 Url:http://www.gnupg.org/aegypten2/
-License:GPLv2+
+License:GPL-3.0+
 Group:  Productivity/Networking/Security
 PreReq: %install_info_prereq
-AutoReqProv:on
 Requires:   pinentry dirmngr
 Recommends: %name-lang = %{version}
 Provides:   newpg gpg = 1.4.9 gnupg = %{version}

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory
checked in at Thu Sep 1 14:51:02 CEST 2011.




--- gpg2/gpg2.changes   2011-08-19 03:14:11.0 +0200
+++ /mounts/work_src_done/STABLE/gpg2/gpg2.changes  2011-08-31 
12:03:35.0 +0200
@@ -1,0 +2,5 @@
+Wed Aug 31 10:00:35 UTC 2011 - pu...@suse.com
+
+- link with -pie 
+
+---

calling whatdependson for head-i586




Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.wqQ8eH/_old  2011-09-01 13:33:35.0 +0200
+++ /var/tmp/diff_new_pack.wqQ8eH/_new  2011-09-01 13:33:35.0 +0200
@@ -20,7 +20,7 @@
 
 Name:   gpg2
 Version:2.0.18
-Release:2
+Release:4
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libgpg-error-devel = 1.7
@@ -80,10 +80,12 @@
 # build PIEs (position independent executables) for address space 
randomisation:
 %ifarch s390x %sparc
 # s390x needs to use the large PIE model (at least for gpg.c):
-CFLAGS=%{optflags} -fPIE LDFLAGS=-pie \
+PIE=-fPIE 
 %else
-CFLAGS=%{optflags} -fpie LDFLAGS=-pie \
+PIE=-fpie
 %endif
+export CFLAGS=%{optflags} ${PIE}
+export LDFLAGS=-pie
 %configure \
 --libexecdir=%{_libdir} \
 --docdir=%{_docdir}/%{name} \






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit gpg2 for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package gpg2 for openSUSE:Factory
checked in at Wed Mar 16 10:37:18 CET 2011.




--- gpg2/gpg2.changes   2011-01-07 13:25:06.0 +0100
+++ /mounts/work_src_done/STABLE/gpg2/gpg2.changes  2011-03-15 
10:49:13.0 +0100
@@ -1,0 +2,13 @@
+Tue Mar 15 09:29:42 UTC 2011 - pu...@novell.com
+
+- update to gnupg-2.0.17
+ * Allow more hash algorithms with the OpenPGP v2 card.
+ * The gpg-agent now tests for a new gpg-agent.conf on a HUP.
+ * Fixed output of gpgconf --check-options.
+ * Fixed a bug where Scdaemon sends a signal to Gpg-agent running
+   in non-daemon mode.
+ * Fixed TTY management for pinentries and session variable update
+   problem.
+- drop gnupg-CVE-2010-2547.patch (in upstream)
+
+---

calling whatdependson for head-i586


Old:

  gnupg-2.0.16.tar.bz2
  gnupg-CVE-2010-2547.patch

New:

  gnupg-2.0.17.tar.bz2



Other differences:
--
++ gpg2.spec ++
--- /var/tmp/diff_new_pack.38yGnG/_old  2011-03-16 10:35:07.0 +0100
+++ /var/tmp/diff_new_pack.38yGnG/_new  2011-03-16 10:35:07.0 +0100
@@ -1,5 +1,5 @@
 #
-# spec file for package gpg2 (Version 2.0.16)
+# spec file for package gpg2
 #
 # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -19,8 +19,8 @@
 
 
 Name:   gpg2
-Version:2.0.16
-Release:4
+Version:2.0.17
+Release:1
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libgpg-error-devel = 1.7
@@ -57,7 +57,6 @@
 Patch4: gnupg-2.0.9-langinfo.patch
 Patch5: gnupg-files-are-digests.patch
 Patch6: gnupg-dont-fail-with-seahorse-agent.patch
-Patch7: gnupg-CVE-2010-2547.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -73,10 +72,8 @@
 %patch4
 %patch5 -p1
 %patch6 -p1
-%patch7 -p1
 
 %build
-# Required for patch7:
 autoreconf -fi
 # build PIEs (position independent executables) for address space 
randomisation:
 %ifarch s390x %sparc
@@ -119,7 +116,7 @@
 # fix rpmlint invalid-lc-messages-dir:
 rm -rf $RPM_BUILD_ROOT/%_datadir/locale/en@{bold,}quot
 # additional files to documentation directory
-install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ doc/faq.html 
$RPM_BUILD_ROOT/%{_docdir}/%{name}
+install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ 
$RPM_BUILD_ROOT/%{_docdir}/%{name}
 %find_lang gnupg2
 %if 0%{?suse_version}  1020
 %fdupes %buildroot

++ gnupg-2.0.16.tar.bz2 - gnupg-2.0.17.tar.bz2 ++
 76184 lines of diff (skipped)

++ gnupg-2.0.4-install_tools.diff ++
--- /var/tmp/diff_new_pack.38yGnG/_old  2011-03-16 10:35:09.0 +0100
+++ /var/tmp/diff_new_pack.38yGnG/_new  2011-03-16 10:35:09.0 +0100
@@ -1,7 +1,7 @@
 Index: tools/Makefile.am
 ===
 tools/Makefile.am.orig 2009-04-17 19:39:47.0 +0200
-+++ tools/Makefile.am  2009-11-13 13:01:24.0 +0100
+--- tools/Makefile.am.orig
 tools/Makefile.am
 @@ -32,8 +32,8 @@ sbin_SCRIPTS = addgnupghome applygnupgde
  
  bin_SCRIPTS = gpgsm-gencert.sh
@@ -13,9 +13,9 @@
  endif
  
  if BUILD_SYMCRYPTRUN
-@@ -44,14 +44,14 @@ endif
+@@ -51,14 +51,14 @@ endif
  
- bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun}
+ bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} ${gpgtar}
  if !HAVE_W32_SYSTEM
 -bin_PROGRAMS += watchgnupg gpgparsemail
 +bin_PROGRAMS += watchgnupg gpgparsemail gpgsplit






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org