From fecfc4efdd1d39b88464f2cabe51b8b6fd4ae5993a27c1ccd407754775a7ce69 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Wed, 5 Apr 2017 09:54:08 +0000
Subject: [PATCH 1/2] Accepting request 485777 from security:privacy

2.1.20

OBS-URL: https://build.opensuse.org/request/show/485777
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=168
---
 gnupg-2.0.18-files-are-digests.patch      |  52 +++++++++++-----------
 gnupg-2.1.19.tar.bz2                      |   3 --
 gnupg-2.1.19.tar.bz2.sig                  | Bin 620 -> 0 bytes
 gnupg-2.1.20.tar.bz2                      |   3 ++
 gnupg-2.1.20.tar.bz2.sig                  | Bin 0 -> 310 bytes
 gnupg-set_umask_before_open_outfile.patch |  12 ++---
 gpg2.changes                              |  30 +++++++++++++
 gpg2.spec                                 |   2 +-
 8 files changed, 66 insertions(+), 36 deletions(-)
 delete mode 100644 gnupg-2.1.19.tar.bz2
 delete mode 100644 gnupg-2.1.19.tar.bz2.sig
 create mode 100644 gnupg-2.1.20.tar.bz2
 create mode 100644 gnupg-2.1.20.tar.bz2.sig

diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch
index 1daf76c..2d55365 100644
--- a/gnupg-2.0.18-files-are-digests.patch
+++ b/gnupg-2.0.18-files-are-digests.patch
@@ -4,11 +4,11 @@
  g10/sign.c    |   68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.15/g10/gpg.c
+Index: gnupg-2.1.20/g10/gpg.c
 ===================================================================
---- gnupg-2.1.15.orig/g10/gpg.c
-+++ gnupg-2.1.15/g10/gpg.c
-@@ -368,6 +368,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.20.orig/g10/gpg.c	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/gpg.c	2017-04-04 15:59:20.823799866 +0200
+@@ -374,6 +374,7 @@ enum cmd_and_opt_values
      oTTYtype,
      oLCctype,
      oLCmessages,
@@ -16,7 +16,7 @@ Index: gnupg-2.1.15/g10/gpg.c
      oXauthority,
      oGroup,
      oUnGroup,
-@@ -791,6 +792,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -820,6 +821,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
    ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
    ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,7 +24,7 @@ Index: gnupg-2.1.15/g10/gpg.c
  
    /* Aliases.  I constantly mistype these, and assume other people do
       as well. */
-@@ -2239,6 +2241,7 @@ main (int argc, char **argv)
+@@ -2393,6 +2395,7 @@ main (int argc, char **argv)
      opt.def_cert_expire = "0";
      gnupg_set_homedir (NULL);
      opt.passphrase_repeat = 1;
@@ -32,7 +32,7 @@ Index: gnupg-2.1.15/g10/gpg.c
      opt.emit_version = 0;
      opt.weak_digests = NULL;
      additional_weak_digest("MD5");
-@@ -2807,6 +2810,7 @@ main (int argc, char **argv)
+@@ -2942,6 +2945,7 @@ main (int argc, char **argv)
  	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
  	    break;
  	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@@ -40,11 +40,11 @@ Index: gnupg-2.1.15/g10/gpg.c
  
  	  case oForceMDC: opt.force_mdc = 1; break;
  	  case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.15/g10/options.h
+Index: gnupg-2.1.20/g10/options.h
 ===================================================================
---- gnupg-2.1.15.orig/g10/options.h
-+++ gnupg-2.1.15/g10/options.h
-@@ -212,6 +212,7 @@ struct
+--- gnupg-2.1.20.orig/g10/options.h	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/options.h	2017-04-04 15:59:20.827799905 +0200
+@@ -214,6 +214,7 @@ struct
    int no_auto_check_trustdb;
    int preserve_permissions;
    int no_homedir_creation;
@@ -52,20 +52,20 @@ Index: gnupg-2.1.15/g10/options.h
    struct groupitem *grouplist;
    int mangle_dos_filenames;
    int enable_progress_filter;
-Index: gnupg-2.1.15/g10/sign.c
+Index: gnupg-2.1.20/g10/sign.c
 ===================================================================
---- gnupg-2.1.15.orig/g10/sign.c
-+++ gnupg-2.1.15/g10/sign.c
+--- gnupg-2.1.20.orig/g10/sign.c	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/sign.c	2017-04-04 15:59:27.515864763 +0200
 @@ -42,6 +42,8 @@
  #include "call-agent.h"
- #include "mbox-util.h"
+ #include "../common/mbox-util.h"
  
-+#include "host2net.h"
++#include "../common/host2net.h"
 +
  #ifdef HAVE_DOSISH_SYSTEM
  #define LF "\r\n"
  #else
-@@ -711,8 +713,12 @@ write_signature_packets (SK_LIST sk_list
+@@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl,
            mk_notation_policy_etc (sig, NULL, pk);
          }
  
@@ -76,9 +76,9 @@ Index: gnupg-2.1.15/g10/sign.c
 +          log_bug("files-are-digests doesn't work with v4 sigs\n");
 +      }
  
-       rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
+       rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce);
        gcry_md_close (md);
-@@ -770,6 +776,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -781,6 +787,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
      SK_LIST sk_rover = NULL;
      int multifile = 0;
      u32 duration=0;
@@ -87,7 +87,7 @@ Index: gnupg-2.1.15/g10/sign.c
  
      pfx = new_progress_context ();
      afx = new_armor_context ();
-@@ -786,7 +794,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -798,7 +806,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	fname = NULL;
  
      if( fname && filenames->next && (!detached || encryptflag) )
@@ -105,7 +105,7 @@ Index: gnupg-2.1.15/g10/sign.c
  
      if(encryptflag==2
         && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -807,7 +824,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -819,7 +836,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
        goto leave;
  
      /* prepare iobufs */
@@ -114,7 +114,7 @@ Index: gnupg-2.1.15/g10/sign.c
  	inp = NULL; /* we do it later */
      else {
        inp = iobuf_open(fname);
-@@ -945,7 +962,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -957,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
      for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
        gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
  
@@ -123,7 +123,7 @@ Index: gnupg-2.1.15/g10/sign.c
  	iobuf_push_filter( inp, md_filter, &mfx );
  
      if( detached && !encryptflag)
-@@ -1000,6 +1017,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1012,6 +1029,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      write_status_begin_signing (mfx.md);
  
@@ -132,7 +132,7 @@ Index: gnupg-2.1.15/g10/sign.c
      /* Setup the inner packet. */
      if( detached ) {
  	if( multifile ) {
-@@ -1040,6 +1059,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1052,6 +1071,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	    if( opt.verbose )
                log_printf ("\n");
  	}
@@ -178,10 +178,10 @@ Index: gnupg-2.1.15/g10/sign.c
  	else {
  	    /* read, so that the filter can calculate the digest */
  	    while( iobuf_get(inp) != -1 )
-@@ -1058,8 +1116,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1070,8 +1128,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      /* write the signatures */
-     rc = write_signature_packets (sk_list, out, mfx.md,
+     rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
 -                                  opt.textmode && !outfile? 0x01 : 0x00,
 -				  0, duration, detached ? 'D':'S', NULL);
 +                                  sigclass,
diff --git a/gnupg-2.1.19.tar.bz2 b/gnupg-2.1.19.tar.bz2
deleted file mode 100644
index 364d489..0000000
--- a/gnupg-2.1.19.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0
-size 6404836
diff --git a/gnupg-2.1.19.tar.bz2.sig b/gnupg-2.1.19.tar.bz2.sig
deleted file mode 100644
index 553183bda80d03316e9c7f06a46e42a233eae1a39ff7823daafe2b529412797b..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 620
zcmV-y0+aoT0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$8^Rd;kgw5G0#9
z(oZGhw%q~;{wvI{%DnraGJ<(i9xkF`R{qQo@&-m43sT9j%Ukv70iL}|h2FBquY#U3
z@u&-0E85+Fr4iJ!OXf-DvdZ2IM#@g;C0^A;>c`@pguOi@JFSaClH4K?IYtqT@CrML
zL=cv_5_~^BBr&fS!+=C--rvJtU<JU>E08PouA)EEJyo^<V$=M79HxbK{c+gKkH<pa
zHk{b$aJxGvHMiKNJjaGuY+{!K@JGp}P%&R18(EJzsVIg=pi=}7+=qyv7+sDS-c$DY
zWqh%A`8ivoPH2zmRHam`GBql(p}rcB6A4<c@NK$4DwhE(NJWn^lgU;MNr_72N}3ip
zcl>}%#EAhj1ONdD038+~1OpzzQ*Kxdj-rOC@*r`riZi`G1_c6Gx9!aU3JDM(aj=Rr
zy*~!Kmk0o`7}G3)%ynoO&1VW{)_L4Bs0WYAsNFpcc&|+O{d0fdY5@wU0T1e&FVpUZ
z@>+|E5PWrMR6&)@_`Wx99eB70Q54mO>Ep8c8h2uG0&C1oS?fAsIxaF&oW&`vLO(G&
z-uY4dgx&0Z!k`>|Oc9pge7O&a8ve26Rn-n;GT*uIO%rbj3rbfTML0jQ>XXk!fM(Yl
zHUhf-qT{JZHaE!>Y4<}?5qB7?IJt7eO-XW8K=&xC#bEe)cWuenP&;h*@LPXoo8t6n
zMuIy$K{q6Z?HhNRWi#<kC!2sY#y+UIK<y&Pl!8ysF8jPUg_4Ds#WTz~#_^V?lv0nS
GD|Z2%svAE5

diff --git a/gnupg-2.1.20.tar.bz2 b/gnupg-2.1.20.tar.bz2
new file mode 100644
index 0000000..c7c955c
--- /dev/null
+++ b/gnupg-2.1.20.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d
+size 6456128
diff --git a/gnupg-2.1.20.tar.bz2.sig b/gnupg-2.1.20.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..585d1e3043caf02f39a195d02171f087a154b747113aff5456daa58865d6f3af
GIT binary patch
literal 310
zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Adn3IGZT5G0#9
z(oZGhwvnC)0H1RXVvfvD1I4M68EjK;$fIM3y3Pa+by<*s#)NpL=gL!Tn;fT*XTukd
zkv&Dx0}z)JEF_fARc$S`Th^>O2T<<T8`3u=XSV`OrRABd#CAu6`dN%rQR3z_5Sc^p
z7MalDt@`%6?(Gl@t_5(02G&=y-=C3`6H=)Moiyjfk038eShJ6XHu1r3no*b65bjOY
zxDN}~i5sg%OlzM(J;^a&Q2Ao;`)bz^!79#ysJ6rNY-e?|1Y?fdT*H6ey3K1YcPVen
zSkX9Drl2J5p~OK9)VqWJ>*On~lV-u#veLWqFyU0S@v=BU-?(_%Kot}izZoG?yE+rX
IGJ5`FrW(kS^Z)<=

literal 0
HcmV?d00001

diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch
index 291939a..195e99c 100644
--- a/gnupg-set_umask_before_open_outfile.patch
+++ b/gnupg-set_umask_before_open_outfile.patch
@@ -1,7 +1,7 @@
-Index: gnupg-2.1.12/g10/plaintext.c
+Index: gnupg-2.1.20/g10/plaintext.c
 ===================================================================
---- gnupg-2.1.12.orig/g10/plaintext.c	2016-05-04 11:43:16.000000000 +0200
-+++ gnupg-2.1.12/g10/plaintext.c	2016-05-04 17:36:13.945784756 +0200
+--- gnupg-2.1.20.orig/g10/plaintext.c	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/plaintext.c	2017-04-04 09:53:31.541145727 +0200
 @@ -24,6 +24,7 @@
  #include <string.h>
  #include <errno.h>
@@ -11,8 +11,8 @@ Index: gnupg-2.1.12/g10/plaintext.c
  # include <fcntl.h> /* for setmode() */
  #endif
 @@ -38,6 +39,9 @@
- #include "status.h"
- #include "i18n.h"
+ #include "../common/status.h"
+ #include "../common/i18n.h"
  
 +/* define safe permissions for creating plaintext files */
 +#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
@@ -20,7 +20,7 @@ Index: gnupg-2.1.12/g10/plaintext.c
  
  /* Get the output filename.  On success, the actual filename that is
     used is set in *FNAMEP and a filepointer is returned in *FP.
-@@ -145,11 +149,15 @@ get_output_file (const byte *embedded_na
+@@ -161,11 +165,15 @@ get_output_file (const byte *embedded_na
        log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
        goto leave;
      }
diff --git a/gpg2.changes b/gpg2.changes
index aedb1c6..67513e1 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Apr  4 14:00:36 UTC 2017 - astieger@suse.com
+
+- GnuPG 2.1.20:
+  * gpg: New properties 'expired', 'revoked', and 'disabled' for the
+    import and export filters.
+  * gpg: New command --quick-set-primary-uid.
+  * gpg: New compliance field for the --with-colon key listing.
+  * gpg: Changed the key parser to generalize the processing of local
+    meta data packets.
+  * gpg: Fixed assertion failure in the TOFU trust model.
+  * gpg: Fixed exporting of zero length user ID packets.
+  * scd: Improved support for multiple readers.
+  * scd: Fixed timeout handling for key generation.
+  * agent: New option --enable-extended-key-format.
+  * dirmngr: Do not add a keyserver to a new dirmngr.conf.  Dirmngr
+    uses a default keyserver.
+  * dimngr: Do not treat TLS warning alerts as severe error when
+    building with GNUTLS.
+  * dirmngr: Actually take /etc/hosts in account.
+  * wks: Fixed client problems on Windows.  Published keys are now set
+    to world-readable.
+  * tests: Fixed creation of temporary directories.
+  * A socket directory for a non standard GNUGHOME is now created on
+    the fly under /run/user.  Thus "gpgconf --create-socketdir" is now
+    optional.  The use of "gpgconf --remove-socketdir" to clean up
+    obsolete socket directories is however recommended to avoid
+    cluttering /run/user with useless directories.
+  * Fixed build problems on some platforms.
+
 -------------------------------------------------------------------
 Tue Mar 14 20:41:55 UTC 2017 - astieger@suse.com
 
diff --git a/gpg2.spec b/gpg2.spec
index 0daa985..8af4583 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.1.19
+Version:        2.1.20
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0+

From c4a7c33b0245a409205cf327fa95cb00847a8d45d13f81cc87030db45ab9ce88 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Wed, 5 Apr 2017 10:33:06 +0000
Subject: [PATCH 2/2] fetch updated sig

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=169
---
 gnupg-2.1.20.tar.bz2.sig | Bin 310 -> 620 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/gnupg-2.1.20.tar.bz2.sig b/gnupg-2.1.20.tar.bz2.sig
index 585d1e3043caf02f39a195d02171f087a154b747113aff5456daa58865d6f3af..4bc8e1445f537f27264f693f57628e158bf6f7d2bbf26b814ab18e907cd136a9 100644
GIT binary patch
delta 320
zcmV-G0l)sX0_+5^HUWQ$0W$;u0SEvc79j)!9>P;@SPhP%hN<!(aj=Rry*~y80$AgH
z&;SYv5Fl}|iZi`G2B+``|4PaC7|Z@6!^T^jUIu_$*w4yX2pn<r*r6VAEDpz_mxbd1
z3Dcw9umj1PB6@?kfFyWxQ`|qS=KFM2#Y-cMc<LpSjZl;vfv11-u&xzbS=t64u_7{>
zc%Z}+;Mnsa7lTAnLg8gUcL*bq&MNOMM`z#fpAYO{!IZe^b<tR@y`b^HEfyoCFtQ0w
ztP-ZlTi~Y<l4;&!PtMzt%atV6<^u@Wq4zJhYjG;-ZvZMZpi@+C-cHQz)$?$J<fP<k
zmHs7)G7{(}9;Z0cZo_zcEn<kYiVytM-0M^w{HMJmbeD$e@51NZKwAbp4$jt<g=DrJ
S;B+E>r9m(_PGq0eCg0b8%b5NE

delta 7
OcmaFEvW;nj86yA;rUH-v