Accepting request 512955 from security:privacy

GnuPG 2.1.22 OBS-URL: https://build.opensuse.org/request/show/512955 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=175
2017-07-28 19:33:18 +00:00 · 2017-07-28 19:33:18 +00:00 · 0eae918f19
commit 0eae918f19
parent 9b6c062d14
8 changed files with 70 additions and 47 deletions
--- a/gnupg-2.0.18-files-are-digests.patch
+++ b/gnupg-2.0.18-files-are-digests.patch
@ -4,11 +4,11 @@
 g10/sign.c    |   68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
 3 files changed, 67 insertions(+), 6 deletions(-)

-Index: gnupg-2.1.21/g10/gpg.c
+Index: gnupg-2.1.22/g10/gpg.c
 ===================================================================
--- gnupg-2.1.21.orig/g10/gpg.c	2017-04-03 17:13:56.000000000 +0200
-+++ gnupg-2.1.21/g10/gpg.c	2017-04-04 15:59:20.823799866 +0200
-@@ -374,6 +374,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.22.orig/g10/gpg.c
+++ gnupg-2.1.22/g10/gpg.c
+@@ -379,6 +379,7 @@ enum cmd_and_opt_values
     oTTYtype,
     oLCctype,
     oLCmessages,
@ -16,7 +16,7 @@ Index: gnupg-2.1.21/g10/gpg.c
     oXauthority,
     oGroup,
     oUnGroup,
-@@ -820,6 +821,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -828,6 +829,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
   ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
   ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@ -24,7 +24,7 @@ Index: gnupg-2.1.21/g10/gpg.c
 
   /* Aliases.  I constantly mistype these, and assume other people do
      as well. */
-@@ -2393,6 +2395,7 @@ main (int argc, char **argv)
+@@ -2383,6 +2385,7 @@ main (int argc, char **argv)
     opt.def_cert_expire = "0";
     gnupg_set_homedir (NULL);
     opt.passphrase_repeat = 1;
@ -32,7 +32,7 @@ Index: gnupg-2.1.21/g10/gpg.c
     opt.emit_version = 0;
     opt.weak_digests = NULL;
     additional_weak_digest("MD5");
-@@ -2942,6 +2945,7 @@ main (int argc, char **argv)
+@@ -2944,6 +2947,7 @@ main (int argc, char **argv)
 	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
 	    break;
 	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@ -40,11 +40,11 @@ Index: gnupg-2.1.21/g10/gpg.c
 
 	  case oForceMDC: opt.force_mdc = 1; break;
 	  case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.21/g10/options.h
+Index: gnupg-2.1.22/g10/options.h
 ===================================================================
--- gnupg-2.1.21.orig/g10/options.h	2017-04-03 17:13:56.000000000 +0200
-+++ gnupg-2.1.21/g10/options.h	2017-04-04 15:59:20.827799905 +0200
-@@ -214,6 +214,7 @@ struct
+--- gnupg-2.1.22.orig/g10/options.h
+++ gnupg-2.1.22/g10/options.h
+@@ -212,6 +212,7 @@ struct
   int no_auto_check_trustdb;
   int preserve_permissions;
   int no_homedir_creation;
@ -52,20 +52,20 @@ Index: gnupg-2.1.21/g10/options.h
   struct groupitem *grouplist;
   int mangle_dos_filenames;
   int enable_progress_filter;
-Index: gnupg-2.1.21/g10/sign.c
+Index: gnupg-2.1.22/g10/sign.c
 ===================================================================
--- gnupg-2.1.21.orig/g10/sign.c	2017-04-03 17:13:56.000000000 +0200
-+++ gnupg-2.1.21/g10/sign.c	2017-04-04 15:59:27.515864763 +0200
-@@ -42,6 +42,8 @@
- #include "call-agent.h"
+--- gnupg-2.1.22.orig/g10/sign.c
+++ gnupg-2.1.22/g10/sign.c
+@@ -43,6 +43,8 @@
 #include "../common/mbox-util.h"
+ #include "../common/compliance.h"
 
 +#include "../common/host2net.h"
 +
 #ifdef HAVE_DOSISH_SYSTEM
 #define LF "\r\n"
 #else
-@@ -695,6 +697,8 @@ write_signature_packets(ctrl_t ctrl,
+@@ -727,6 +729,8 @@ write_signature_packets (ctrl_t ctrl,
       if (duration || opt.sig_policy_url
           || opt.sig_notations || opt.sig_keyserver_url)
         sig->version = 4;
@ -73,8 +73,8 @@ Index: gnupg-2.1.21/g10/sign.c
 +        sig->version = 3;
       else
         sig->version = pk->version;
-
-@@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl,
+ 
+@@ -750,8 +754,12 @@ write_signature_packets (ctrl_t ctrl,
           mk_notation_policy_etc (sig, NULL, pk);
         }
 
@ -87,7 +87,7 @@ Index: gnupg-2.1.21/g10/sign.c
 
       rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce);
       gcry_md_close (md);
-@@ -781,6 +787,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -813,6 +821,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
     SK_LIST sk_rover = NULL;
     int multifile = 0;
     u32 duration=0;
@ -96,7 +96,7 @@ Index: gnupg-2.1.21/g10/sign.c
 
     pfx = new_progress_context ();
     afx = new_armor_context ();
-@@ -798,7 +806,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -830,7 +840,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
 	fname = NULL;
 
     if( fname && filenames->next && (!detached || encryptflag) )
@ -114,7 +114,7 @@ Index: gnupg-2.1.21/g10/sign.c
 
     if(encryptflag==2
        && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -819,7 +836,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -851,7 +870,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
       goto leave;
 
     /* prepare iobufs */
@ -123,7 +123,7 @@ Index: gnupg-2.1.21/g10/sign.c
 	inp = NULL; /* we do it later */
     else {
       inp = iobuf_open(fname);
-@@ -957,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -989,7 +1008,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
     for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
       gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
 
@ -132,7 +132,7 @@ Index: gnupg-2.1.21/g10/sign.c
 	iobuf_push_filter( inp, md_filter, &mfx );
 
     if( detached && !encryptflag)
-@@ -1012,6 +1029,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1044,6 +1063,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
 
     write_status_begin_signing (mfx.md);
 
@ -141,7 +141,7 @@ Index: gnupg-2.1.21/g10/sign.c
     /* Setup the inner packet. */
     if( detached ) {
 	if( multifile ) {
-@@ -1052,6 +1071,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1084,6 +1105,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
 	    if( opt.verbose )
               log_printf ("\n");
 	}
@ -187,7 +187,7 @@ Index: gnupg-2.1.21/g10/sign.c
 	else {
 	    /* read, so that the filter can calculate the digest */
 	    while( iobuf_get(inp) != -1 )
-@@ -1070,8 +1128,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1102,8 +1162,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
 
     /* write the signatures */
     rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
--- a/gnupg-2.1.21.tar.bz2
+++ b/gnupg-2.1.21.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7aead8a8ba75b69866f583b6c747d91414d523bfdfbe9a8e0fe026b16ba427dd
-size 6472887
--- a/gnupg-2.1.21.tar.bz2.sig
+++ b/gnupg-2.1.21.tar.bz2.sig
--- a/gnupg-2.1.22.tar.bz2
+++ b/gnupg-2.1.22.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7
+size 6530433
--- a/gnupg-2.1.22.tar.bz2.sig
+++ b/gnupg-2.1.22.tar.bz2.sig
--- a/gnupg-add_legacy_FIPS_mode_option.patch
+++ b/gnupg-add_legacy_FIPS_mode_option.patch
@ -3,11 +3,11 @@
 g10/gpg.c    |    9 +++++++++
 2 files changed, 27 insertions(+)

-Index: gnupg-2.1.17/doc/gpg.texi
+Index: gnupg-2.1.22/doc/gpg.texi
 ===================================================================
--- gnupg-2.1.17.orig/doc/gpg.texi
-+++ gnupg-2.1.17/doc/gpg.texi
-@@ -2034,6 +2034,24 @@ implies, this option is for experts only
+--- gnupg-2.1.22.orig/doc/gpg.texi
+++ gnupg-2.1.22/doc/gpg.texi
+@@ -2079,6 +2079,24 @@ implies, this option is for experts only
 understand the implications of what it allows you to do, leave this
 off. @option{--no-expert} disables this option.
 
@ -32,19 +32,19 @@ Index: gnupg-2.1.17/doc/gpg.texi
 @end table
 
 
-Index: gnupg-2.1.17/g10/gpg.c
+Index: gnupg-2.1.22/g10/gpg.c
 ===================================================================
--- gnupg-2.1.17.orig/g10/gpg.c
-+++ gnupg-2.1.17/g10/gpg.c
-@@ -415,6 +415,7 @@ enum cmd_and_opt_values
-     oOnlySignTextIDs,
+--- gnupg-2.1.22.orig/g10/gpg.c
+++ gnupg-2.1.22/g10/gpg.c
+@@ -422,6 +422,7 @@ enum cmd_and_opt_values
     oDisableSignerUID,
     oSender,
+     oKeyOrigin,
 +    oSetLegacyFips,
 
     oNoop
   };
-@@ -857,6 +858,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -867,6 +868,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
   ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
   ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@ -52,7 +52,7 @@ Index: gnupg-2.1.17/g10/gpg.c
 
   ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
 
-@@ -3510,6 +3512,13 @@ main (int argc, char **argv)
+@@ -3537,6 +3539,13 @@ main (int argc, char **argv)
             opt.def_new_key_algo = pargs.r.ret_str;
             break;
 
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Fri Jul 28 19:29:52 UTC 2017 - astieger@suse.com
+
+- GnuPG 2.1.22:
+  * gpg: Extend command --quick-set-expire to allow for setting the
+    expiration time of subkeys.
+  * gpg: By default try to repair keys during import. New sub-option
+    no-repair-keys for --import-options.
+  * gpg,gpgsm: Improved checking and reporting of DE-VS compliance.
+  * gpg: New options --key-origin and --with-key-origin. Store the
+    time of the last key update from keyservers, WKD, or DANE.
+  * agent: New option --ssh-fingerprint-digest.
+  * dimngr: Lower timeouts on keyserver connection attempts and made
+    it configurable.
+  * dirmngr: Tor will now automatically be detected and used. The
+    option --no-use-tor disables Tor detection.
+  * dirmngr: Now detects a changed /etc/resolv.conf.
+  * agent,dirmngr: Initiate shutdown on removal of the GnuPG home
+    directory.
+  * gpg: Avoid caching passphrase for failed symmetric encryption.
+  * agent: Support for unprotected ssh keys.
+  * dirmngr: Fixed name resolving on systems using only v6
+    nameservers.
+  * dirmngr: Allow the use of TLS over http proxies.
+  * wks: New man pages for client and server.
+
 -------------------------------------------------------------------
 Fri May 19 11:59:24 UTC 2017 - marco.strigl@suse.com

--- a/gpg2.spec
+++ b/gpg2.spec
@ -17,7 +17,7 @@


 Name:           gpg2
-Version:        2.1.21
+Version:        2.1.22
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0+
@ -67,7 +67,6 @@ Provides:       newpg
 # special feature needed for OBS signd
 Provides:       gpg2_signd_support
 Obsoletes:      gpg < 1.4.9
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
 GnuPG is a hybrid-encryption software program; it uses a combination
@ -104,13 +103,13 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
    --enable-large-secmem \
    --enable-wks-tools \
    --with-gnu-ld \
-    --with-default-trust-store=/etc/ssl/ca-bundle.pem \
+    --with-default-trust-store=%{_sysconfdir}/ssl/ca-bundle.pem \
    --enable-build-timestamp=$date \

 make %{?_smp_mflags}

 %install
-make %{?_smp_mflags} DESTDIR=%{buildroot} install
+%make_install
 mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
 # bnc#391347
 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
@ -125,7 +124,7 @@ ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
 # fix rpmlint invalid-lc-messages-dir:
 rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
 # additional files to documentation directory
-install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/%{_docdir}/%{name}
+install -m 644 AUTHORS COPYING* ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/%{_docdir}/%{name}
 # install scdaemon to %{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
@ -149,10 +148,8 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir}
 %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz

 %files lang -f gnupg2.lang
-%defattr(-,root,root)

 %files
-%defattr(-,root,root)
 %{_infodir}/gnupg*
 %{_mandir}/*/*%{ext_man}
 %doc %{_docdir}/%{name}