Accepting request 1083567 from home:david.anes:branches:Base:System

- Rebased patches:
  * gnupg-add_legacy_FIPS_mode_option.patch
- Removed patches (already upstream):
  * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch 
- Don't ship systemd examples, as they are removed from upstream
  release tarball.
- Update to 2.4.1:
  * If the ~/.gnupg directory does not exist, the keyboxd is now
    automagically enabled.
  * gpg: New option --add-desig-revoker.
  * gpg: New option --assert-signer.
  * gpg: New command --quick-add-adsk and other ADSK features.
  * gpg: New list-option "show-unusable-sigs".  Also show
    "[self-signature]" instead of the user-id in key signature
    listings. 
  * gpg: For symmetric encryption the default S2K hash is now SHA256.
  * gpg: Detect already compressed data also when using a pipe.  Also
    detect JPEG and PNG file formats.
  * gpg: New subcommand "openpgp" for --card-edit.
  * gpgsm: Verification of detached signatures does now strip trailing
    zeroes from the input if --assume-binary is used.
  * gpgsm: Non-armored detached signature are now created without
    using indefinite form length octets.  This improves compatibility
    with some PDF signature verification software.
  * gpgtar: Emit progress status lines in create mode.
  * dirmngr: The LDAP modifyTimestamp is now returned by some
    keyserver commands.
  * ssh: Allow specification of the order keys are presented to ssh.
    See the man page entry for --enable-ssh-support.
  * gpg: Make list-options "show-sig-subpackets" work again.

OBS-URL: https://build.opensuse.org/request/show/1083567
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=284

gnupg-2.4.0.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
-size 7666935

gnupg-2.4.1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:76b71e5aeb443bfd910ce9cbc8281b617c8341687afb67bae455877972b59de8
+size 7341338

gnupg-add_legacy_FIPS_mode_option.patch

@@ -3,11 +3,11 @@
  g10/gpg.c    |    9 +++++++++
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.4.0/doc/gpg.texi
+Index: gnupg-2.4.1/doc/gpg.texi
 ===================================================================
---- gnupg-2.4.0.orig/doc/gpg.texi
+--- gnupg-2.4.1.orig/doc/gpg.texi
-+++ gnupg-2.4.0/doc/gpg.texi
++++ gnupg-2.4.1/doc/gpg.texi
-@@ -2218,6 +2218,24 @@ implies, this option is for experts only
+@@ -2285,6 +2285,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,28 +32,28 @@ Index: gnupg-2.4.0/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.4.0/g10/gpg.c
+Index: gnupg-2.4.1/g10/gpg.c
 ===================================================================
---- gnupg-2.4.0.orig/g10/gpg.c
+--- gnupg-2.4.1.orig/g10/gpg.c
-+++ gnupg-2.4.0/g10/gpg.c
++++ gnupg-2.4.1/g10/gpg.c
-@@ -443,6 +443,7 @@ enum cmd_and_opt_values
+@@ -444,6 +444,7 @@ enum cmd_and_opt_values
      oForceSignKey,
      oForbidGenKey,
      oRequireCompliance,
 +    oSetLegacyFips,
      oCompatibilityFlags,
- 
+     oAddDesigRevoker,
-     oNoop
+     oAssertSigner,
-@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = {
+@@ -978,6 +979,7 @@ static gpgrt_opt_t opts[] = {
-   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
+   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
-   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
+   ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
-   ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
+   ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
 +  ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
  
  
-   ARGPARSE_header (NULL, N_("Options for unattended use")),
+   ARGPARSE_group (302, N_(
-@@ -3711,6 +3713,14 @@ main (int argc, char **argv)
+@@ -3743,6 +3745,13 @@ main (int argc, char **argv)
-             opt.flags.require_compliance = 1;
+             add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str);
  	    break;
  
 +    case oSetLegacyFips:
@@ -63,7 +63,6 @@ Index: gnupg-2.4.0/g10/gpg.c
 +      else
 +        log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
 +      break;
-+
+ 
  	  case oNoop: break;
  
- 	  default:

gpg2.changes

@@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Fri Apr 28 17:32:11 UTC 2023 - David Anes <david.anes@suse.com>
+
+- Rebased patches:
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+- Removed patches (already upstream):
+  * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch 
+
+- Don't ship systemd examples, as they are removed from upstream
+  release tarball.
+
+- Update to 2.4.1:
+  * If the ~/.gnupg directory does not exist, the keyboxd is now
+    automagically enabled.
+  * gpg: New option --add-desig-revoker.
+  * gpg: New option --assert-signer.
+  * gpg: New command --quick-add-adsk and other ADSK features.
+  * gpg: New list-option "show-unusable-sigs".  Also show
+    "[self-signature]" instead of the user-id in key signature
+    listings. 
+  * gpg: For symmetric encryption the default S2K hash is now SHA256.
+  * gpg: Detect already compressed data also when using a pipe.  Also
+    detect JPEG and PNG file formats.
+  * gpg: New subcommand "openpgp" for --card-edit.
+  * gpgsm: Verification of detached signatures does now strip trailing
+    zeroes from the input if --assume-binary is used.
+  * gpgsm: Non-armored detached signature are now created without
+    using indefinite form length octets.  This improves compatibility
+    with some PDF signature verification software.
+  * gpgtar: Emit progress status lines in create mode.
+  * dirmngr: The LDAP modifyTimestamp is now returned by some
+    keyserver commands.
+  * ssh: Allow specification of the order keys are presented to ssh.
+    See the man page entry for --enable-ssh-support.
+  * gpg: Make list-options "show-sig-subpackets" work again.
+    Fixes regression in 2.4.0.
+  * gpg: Fix the keytocard command for Yubikeys.
+  * gpg: Do not continue an export after a cancel for the primary key.
+  * gpg: Replace the --override-compliance-check hack by a real fix.
+  * gpgtar: Fix decryption with input taken from stdin.
+
 -------------------------------------------------------------------
 Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

gpg2.spec

@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.4.0
+Version:        2.4.1
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@@ -39,8 +39,6 @@ Patch7:         gnupg-2.2.16-secmem.patch
 Patch8:         gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
 Patch9:         gnupg-add-test-cases-for-import-without-uid.patch
 Patch10:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
-#PATCH-FIX-UPSTREAM dev.gnupg.org/T6313
-Patch11:        gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  ibmswtpm2
@@ -173,7 +171,6 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 %{_mandir}/*/*%{ext_man}
 %license COPYING*
 %doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
-%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %doc %{_docdir}/%{name}
 %exclude %{_bindir}/dirmngr*
 %exclude %{_bindir}/tpm2daemon*
@@ -190,7 +187,6 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 %files -n dirmngr
 %license COPYING*
 %{_mandir}/*/dirmngr*%{ext_man}
-%{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %{_bindir}/dirmngr*
 
 %files tpm