From 2b9e294fdabd0eb700e2254de85bdd19406260595925bd2d0be9bfde40c3cc10 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Wed, 31 Aug 2016 13:18:54 +0000 Subject: [PATCH 1/3] Accepting request 424000 from security:privacy - Add an explicit runtime dependency on libgcrypt >= 1.7.0 to match runtime version check OBS-URL: https://build.opensuse.org/request/show/424000 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=147 --- gpg2.changes | 6 ++++++ gpg2.spec | 2 ++ 2 files changed, 8 insertions(+) diff --git a/gpg2.changes b/gpg2.changes index c6600b5..7877750 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Aug 31 13:06:28 UTC 2016 - astieger@suse.com + +- Add an explicit runtime dependency on libgcrypt >= 1.7.0 to + match runtime version check + ------------------------------------------------------------------- Fri Aug 19 21:22:22 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 6c49b73..29f2782 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -57,6 +57,8 @@ BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) # Add an explicit runtime dependency to match boo#955982 Requires: libassuan0 >= 2.4.1 +# Explicit runtime depencency - runtime version check +Requires: libgcrypt20 >= 1.7.0 Requires: pinentry # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{install_info_prereq} From f88d4275c3ee028d26b3f18b9c6065161883bde0f4cc7078237cbcf15f5b990a Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Wed, 31 Aug 2016 20:02:41 +0000 Subject: [PATCH 2/3] rev OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=148 --- gpg2.changes | 6 ------ gpg2.spec | 2 -- 2 files changed, 8 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 7877750..c6600b5 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Wed Aug 31 13:06:28 UTC 2016 - astieger@suse.com - -- Add an explicit runtime dependency on libgcrypt >= 1.7.0 to - match runtime version check - ------------------------------------------------------------------- Fri Aug 19 21:22:22 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 29f2782..6c49b73 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -57,8 +57,6 @@ BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) # Add an explicit runtime dependency to match boo#955982 Requires: libassuan0 >= 2.4.1 -# Explicit runtime depencency - runtime version check -Requires: libgcrypt20 >= 1.7.0 Requires: pinentry # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{install_info_prereq} From 5058b5ebe26437e6c575f9301d223eeda44d5b0a60c22ee330b92848de7a1e5a Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Tue, 13 Sep 2016 13:56:48 +0000 Subject: [PATCH 3/3] Accepting request 427260 from security:privacy - avoid mixing up status and colon line output - bsc#993324 - enable web key discovery tools - Add an explicit runtime dependency on libgcrypt >= 1.7.0 to match runtime version check OBS-URL: https://build.opensuse.org/request/show/427260 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=149 --- gnupg-2.1.15-bsc993324-status-output.patch | 190 +++++++++++++++++++++ gpg2.changes | 17 ++ gpg2.spec | 9 +- 3 files changed, 213 insertions(+), 3 deletions(-) create mode 100644 gnupg-2.1.15-bsc993324-status-output.patch diff --git a/gnupg-2.1.15-bsc993324-status-output.patch b/gnupg-2.1.15-bsc993324-status-output.patch new file mode 100644 index 0000000..461d7b6 --- /dev/null +++ b/gnupg-2.1.15-bsc993324-status-output.patch @@ -0,0 +1,190 @@ +From 31fc420727f45dd081f8ad5d056da6675dad29f2 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 12 Sep 2016 17:42:50 +0200 +Subject: [PATCH] gpg: Avoid mixing up status and colon line output. + +* g10/keylist.c (list_keyblock_colon): Avoid calling functions which +trigger a status line output before having printed a LF. +-- + +Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the +colons output, like here: + + pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...] + +Reported-by: Andreas Stieger +Signed-off-by: Werner Koch + +--- + +This version of the patch backported onto the 2.1.15 tag -- astieger@suse.com + +--- + g10/keylist.c | 83 +++++++++++++++++++++++++++++++++-------------------------- + 1 file changed, 47 insertions(+), 36 deletions(-) + +Index: gnupg-2.1.15/g10/keylist.c +=================================================================== +--- gnupg-2.1.15.orig/g10/keylist.c 2016-09-13 15:40:30.178482877 +0200 ++++ gnupg-2.1.15/g10/keylist.c 2016-09-13 15:45:53.605670795 +0200 +@@ -1183,9 +1183,10 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + PKT_public_key *pk; + u32 keyid[2]; + int trustletter = 0; ++ int trustletter_print; ++ int ownertrust_print; + int ulti_hack = 0; + int i; +- char *p; + char *hexgrip_buffer = NULL; + const char *hexgrip = NULL; + char *serialno = NULL; +@@ -1217,31 +1218,38 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + stubkey = 1; /* Key not found. */ + + keyid_from_pk (pk, keyid); +- es_fputs (secret? "sec:":"pub:", es_stdout); + if (!pk->flags.valid) +- es_putc ('i', es_stdout); ++ trustletter_print = 'i'; + else if (pk->flags.revoked) +- es_putc ('r', es_stdout); ++ trustletter_print = 'r'; + else if (pk->has_expired) +- es_putc ('e', es_stdout); ++ trustletter_print = 'e'; + else if (opt.fast_list_mode || opt.no_expensive_trust_checks) +- ; ++ trustletter_print = 0; + else + { + trustletter = get_validity_info (ctrl, pk, NULL); + if (trustletter == 'u') + ulti_hack = 1; +- es_putc (trustletter, es_stdout); ++ trustletter_print = trustletter; + } + ++ if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) ++ ownertrust_print = get_ownertrust_info (pk); ++ else ++ ownertrust_print = 0; ++ ++ es_fputs (secret? "sec:":"pub:", es_stdout); ++ if (trustletter_print) ++ es_putc (trustletter_print, es_stdout); + es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::", + nbits_from_pk (pk), + pk->pubkey_algo, + (ulong) keyid[0], (ulong) keyid[1], + colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); + +- if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) +- es_putc (get_ownertrust_info (pk), es_stdout); ++ if (ownertrust_print) ++ es_putc (ownertrust_print, es_stdout); + es_putc (':', es_stdout); + + es_putc (':', es_stdout); +@@ -1286,31 +1294,27 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + { + if (node->pkt->pkttype == PKT_USER_ID) + { +- char *str; + PKT_user_id *uid = node->pkt->pkt.user_id; ++ int uid_validity; + + if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) + dump_attribs (node->pkt->pkt.user_id, pk); +- /* +- * Fixme: We need a valid flag here too +- */ +- str = uid->attrib_data ? "uat" : "uid"; ++ + if (uid->is_revoked) +- es_fprintf (es_stdout, "%s:r::::", str); ++ uid_validity = 'r'; + else if (uid->is_expired) +- es_fprintf (es_stdout, "%s:e::::", str); ++ uid_validity = 'e'; + else if (opt.no_expensive_trust_checks) +- es_fprintf (es_stdout, "%s:::::", str); +- else +- { +- int uid_validity; +- +- if (!ulti_hack) +- uid_validity = get_validity_info (ctrl, pk, uid); +- else +- uid_validity = 'u'; +- es_fprintf (es_stdout, "%s:%c::::", str, uid_validity); +- } ++ uid_validity = 0; ++ else if (ulti_hack) ++ uid_validity = 'u'; ++ else ++ uid_validity = get_validity_info (ctrl, pk, uid); ++ ++ es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout); ++ if (uid_validity) ++ es_putc (uid_validity, es_stdout); ++ es_fputs ("::::", es_stdout); + + es_fprintf (es_stdout, "%s:", colon_strtime (uid->created)); + es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate)); +@@ -1425,6 +1429,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + char *sigstr; + size_t fplen; + byte fparray[MAX_FINGERPRINT_LEN]; ++ char *siguid; ++ size_t siguidlen; + + if (sig->sig_class == 0x20 || sig->sig_class == 0x28 + || sig->sig_class == 0x30) +@@ -1484,6 +1490,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + rc = 0; + sigrc = ' '; + } ++ ++ if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode) ++ siguid = get_user_id (sig->keyid, &siguidlen); ++ else ++ { ++ siguid = NULL; ++ siguidlen = 0; ++ } ++ ++ + es_fputs (sigstr, es_stdout); + es_putc (':', es_stdout); + if (sigrc != ' ') +@@ -1504,17 +1520,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + + if (sigrc == '%') + es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); +- else if (sigrc == '?') +- ; +- else if (!opt.fast_list_mode) +- { +- size_t n; +- p = get_user_id (sig->keyid, &n); +- es_write_sanitized (es_stdout, p, n, ":", NULL); +- xfree (p); +- } ++ else if (siguid) ++ es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL); ++ + es_fprintf (es_stdout, ":%02x%c::", sig->sig_class, +- sig->flags.exportable ? 'x' : 'l'); ++ sig->flags.exportable ? 'x' : 'l'); + + if (opt.no_sig_cache && opt.check_sigs && fprokay) + { +@@ -1528,6 +1538,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode + print_subpackets_colon (sig); + + /* fixme: check or list other sigs here */ ++ xfree (siguid); + } + } + diff --git a/gpg2.changes b/gpg2.changes index c6600b5..6ebe73d 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Sep 13 13:50:52 UTC 2016 - astieger@suse.com + +- avoid mixing up status and colon line output - bsc#993324 + add gnupg-2.1.15-bsc993324-status-output.patch + +------------------------------------------------------------------- +Thu Sep 1 08:23:28 UTC 2016 - astieger@suse.com + +- enable web key discovery tools + +------------------------------------------------------------------- +Wed Aug 31 13:06:28 UTC 2016 - astieger@suse.com + +- Add an explicit runtime dependency on libgcrypt >= 1.7.0 to + match runtime version check + ------------------------------------------------------------------- Fri Aug 19 21:22:22 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 6c49b73..fc234ca 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -35,12 +35,11 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch +Patch13: gnupg-2.1.15-bsc993324-status-output.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel BuildRequires: libassuan-devel >= 2.4.3 -# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG -# raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.7.0 BuildRequires: libgpg-error-devel >= 1.24 BuildRequires: libksba-devel >= 1.3.4 @@ -56,7 +55,9 @@ BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) # Add an explicit runtime dependency to match boo#955982 -Requires: libassuan0 >= 2.4.1 +Requires: libassuan0 >= 2.4.3 +# Explicit runtime depencency - runtime version check +Requires: libgcrypt20 >= 1.7.0 Requires: pinentry # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{install_info_prereq} @@ -86,6 +87,7 @@ gpg-agent, and a keybox library. %patch9 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) @@ -102,6 +104,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ + --enable-wks-tools \ --with-gnu-ld \ --enable-build-timestamp=$date