Accepting request 479376 from security:privacy

- Use stronger defaults for new users, using SHA-2 digest family for certificates and message signatures - FATE#323084 adding gnupg-2.1.19-stronger-defaults.patch OBS-URL: https://build.opensuse.org/request/show/479376 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=166
2017-03-16 09:35:18 +00:00 · 2017-03-16 09:35:18 +00:00 · 4a38996a40
commit 4a38996a40
parent 5b7f1aaff5
3 changed files with 35 additions and 0 deletions
--- a/gnupg-2.1.19-stronger-defaults.patch
+++ b/gnupg-2.1.19-stronger-defaults.patch
@ -0,0 +1,26 @@
 From: Andreas Stieger <astieger@suse.com>
 Date: Tue, 14 Mar 2017 20:43:20 +0000
 Subject; FATE#323084: Stronger GnuPG defaults
 References: FATE#323084
 Upstream: no
 Index: gnupg-2.1.19/g10/options.skel
 ===================================================================
 --- gnupg-2.1.19.orig/g10/options.skel
 +++ gnupg-2.1.19/g10/options.skel
@@ -137,3 +137,15 @@
 # Uncomment the following option to get rid of the copyright notice
 #no-greeting
 +
 +# SUSE recommended output options
 +with-fingerprint
 +keyid-format 0xlong
 +no-emit-version
 +
 +# SUSE recommends SHA-2 family of hashes for all  
 +personal-digest-preferences SHA512 SHA384 SHA256 SHA224
 +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
 +cert-digest-algo SHA512
 +digest-algo SHA512
 +
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Mar 14 20:41:55 UTC 2017 - astieger@suse.com
 - Use stronger defaults for new users, using SHA-2 digest family
  for certificates and message signatures - FATE#323084
  adding gnupg-2.1.19-stronger-defaults.patch
 -------------------------------------------------------------------
 Tue Mar  7 12:55:14 UTC 2017 - astieger@suse.com
--- a/gpg2.spec
+++ b/gpg2.spec
@ -34,6 +34,7 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:        gnupg-2.1.19-stronger-defaults.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.4.3
@ -86,6 +87,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
 %patch12 -p1
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})