pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 615264 from Base:System

Browse Source 
GnuPG 2.2.8 (bsc#1096745, CVE-2018-12020)

OBS-URL: https://build.opensuse.org/request/show/615264
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=128
This commit is contained in:
Yuchen Lin 2018-06-22 11:11:25 +00:00 committed by Git OBS Bridge
parent 9cdea5fadb
commit 4dae542981
7 changed files with 45 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
gnupg-2.2.7.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d95b361ee6ef7eff86af40c8c72bf9313736ac9f7010d6604d78bf83818e976e
size 6631100

BIN
gnupg-2.2.7.tar.bz2.sig
View File

Binary file not shown.

32
gnupg-2.0.18-files-are-digests.patch → gnupg-2.2.8-files-are-digests.patch
View File

@ -4,11 +4,11 @@
g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
3 files changed, 67 insertions(+), 6 deletions(-) 3 files changed, 67 insertions(+), 6 deletions(-)
Index: gnupg-2.1.23/g10/gpg.c Index: gnupg-2.2.8/g10/gpg.c
=================================================================== ===================================================================
--- gnupg-2.1.23.orig/g10/gpg.c 2017-08-09 15:46:17.000000000 +0200 --- gnupg-2.2.8.orig/g10/gpg.c 2018-06-06 11:59:06.000000000 +0200
+++ gnupg-2.1.23/g10/gpg.c 2017-08-10 16:21:26.692847431 +0200 +++ gnupg-2.2.8/g10/gpg.c 2018-06-08 16:34:33.287514003 +0200
@@ -380,6 +380,7 @@ enum cmd_and_opt_values @@ -376,6 +376,7 @@ enum cmd_and_opt_values
oTTYtype, oTTYtype,
oLCctype, oLCctype,
oLCmessages, oLCmessages,
@ -16,7 +16,7 @@ Index: gnupg-2.1.23/g10/gpg.c
oXauthority, oXauthority,
oGroup, oGroup,
oUnGroup, oUnGroup,
@@ -829,6 +830,7 @@ static ARGPARSE_OPTS opts[] = { @@ -824,6 +825,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@ -24,7 +24,7 @@ Index: gnupg-2.1.23/g10/gpg.c
/* Aliases. I constantly mistype these, and assume other people do /* Aliases. I constantly mistype these, and assume other people do
as well. */ as well. */
@@ -2388,6 +2390,7 @@ main (int argc, char **argv) @@ -2392,6 +2394,7 @@ main (int argc, char **argv)
opt.def_cert_expire = "0"; opt.def_cert_expire = "0";
gnupg_set_homedir (NULL); gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1; opt.passphrase_repeat = 1;
@ -32,19 +32,19 @@ Index: gnupg-2.1.23/g10/gpg.c
opt.emit_version = 0; opt.emit_version = 0;
opt.weak_digests = NULL; opt.weak_digests = NULL;
@@ -2952,6 +2955,7 @@ main (int argc, char **argv) @@ -2963,6 +2966,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS; opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break; break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
+ case oFilesAreDigests: opt.files_are_digests = 1; break; + case oFilesAreDigests: opt.files_are_digests = 1; break;
case oForceMDC: opt.force_mdc = 1; break; case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
Index: gnupg-2.1.23/g10/options.h Index: gnupg-2.2.8/g10/options.h
=================================================================== ===================================================================
--- gnupg-2.1.23.orig/g10/options.h 2017-08-09 15:46:17.000000000 +0200 --- gnupg-2.2.8.orig/g10/options.h 2018-05-31 12:03:06.000000000 +0200
+++ gnupg-2.1.23/g10/options.h 2017-08-10 16:21:26.692847431 +0200 +++ gnupg-2.2.8/g10/options.h 2018-06-08 16:34:33.287514003 +0200
@@ -213,6 +213,7 @@ struct @@ -210,6 +210,7 @@ struct
int no_auto_check_trustdb; int no_auto_check_trustdb;
int preserve_permissions; int preserve_permissions;
int no_homedir_creation; int no_homedir_creation;
@ -52,10 +52,10 @@ Index: gnupg-2.1.23/g10/options.h
struct groupitem *grouplist; struct groupitem *grouplist;
int mangle_dos_filenames; int mangle_dos_filenames;
int enable_progress_filter; int enable_progress_filter;
Index: gnupg-2.1.23/g10/sign.c Index: gnupg-2.2.8/g10/sign.c
=================================================================== ===================================================================
--- gnupg-2.1.23.orig/g10/sign.c 2017-07-28 19:39:06.000000000 +0200 --- gnupg-2.2.8.orig/g10/sign.c 2017-08-28 12:22:54.000000000 +0200
+++ gnupg-2.1.23/g10/sign.c 2017-08-10 16:21:26.692847431 +0200 +++ gnupg-2.2.8/g10/sign.c 2018-06-08 16:34:33.287514003 +0200
@@ -43,6 +43,8 @@ @@ -43,6 +43,8 @@
#include "../common/mbox-util.h" #include "../common/mbox-util.h"
#include "../common/compliance.h" #include "../common/compliance.h"

3
gnupg-2.2.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd
size 6632465

BIN
gnupg-2.2.8.tar.bz2.sig Normal file
View File

Binary file not shown.

22
gpg2.changes
View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Fri Jun 8 14:37:06 UTC 2018 - kbabioch@suse.com
- Update to version 2.2.8:
* gpg: Decryption of messages not using the MDC mode will now lead to a
hard failure even if a legacy cipher algorithm was used. The option
--ignore-mdc-error can be used to turn this failure into a warning. Take
care: Never use that option unconditionally or without a prior warning.
* gpg: The MDC encryption mode is now always used regardless of the
cipher algorithm or any preferences. For testing --rfc2440 can be
used to create a message without an MDC.
* gpg: Sanitize the diagnostic output of the original file name in
verbose mode (bsc#1096745, CVE-2018-12020)
* gpg: Detect suspicious multiple plaintext packets in a more reliable way.
* gpg: Fix the duplicate key signature detection code.
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
--disable-mdc and --no-disable-mdc have no more effect.
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
list of startup environment variables.
- Refresh gnupg-2.0.18-files-are-digests.patch
to gnupg-2.2.8-files-are-digests.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri May 4 14:15:27 UTC 2018 - astieger@suse.com Fri May 4 14:15:27 UTC 2018 - astieger@suse.com

8
gpg2.spec
View File

@ -17,19 +17,19 @@
Name: gpg2 Name: gpg2
Version: 2.2.7 Version: 2.2.8
Release: 0 Release: 0
Summary: File encryption, decryption, signature creation and verification utility Summary: File encryption, decryption, signature creation and verification utility
License: GPL-3.0+ License: GPL-3.0-or-later
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Url: http://www.gnupg.org/aegypten2/ URL: https://www.gnupg.org
Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
# https://www.gnupg.org/signature_key.html # https://www.gnupg.org/signature_key.html
Source3: %{name}.keyring Source3: %{name}.keyring
Source99: %{name}.changes Source99: %{name}.changes
Patch4: gnupg-2.0.9-langinfo.patch Patch4: gnupg-2.0.9-langinfo.patch
Patch5: gnupg-2.0.18-files-are-digests.patch Patch5: gnupg-2.2.8-files-are-digests.patch
Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch8: gnupg-set_umask_before_open_outfile.patch Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch Patch9: gnupg-detect_FIPS_mode.patch