Accepting request 1090818 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1090818
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=166

gnupg-2.3.8.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed
-size 7644926

gnupg-2.4.2.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:97eb47df8ae5a3ff744f868005a090da5ab45cb48ee9836dbf5ee739a4e5cf49
+size 7346587

gnupg-add_legacy_FIPS_mode_option.patch

@@ -3,11 +3,11 @@
  g10/gpg.c    |    9 +++++++++
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.3.5/doc/gpg.texi
+Index: gnupg-2.4.2/doc/gpg.texi
 ===================================================================
---- gnupg-2.3.5.orig/doc/gpg.texi
+--- gnupg-2.4.2.orig/doc/gpg.texi
-+++ gnupg-2.3.5/doc/gpg.texi
++++ gnupg-2.4.2/doc/gpg.texi
-@@ -2197,6 +2197,24 @@ implies, this option is for experts only
+@@ -2285,6 +2285,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,28 +32,28 @@ Index: gnupg-2.3.5/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.3.5/g10/gpg.c
+Index: gnupg-2.4.2/g10/gpg.c
 ===================================================================
---- gnupg-2.3.5.orig/g10/gpg.c
+--- gnupg-2.4.2.orig/g10/gpg.c
-+++ gnupg-2.3.5/g10/gpg.c
++++ gnupg-2.4.2/g10/gpg.c
-@@ -443,6 +443,7 @@ enum cmd_and_opt_values
+@@ -446,6 +446,7 @@ enum cmd_and_opt_values
      oForceSignKey,
      oForbidGenKey,
      oRequireCompliance,
 +    oSetLegacyFips,
- 
+     oCompatibilityFlags,
-     oNoop
+     oAddDesigRevoker,
-   };
+     oAssertSigner,
-@@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = {
+@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
    ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
    ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
-   ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
 +  ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
  
  
    ARGPARSE_header (NULL, N_("Options for unattended use")),
-@@ -3737,6 +3739,14 @@ main (int argc, char **argv)
+@@ -3756,6 +3758,14 @@ main (int argc, char **argv)
-             opt.flags.require_compliance = 1;
+             keybox_set_buffersize (pargs.r.ret_ulong, 0);
              break;
  
 +         case oSetLegacyFips:

gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch

@@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  g10/import.c | 49 +++++++++++--------------------------------------
  1 file changed, 11 insertions(+), 38 deletions(-)
 
-Index: gnupg-2.3.0/g10/import.c
+Index: gnupg-2.4.0/g10/import.c
 ===================================================================
---- gnupg-2.3.0.orig/g10/import.c
+--- gnupg-2.4.0.orig/g10/import.c
-+++ gnupg-2.3.0/g10/import.c
++++ gnupg-2.4.0/g10/import.c
-@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
    size_t an;
    char pkstrbuf[PUBKEY_STRING_SIZE];
    int merge_keys_done = 0;
@@ -29,7 +29,7 @@ Index: gnupg-2.3.0/g10/import.c
    KEYDB_HANDLE hd = NULL;
  
    if (r_valid)
-@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl,
        log_printf ("\n");
      }
  
@@ -44,13 +44,12 @@ Index: gnupg-2.3.0/g10/import.c
    if (screener && screener (keyblock, screener_arg))
      {
        log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl,
+@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl,
-             xfree(user);
  	  }
      }
--
+ 
 -  /* Delete invalid parts and bail out if there are no user ids left.  */
--  if (!delete_inv_parts (ctrl, keyblock, keyid, options))
+-  if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
 -    {
 -      if (!silent)
 -        {
@@ -64,11 +63,11 @@ Index: gnupg-2.3.0/g10/import.c
 +  /* Delete invalid parts, and note if we have any valid ones left.
 +   * We will later abort import if this key is new but contains
 +   * no valid uids.  */
-+  delete_inv_parts (ctrl, keyblock, keyid, options);
++  delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
  
    /* Get rid of deleted nodes.  */
    commit_kbnode (&keyblock);
-@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl,
+@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl,
      {
        apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
        commit_kbnode (&keyblock);
@@ -93,7 +92,7 @@ Index: gnupg-2.3.0/g10/import.c
      }
  
    /* The keyblock is valid and ready for real import.  */
-@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl,
        err = 0;
        stats->skipped_new_keys++;
      }

gnupg-allow-large-rsa.patch

@@ -0,0 +1,13 @@
+Index: gnupg-2.4.0/g10/keygen.c
+===================================================================
+--- gnupg-2.4.0.orig/g10/keygen.c
++++ gnupg-2.4.0/g10/keygen.c
+@@ -2461,7 +2461,7 @@ get_keysize_range (int algo, unsigned in
+ 
+     default:
+       *min = opt.compliance == CO_DE_VS ? 2048: 1024;
+-      *max = 4096;
++      *max = opt.flags.large_rsa == 1 ? 8192 : 4096;
+       def = 3072;
+       break;
+     }

gnupg-revert-rfc4880bis.patch

@@ -0,0 +1,202 @@
+From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 31 Oct 2022 16:14:18 +0100
+Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
+
+* g10/gpg.c (oRFC4880bis): Remove.
+(opts): Make --rfc4880bis a Noop.
+(compliance_options): Make rfc4880bis to gnupg.
+(set_compliance_option): Remove rfc4880bis stuff.
+(main): Ditto.  Note that this now activates the --mimemode option.
+* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
+(keygen_upd_std_prefs): Always announce support for v5 keys.
+(read_parameter_file): Activate the v4 and v5 keywords.
+--
+
+Index: gnupg-2.4.1/g10/gpg.c
+===================================================================
+--- gnupg-2.4.1.orig/g10/gpg.c
++++ gnupg-2.4.1/g10/gpg.c
+@@ -247,6 +247,7 @@ enum cmd_and_opt_values
+     oGnuPG,
+     oRFC2440,
+     oRFC4880,
++    oRFC4880bis,
+     oOpenPGP,
+     oPGP7,
+     oPGP8,
+@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
+   ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
+   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
++  ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
+   ARGPARSE_s_n (oPGP7, "pgp6", "@"),
+   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
+@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
+   ARGPARSE_s_s (oNoop, "aead-algo", "@"),
+   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
+-  ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
+ 
+ 
+@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co
+   {
+     { "gnupg",      oGnuPG },
+     { "openpgp",    oOpenPGP },
+-    { "rfc4880bis", oGnuPG },
++    { "rfc4880bis", oRFC4880bis },
+     { "rfc4880",    oRFC4880 },
+     { "rfc2440",    oRFC2440 },
+     { "pgp6",       oPGP7 },
+@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co
+ static void
+ set_compliance_option (enum cmd_and_opt_values option)
+ {
++  opt.flags.rfc4880bis = 0;  /* Clear because it is initially set.  */
++
+   switch (option)
+     {
++    case oRFC4880bis:
++      opt.flags.rfc4880bis = 1;
++      opt.compliance = CO_RFC4880;
++      opt.flags.dsa2 = 1;
++      opt.flags.require_cross_cert = 1;
++      opt.rfc2440_text = 0;
++      opt.allow_non_selfsigned_uid = 1;
++      opt.allow_freeform_uid = 1;
++      opt.escape_from = 1;
++      opt.not_dash_escaped = 0;
++      opt.def_cipher_algo = 0;
++      opt.def_digest_algo = 0;
++      opt.cert_digest_algo = 0;
++      opt.compress_algo = -1;
++      opt.s2k_mode = 3; /* iterated+salted */
++      opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
++      opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
++      break;
+     case oOpenPGP:
+     case oRFC4880:
+       /* This is effectively the same as RFC2440, but with
+@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_
+     case oPGP8:  opt.compliance = CO_PGP8;  break;
+     case oGnuPG:
+       opt.compliance = CO_GNUPG;
++      opt.flags.rfc4880bis = 1;
+       break;
+ 
+     case oDE_VS:
+@@ -2490,6 +2512,7 @@ main (int argc, char **argv)
+     opt.emit_version = 0;
+     opt.weak_digests = NULL;
+     opt.compliance = CO_GNUPG;
++    opt.flags.rfc4880bis = 1;
+ 
+     /* Check special options given on the command line.  */
+     orig_argc = argc;
+@@ -3032,6 +3055,7 @@ main (int argc, char **argv)
+           case oOpenPGP:
+           case oRFC2440:
+           case oRFC4880:
++          case oRFC4880bis:
+           case oPGP7:
+           case oPGP8:
+           case oGnuPG:
+@@ -3868,6 +3892,11 @@ main (int argc, char **argv)
+     if( may_coredump && !opt.quiet )
+ 	log_info(_("WARNING: program may create a core file!\n"));
+ 
++    if (!opt.flags.rfc4880bis)
++      {
++        opt.mimemode = 0; /* This will use text mode instead.  */
++      }
++
+     if (eyes_only) {
+       if (opt.set_filename)
+ 	  log_info(_("WARNING: %s overrides %s\n"),
+@@ -4084,7 +4113,7 @@ main (int argc, char **argv)
+     /* Check our chosen algorithms against the list of legal
+        algorithms. */
+ 
+-    if(!GNUPG)
++    if(!GNUPG && !opt.flags.rfc4880bis)
+       {
+ 	const char *badalg=NULL;
+ 	preftype_t badtype=PREFTYPE_NONE;
+Index: gnupg-2.4.1/g10/keygen.c
+===================================================================
+--- gnupg-2.4.1.orig/g10/keygen.c
++++ gnupg-2.4.1/g10/keygen.c
+@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string
+ 	      strcat(dummy_string,"S7 ");
+ 	    strcat(dummy_string,"S2 "); /* 3DES */
+ 
+-            if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
++            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ 	      strcat(dummy_string,"A2 ");
+ 
+             if (personal)
+@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig
+   /* Make sure that the MDC feature flag is set if needed.  */
+   add_feature_mdc (sig,mdc_available);
+   add_feature_aead (sig, aead_available);
+-  add_feature_v5 (sig, 1);
++  add_feature_v5 (sig, opt.flags.rfc4880bis);
+   add_keyserver_modify (sig,ks_modify);
+   keygen_add_keyserver_url(sig,NULL);
+ 
+@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
+                 }
+             }
+           else if (!ascii_strcasecmp (s, "v5"))
+-            keyversion = 5;
++            {
++              if (opt.flags.rfc4880bis)
++                keyversion = 5;
++            }
+           else if (!ascii_strcasecmp (s, "v4"))
+             keyversion = 4;
+           else
+@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
+  *   ecdsa := Use algorithm ECDSA.
+  *   eddsa := Use algorithm EdDSA.
+  *   ecdh  := Use algorithm ECDH.
+- *   v5    := Create version 5 key
++ *   v5    := Create version 5 key (requires option --rfc4880bis)
+  *
+  * There are several defaults and fallbacks depending on the
+  * algorithm.  PART can be used to select which part of STRING is
+@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const
+ 	    }
+ 	}
+ 
+-        if ((keywords[i].key == pVERSION
+-             || keywords[i].key == pSUBVERSION))
+-          ; /* Ignore version.  */
++        if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
++                                      || keywords[i].key == pSUBVERSION))
++          ; /* Ignore version unless --rfc4880bis is active.  */
+         else
+           {
+             r = xmalloc_clear( sizeof *r + strlen( value ) );
+@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p
+       para = r;
+     }
+ 
+-  r = xmalloc_clear (sizeof *r + 20);
+-  r->key = for_subkey? pSUBVERSION : pVERSION;
+-  snprintf (r->u.value, 20, "%d", version);
+-  r->next = para;
+-  para = r;
++  if (opt.flags.rfc4880bis)
++    {
++      r = xmalloc_clear (sizeof *r + 20);
++      r->key = for_subkey? pSUBVERSION : pVERSION;
++      snprintf (r->u.value, 20, "%d", version);
++      r->next = para;
++      para = r;
++    }
+ 
+   if (keytime)
+     {

gpg2.changes

@@ -1,3 +1,180 @@
+-------------------------------------------------------------------
+Tue May 30 19:37:39 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.4.2:
+  * gpg: Print a warning if no more encryption subkeys are left over
+    after changing the expiration date.  [rGef2c3d50fa]
+  * gpg: Fix searching for the ADSK key when adding an ADSK.  [T6504]
+  * gpgsm: Speed up key listings on Windows.  [rG08ff55bd44]
+  * gpgsm: Reduce the number of "failed to open policy file"
+    diagnostics.  [rG68613a6a9d]
+  * agent: Make updating of private key files more robust and track
+    display S/N.  [T6135]
+  * keyboxd: Avoid longish delays on Windows when listing keys.
+    [rG6944aefa3c]
+  * gpgtar: Emit extra status lines to help GPGME.  [T6497]
+  * w32: Avoid using the VirtualStore.  [T6403]
+  * Rebase gnupg-add_legacy_FIPS_mode_option.patch
+
+-------------------------------------------------------------------
+Fri Apr 28 11:58:06 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.4.1:
+  * If the ~/.gnupg directory does not exist, the keyboxd is now
+    automagically enabled. [rGd9e7488b17]
+  * gpg: New option --add-desig-revoker. [rG3d094e2bcf]
+  * gpg: New option --assert-signer. [rGc9e95b8dee]
+  * gpg: New command --quick-add-adsk and other ADSK features.
+    [T6395, https://gnupg.org/blog/20230321-adsk.html]
+  * gpg: New list-option "show-unusable-sigs". Also show "[self-signature]"
+    instead of the user-id in key signature listings. [rG103acfe9ca]
+  * gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367]
+  * gpg: Detect already compressed data also when using a pipe. Also
+    detect JPEG and PNG file formats. [T6332]
+  * gpg: New subcommand "openpgp" for --card-edit. [T6462]
+  * gpgsm: Verification of detached signatures does now strip trailing
+    zeroes from the input if --assume-binary is used. [rG2a13f7f9dc]
+  * gpgsm: Non-armored detached signature are now created without
+    using indefinite form length octets. This improves compatibility
+    with some PDF signature verification software. [rG8996b0b655]
+  * gpgtar: Emit progress status lines in create mode. [T6363]
+  * dirmngr: The LDAP modifyTimestamp is now returned by some
+    keyserver commands. [rG56d309133f]
+  * ssh: Allow specification of the order keys are presented to ssh.
+    See the man page entry for --enable-ssh-support. [T5996, T6212]
+  * gpg: Make list-options "show-sig-subpackets" work again.
+    Fixes regression in 2.4.0. [rG5a223303d7]
+  * gpg: Fix the keytocard command for Yubikeys. [T6378]
+  * gpg: Do not continue an export after a cancel for the primary key. [T6093]
+  * gpg: Replace the --override-compliance-check hack by a real fix. [T5655]
+  * gpgtar: Fix decryption with input taken from stdin. [T6355]
+  * Rebase patches:
+    - gnupg-revert-rfc4880bis.patch
+    - gnupg-add_legacy_FIPS_mode_option.patch
+  * Remove patch fixed upstream:
+    - gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
+
+-------------------------------------------------------------------
+Fri Mar 10 09:03:00 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Temporarily revert back to the pre-2.4 default for key generation.
+  The new rfc4880bis has been set as the default in 2.4 version and
+  might create incompatible keys. Note that, rfc4880bis can still
+  be used with the option flag --rfc4880bis as in previous versions.
+  * More info in the gnupg-devel ML:
+    https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html
+  * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9
+  * Add gnupg-revert-rfc4880bis.patch
+
+-------------------------------------------------------------------
+Fri Mar 10 08:42:02 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Allow 8192 bit RSA keys in keygen UI when large_rsa is set
+  * Add gnupg-allow-large-rsa.patch
+
+-------------------------------------------------------------------
+Tue Feb  7 08:58:03 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix the regression test suite fails with the IBM TPM Software
+  stack. Builds fine using the Intel TPM; use the swtpm and
+  tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel.
+
+-------------------------------------------------------------------
+Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313
+  * The original patch has been modified to expand the changes
+    also to the tests/gpgme/Makefile.in file.
+  * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
+
+-------------------------------------------------------------------
+Tue Dec 20 16:01:05 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Updated to require libgpg-error-devel >= 1.46
+
+- Rebased patches:
+  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+- GnuPG 2.4.0:
+  * common: Fix translations in --help for gpgrt < 1.47.
+  * gpg: Do not continue the export after a cancel for the primary key.
+  * gpg: Replace use of PRIu64 in log_debug.
+  * Update NEWS for 2.4.0.
+  * tests: Fix make check with GPGME.
+  * agent: Allow arguments to "scd serialno" in restricted mode.
+  * scd:p15: Skip deleted records.
+  * build: Remove Windows CE support.
+  * wkd: Do not send/install/mirror expired user ids.
+  * gpgsm: Print the revocation time also with --verify.
+  * gpgsm: Fix "problem re-searching certificate" case.
+  * gpgsm: Print revocation date and reason in cert listings.
+  * gpgsm: Silence the "non-critical certificate policy not allowed".
+  * gpgsm: Always use the chain model if the root-CA requests this.
+  * gpg: New export option "mode1003".
+  * gpg: Remove a mostly duplicated function.
+  * tests: Simplify fake-pinentry to use the option only.
+  * tests: Fix fake-pinentry for Windows.
+  * tests: Fix make check-all.
+  * agent: Fix import of protected v5 keys.
+  * gpgsm: Change default algo to AES-256.
+  * tests: Put a workaround for semihosted environment.
+  * tests: More fix for semihosted environment.
+  * tests: Support semihosted environment.
+  * tests: Fix tests under cms.
+  * tests,w32: Fix for semihosted environment.
+  * w32: Fix for tests on semihosted environment.
+  * w32: Fix gnupg_unsetenv.
+  * wkd: New option --add-revocs and some fixes.
+  * wkd: Make use of --debug extprog.
+  * gpg: New export-filter export-revocs.
+  * gpg: Fix double-free in gpg --card-edit.
+  * gpg: Make --require-compliance work with out --status-fd.
+  * gpg: New option --list-filter.
+  * dirmngr: Silence ocsp debug output.
+  * tests: Fix to support --enable-all-tests and variants.
+  * tests:w32: Fix for non-dot file name for Windows.
+  * tests:gpgscm:w32: Fix for GetTempPath.
+  * tests: Keep .log files in objdir.
+  * tests: Use 233 for invalid value of FD.
+  * w32: Fix gnupg_tmpfile for possible failure.
+  * scd: Redact --debug cardio output of a VERIFY APDU.
+  * common: Remove Windows CE support in common.
+  * gpgsm: Fix colon outout of ECC encryption certificates.
+  * scd:nks: Fix ECC signing if key not given by keygrip.
+  * dirmngr: Fix verification of ECDSA signed CRLs.
+  * agent: Allow trustlist on Windows in Unicode homedirs.
+  * gpg: Fix verification of cleartext signatures with overlong lines.
+  * gpg: Move w32_system function.
+  * gpg: New option --quick-update-pref.
+  * gpg: New list-options show-pref and show-pref-verbose.
+  * tests: Add tests to check that OCB is only used for capable keys.
+  * gpg: Make --list-packets work w/o --no-armor for plain OCB packets.
+  * tests: Add symmetric decryption tests.
+  * tests: Add tr:assert-same function.
+  * agent: Avoid blanks in the ssh key's comment.
+  * build: Update m4 files.
+  * gpg: Merge --rfc4880bis features into --gnupg.
+  * gpg: Allow only OCB for AEAD encryption.
+  * gpg: New option --compatibility-flags.
+  * gpgsm: Also announce AES256-CBC in signatures.
+  * gpg: Fix trusted introducer for user-ids with only the mbox.
+  * gpg: Import stray revocation certificates.
+  * agent: Automatically convert to extended key format by KEYATTR.
+  * card: New commands "gpg" and "gpgsm".
+  * card: Also show fingerprints of known X.509 certificates.
+  * scd:nks: Support non-ESIGN signing with the Signature Card v2.
+  * gpgsm: Allow ECC encryption keys with just keyAgreement specified.
+  * gpgsm: Use macro constants for cert_usage_p.
+  * build: Update gpg-error.m4.
+  * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.
+  * gpg: Move NETLIBS after GPG_ERROR_LIBS.
+  * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future.
+  * common,w32: Fix struct stat on Windows.
+  * agent,w32: Support Win32-OpenSSH emulation by gpg-agent.
+  * common: Don't use FD2INT for POSIX-only code.
+  * dirmngr: Fix build with no LDAP support.
+	
 -------------------------------------------------------------------
 Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 

gpg2.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.3.8
+Version:        2.4.2
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@@ -39,19 +39,23 @@ Patch7:         gnupg-2.2.16-secmem.patch
 Patch8:         gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
 Patch9:         gnupg-add-test-cases-for-import-without-uid.patch
 Patch10:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+#PATCH-FIX-SUSE Allow 8192 bit RSA keys in keygen UI when large_rsa is set
+Patch11:        gnupg-allow-large-rsa.patch
+#PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation
+Patch12:        gnupg-revert-rfc4880bis.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
-BuildRequires:  ibmswtpm2
-BuildRequires:  ibmtss-devel
 BuildRequires:  libassuan-devel >= 2.5.0
 BuildRequires:  libgcrypt-devel >= 1.9.1
-BuildRequires:  libgpg-error-devel >= 1.41
+BuildRequires:  libgpg-error-devel >= 1.46
-BuildRequires:  libksba-devel >= 1.3.4
+BuildRequires:  libksba-devel >= 1.6.3
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 1.2
 BuildRequires:  openldap2-devel
 BuildRequires:  pkgconfig
 BuildRequires:  readline-devel
+BuildRequires:  swtpm
+BuildRequires:  tpm2-0-tss-devel
 BuildRequires:  pkgconfig(bzip2)
 BuildRequires:  pkgconfig(gnutls) >= 3.0
 BuildRequires:  pkgconfig(libusb-1.0)
@@ -60,6 +64,7 @@ BuildRequires:  pkgconfig(zlib)
 # runtime dependency to support devel repository users - boo#955982
 Requires:       libassuan0 >= 2.5.0
 Requires:       libgcrypt20 >= 1.9.1
+Requires:       libgpg-error >= 1.46
 Requires:       libksba >= 1.3.4
 Requires:       pinentry
 Recommends:     dirmngr = %{version}
@@ -115,6 +120,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
     --with-dirmngr-pgm=%{_bindir}/dirmngr \
     --with-scdaemon-pgm=%{_bindir}/scdaemon \
     --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \
+    --disable-rpath \
     --enable-ldap \
     --enable-gpgsm=yes \
     --enable-gpgtar \
@@ -123,6 +129,8 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
     --enable-wks-tools \
     --with-gnu-ld \
     --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
+    --with-tss=intel \
+    --enable-all-tests \
     --enable-build-timestamp=$date \
     --enable-gpg-is-gpg2
 
@@ -131,47 +139,51 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
 %install
 %make_install
 mkdir -p %{buildroot}%{_sysconfdir}/gnupg/
-# bnc#391347
+# install gpgconf.conf bnc#391347
 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg
+
 # delete to prevent fdupes from creating cross-partition hardlink
 rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf
+
+# remove info dir
 rm %{buildroot}%{_infodir}/dir
+
 # compat symlinks
 ln -sf gpg2 %{buildroot}%{_bindir}/gpg
 ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
 ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
+
 # fix rpmlint invalid-lc-messages-dir:
 rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot
+
 # install scdaemon to %%{_bindir} (bnc#863645)
 mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir}
 mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir}
+
 # install tpm2daemon
 mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir}
+
 # install udev rules for scdaemon
 install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 
+%check
+%make_build check || :
+
 %find_lang gnupg2
 %fdupes -s %{buildroot}
 
-%check
-# Run only localy, fails in OBS
-#%%if ! 0%%{?qemu_user_space_build}
-#make %%{?_smp_mflags} check
-#%%endif
-
 %post
 %udev_rules_update
 
 %files lang -f gnupg2.lang
 
 %files
+%license COPYING*
+%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
 %{_infodir}/gnupg*
 %exclude %{_mandir}/*/dirmngr*%{ext_man}
 %{_mandir}/*/*%{ext_man}
-%license COPYING*
-%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
-%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %doc %{_docdir}/%{name}
 %exclude %{_bindir}/dirmngr*
 %exclude %{_bindir}/tpm2daemon*
@@ -188,7 +200,6 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 %files -n dirmngr
 %license COPYING*
 %{_mandir}/*/dirmngr*%{ext_man}
-%{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %{_bindir}/dirmngr*
 
 %files tpm