diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 8e1bba7..11dbac6 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -4,11 +4,11 @@ g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ 3 files changed, 67 insertions(+), 6 deletions(-) -Index: gnupg-2.1.21/g10/gpg.c +Index: gnupg-2.1.22/g10/gpg.c =================================================================== ---- gnupg-2.1.21.orig/g10/gpg.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.21/g10/gpg.c 2017-04-04 15:59:20.823799866 +0200 -@@ -374,6 +374,7 @@ enum cmd_and_opt_values +--- gnupg-2.1.22.orig/g10/gpg.c ++++ gnupg-2.1.22/g10/gpg.c +@@ -379,6 +379,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.21/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -820,6 +821,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -828,6 +829,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.21/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2393,6 +2395,7 @@ main (int argc, char **argv) +@@ -2383,6 +2385,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; @@ -32,7 +32,7 @@ Index: gnupg-2.1.21/g10/gpg.c opt.emit_version = 0; opt.weak_digests = NULL; additional_weak_digest("MD5"); -@@ -2942,6 +2945,7 @@ main (int argc, char **argv) +@@ -2944,6 +2947,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; @@ -40,11 +40,11 @@ Index: gnupg-2.1.21/g10/gpg.c case oForceMDC: opt.force_mdc = 1; break; case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.21/g10/options.h +Index: gnupg-2.1.22/g10/options.h =================================================================== ---- gnupg-2.1.21.orig/g10/options.h 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.21/g10/options.h 2017-04-04 15:59:20.827799905 +0200 -@@ -214,6 +214,7 @@ struct +--- gnupg-2.1.22.orig/g10/options.h ++++ gnupg-2.1.22/g10/options.h +@@ -212,6 +212,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,20 +52,20 @@ Index: gnupg-2.1.21/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.21/g10/sign.c +Index: gnupg-2.1.22/g10/sign.c =================================================================== ---- gnupg-2.1.21.orig/g10/sign.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.21/g10/sign.c 2017-04-04 15:59:27.515864763 +0200 -@@ -42,6 +42,8 @@ - #include "call-agent.h" +--- gnupg-2.1.22.orig/g10/sign.c ++++ gnupg-2.1.22/g10/sign.c +@@ -43,6 +43,8 @@ #include "../common/mbox-util.h" + #include "../common/compliance.h" +#include "../common/host2net.h" + #ifdef HAVE_DOSISH_SYSTEM #define LF "\r\n" #else -@@ -695,6 +697,8 @@ write_signature_packets(ctrl_t ctrl, +@@ -727,6 +729,8 @@ write_signature_packets (ctrl_t ctrl, if (duration || opt.sig_policy_url || opt.sig_notations || opt.sig_keyserver_url) sig->version = 4; @@ -73,8 +73,8 @@ Index: gnupg-2.1.21/g10/sign.c + sig->version = 3; else sig->version = pk->version; - -@@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl, + +@@ -750,8 +754,12 @@ write_signature_packets (ctrl_t ctrl, mk_notation_policy_etc (sig, NULL, pk); } @@ -87,7 +87,7 @@ Index: gnupg-2.1.21/g10/sign.c rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); -@@ -781,6 +787,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -813,6 +821,8 @@ sign_file (ctrl_t ctrl, strlist_t filena SK_LIST sk_rover = NULL; int multifile = 0; u32 duration=0; @@ -96,7 +96,7 @@ Index: gnupg-2.1.21/g10/sign.c pfx = new_progress_context (); afx = new_armor_context (); -@@ -798,7 +806,16 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -830,7 +840,16 @@ sign_file (ctrl_t ctrl, strlist_t filena fname = NULL; if( fname && filenames->next && (!detached || encryptflag) ) @@ -114,7 +114,7 @@ Index: gnupg-2.1.21/g10/sign.c if(encryptflag==2 && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) -@@ -819,7 +836,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -851,7 +870,7 @@ sign_file (ctrl_t ctrl, strlist_t filena goto leave; /* prepare iobufs */ @@ -123,7 +123,7 @@ Index: gnupg-2.1.21/g10/sign.c inp = NULL; /* we do it later */ else { inp = iobuf_open(fname); -@@ -957,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -989,7 +1008,7 @@ sign_file (ctrl_t ctrl, strlist_t filena for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); @@ -132,7 +132,7 @@ Index: gnupg-2.1.21/g10/sign.c iobuf_push_filter( inp, md_filter, &mfx ); if( detached && !encryptflag) -@@ -1012,6 +1029,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1044,6 +1063,8 @@ sign_file (ctrl_t ctrl, strlist_t filena write_status_begin_signing (mfx.md); @@ -141,7 +141,7 @@ Index: gnupg-2.1.21/g10/sign.c /* Setup the inner packet. */ if( detached ) { if( multifile ) { -@@ -1052,6 +1071,45 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1084,6 +1105,45 @@ sign_file (ctrl_t ctrl, strlist_t filena if( opt.verbose ) log_printf ("\n"); } @@ -187,7 +187,7 @@ Index: gnupg-2.1.21/g10/sign.c else { /* read, so that the filter can calculate the digest */ while( iobuf_get(inp) != -1 ) -@@ -1070,8 +1128,8 @@ sign_file (ctrl_t ctrl, strlist_t filena +@@ -1102,8 +1162,8 @@ sign_file (ctrl_t ctrl, strlist_t filena /* write the signatures */ rc = write_signature_packets (ctrl, sk_list, out, mfx.md, diff --git a/gnupg-2.1.21.tar.bz2 b/gnupg-2.1.21.tar.bz2 deleted file mode 100644 index dc0cbdc..0000000 --- a/gnupg-2.1.21.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7aead8a8ba75b69866f583b6c747d91414d523bfdfbe9a8e0fe026b16ba427dd -size 6472887 diff --git a/gnupg-2.1.21.tar.bz2.sig b/gnupg-2.1.21.tar.bz2.sig deleted file mode 100644 index 0bbb1e2..0000000 Binary files a/gnupg-2.1.21.tar.bz2.sig and /dev/null differ diff --git a/gnupg-2.1.22.tar.bz2 b/gnupg-2.1.22.tar.bz2 new file mode 100644 index 0000000..182c69f --- /dev/null +++ b/gnupg-2.1.22.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:46716faf9e1b92cfca86609f3bfffbf5bb4b6804df90dc853ff7061cfcfb4ad7 +size 6530433 diff --git a/gnupg-2.1.22.tar.bz2.sig b/gnupg-2.1.22.tar.bz2.sig new file mode 100644 index 0000000..1f26f4f Binary files /dev/null and b/gnupg-2.1.22.tar.bz2.sig differ diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 31833ba..01607e7 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.17/doc/gpg.texi +Index: gnupg-2.1.22/doc/gpg.texi =================================================================== ---- gnupg-2.1.17.orig/doc/gpg.texi -+++ gnupg-2.1.17/doc/gpg.texi -@@ -2034,6 +2034,24 @@ implies, this option is for experts only +--- gnupg-2.1.22.orig/doc/gpg.texi ++++ gnupg-2.1.22/doc/gpg.texi +@@ -2079,6 +2079,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.17/doc/gpg.texi @end table -Index: gnupg-2.1.17/g10/gpg.c +Index: gnupg-2.1.22/g10/gpg.c =================================================================== ---- gnupg-2.1.17.orig/g10/gpg.c -+++ gnupg-2.1.17/g10/gpg.c -@@ -415,6 +415,7 @@ enum cmd_and_opt_values - oOnlySignTextIDs, +--- gnupg-2.1.22.orig/g10/gpg.c ++++ gnupg-2.1.22/g10/gpg.c +@@ -422,6 +422,7 @@ enum cmd_and_opt_values oDisableSignerUID, oSender, + oKeyOrigin, + oSetLegacyFips, oNoop }; -@@ -857,6 +858,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -867,6 +868,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.17/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3510,6 +3512,13 @@ main (int argc, char **argv) +@@ -3537,6 +3539,13 @@ main (int argc, char **argv) opt.def_new_key_algo = pargs.r.ret_str; break; diff --git a/gpg2.changes b/gpg2.changes index 5b165e9..f1836f6 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Fri Jul 28 19:29:52 UTC 2017 - astieger@suse.com + +- GnuPG 2.1.22: + * gpg: Extend command --quick-set-expire to allow for setting the + expiration time of subkeys. + * gpg: By default try to repair keys during import. New sub-option + no-repair-keys for --import-options. + * gpg,gpgsm: Improved checking and reporting of DE-VS compliance. + * gpg: New options --key-origin and --with-key-origin. Store the + time of the last key update from keyservers, WKD, or DANE. + * agent: New option --ssh-fingerprint-digest. + * dimngr: Lower timeouts on keyserver connection attempts and made + it configurable. + * dirmngr: Tor will now automatically be detected and used. The + option --no-use-tor disables Tor detection. + * dirmngr: Now detects a changed /etc/resolv.conf. + * agent,dirmngr: Initiate shutdown on removal of the GnuPG home + directory. + * gpg: Avoid caching passphrase for failed symmetric encryption. + * agent: Support for unprotected ssh keys. + * dirmngr: Fixed name resolving on systems using only v6 + nameservers. + * dirmngr: Allow the use of TLS over http proxies. + * wks: New man pages for client and server. + ------------------------------------------------------------------- Fri May 19 11:59:24 UTC 2017 - marco.strigl@suse.com diff --git a/gpg2.spec b/gpg2.spec index 3b2b5e6..2c9e9c8 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.1.21 +Version: 2.1.22 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ @@ -67,7 +67,6 @@ Provides: newpg # special feature needed for OBS signd Provides: gpg2_signd_support Obsoletes: gpg < 1.4.9 -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description GnuPG is a hybrid-encryption software program; it uses a combination @@ -104,13 +103,13 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --enable-large-secmem \ --enable-wks-tools \ --with-gnu-ld \ - --with-default-trust-store=/etc/ssl/ca-bundle.pem \ + --with-default-trust-store=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ make %{?_smp_mflags} %install -make %{?_smp_mflags} DESTDIR=%{buildroot} install +%make_install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ # bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg @@ -125,7 +124,7 @@ ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 # fix rpmlint invalid-lc-messages-dir: rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot # additional files to documentation directory -install -m 644 AUTHORS COPYING ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/%{_docdir}/%{name} +install -m 644 AUTHORS COPYING* ChangeLog NEWS THANKS TODO doc/FAQ %{buildroot}/%{_docdir}/%{name} # install scdaemon to %{_bindir} (bnc#863645) mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} @@ -149,10 +148,8 @@ install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} %install_info_delete --info-dir=%{_infodir} %{_infodir}/gnupg.info.gz %files lang -f gnupg2.lang -%defattr(-,root,root) %files -%defattr(-,root,root) %{_infodir}/gnupg* %{_mandir}/*/*%{ext_man} %doc %{_docdir}/%{name}