Accepting request 1046530 from home:david.anes:branches:Base:System

- Updated to require libgpg-error-devel >= 1.46
- Rebased patches:
  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
  * gnupg-add_legacy_FIPS_mode_option.patch
- GnuPG 2.4.0:
  * common: Fix translations in --help for gpgrt < 1.47.
  * gpg: Do not continue the export after a cancel for the primary key.
  * gpg: Replace use of PRIu64 in log_debug.
  * Update NEWS for 2.4.0.
  * tests: Fix make check with GPGME.
  * agent: Allow arguments to "scd serialno" in restricted mode.
  * scd:p15: Skip deleted records.
  * build: Remove Windows CE support.
  * wkd: Do not send/install/mirror expired user ids.
  * gpgsm: Print the revocation time also with --verify.
  * gpgsm: Fix "problem re-searching certificate" case.
  * gpgsm: Print revocation date and reason in cert listings.
  * gpgsm: Silence the "non-critical certificate policy not allowed".
  * gpgsm: Always use the chain model if the root-CA requests this.
  * gpg: New export option "mode1003".
  * gpg: Remove a mostly duplicated function.
  * tests: Simplify fake-pinentry to use the option only.
  * tests: Fix fake-pinentry for Windows.
  * tests: Fix make check-all.
  * agent: Fix import of protected v5 keys.
  * gpgsm: Change default algo to AES-256.
  * tests: Put a workaround for semihosted environment.
  * tests: More fix for semihosted environment.
  * tests: Support semihosted environment.
  * tests: Fix tests under cms.

OBS-URL: https://build.opensuse.org/request/show/1046530
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=282

gnupg-2.3.8.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:540b7a40e57da261fb10ef521a282e0021532a80fd023e75fb71757e8a4969ed
-size 7644926

gnupg-2.4.0.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
+size 7666935

gnupg-add_legacy_FIPS_mode_option.patch

@@ -3,11 +3,11 @@
  g10/gpg.c    |    9 +++++++++
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.3.5/doc/gpg.texi
+Index: gnupg-2.4.0/doc/gpg.texi
 ===================================================================
---- gnupg-2.3.5.orig/doc/gpg.texi
+--- gnupg-2.4.0.orig/doc/gpg.texi
-+++ gnupg-2.3.5/doc/gpg.texi
++++ gnupg-2.4.0/doc/gpg.texi
-@@ -2197,6 +2197,24 @@ implies, this option is for experts only
+@@ -2218,6 +2218,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,19 +32,19 @@ Index: gnupg-2.3.5/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.3.5/g10/gpg.c
+Index: gnupg-2.4.0/g10/gpg.c
 ===================================================================
---- gnupg-2.3.5.orig/g10/gpg.c
+--- gnupg-2.4.0.orig/g10/gpg.c
-+++ gnupg-2.3.5/g10/gpg.c
++++ gnupg-2.4.0/g10/gpg.c
 @@ -443,6 +443,7 @@ enum cmd_and_opt_values
      oForceSignKey,
      oForbidGenKey,
      oRequireCompliance,
 +    oSetLegacyFips,
+     oCompatibilityFlags,
  
      oNoop
-   };
+@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = {
-@@ -878,6 +879,7 @@ static gpgrt_opt_t opts[] = {
    ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
    ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
    ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
@@ -52,7 +52,7 @@ Index: gnupg-2.3.5/g10/gpg.c
  
  
    ARGPARSE_header (NULL, N_("Options for unattended use")),
-@@ -3737,6 +3739,14 @@ main (int argc, char **argv)
+@@ -3711,6 +3713,14 @@ main (int argc, char **argv)
              opt.flags.require_compliance = 1;
              break;
  

gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch

@@ -17,11 +17,11 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  g10/import.c | 49 +++++++++++--------------------------------------
  1 file changed, 11 insertions(+), 38 deletions(-)
 
-Index: gnupg-2.3.0/g10/import.c
+Index: gnupg-2.4.0/g10/import.c
 ===================================================================
---- gnupg-2.3.0.orig/g10/import.c
+--- gnupg-2.4.0.orig/g10/import.c
-+++ gnupg-2.3.0/g10/import.c
++++ gnupg-2.4.0/g10/import.c
-@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
    size_t an;
    char pkstrbuf[PUBKEY_STRING_SIZE];
    int merge_keys_done = 0;
@@ -29,7 +29,7 @@ Index: gnupg-2.3.0/g10/import.c
    KEYDB_HANDLE hd = NULL;
  
    if (r_valid)
-@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl,
        log_printf ("\n");
      }
  
@@ -44,13 +44,12 @@ Index: gnupg-2.3.0/g10/import.c
    if (screener && screener (keyblock, screener_arg))
      {
        log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl,
+@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl,
-             xfree(user);
  	  }
      }
--
+ 
 -  /* Delete invalid parts and bail out if there are no user ids left.  */
--  if (!delete_inv_parts (ctrl, keyblock, keyid, options))
+-  if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
 -    {
 -      if (!silent)
 -        {
@@ -64,11 +63,11 @@ Index: gnupg-2.3.0/g10/import.c
 +  /* Delete invalid parts, and note if we have any valid ones left.
 +   * We will later abort import if this key is new but contains
 +   * no valid uids.  */
-+  delete_inv_parts (ctrl, keyblock, keyid, options);
++  delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
  
    /* Get rid of deleted nodes.  */
    commit_kbnode (&keyblock);
-@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl,
+@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl,
      {
        apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
        commit_kbnode (&keyblock);
@@ -93,7 +92,7 @@ Index: gnupg-2.3.0/g10/import.c
      }
  
    /* The keyblock is valid and ready for real import.  */
-@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl,
        err = 0;
        stats->skipped_new_keys++;
      }

gpg2.changes

@@ -1,3 +1,91 @@
+-------------------------------------------------------------------
+Tue Dec 20 16:01:05 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Updated to require libgpg-error-devel >= 1.46
+
+- Rebased patches:
+  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+- GnuPG 2.4.0:
+  * common: Fix translations in --help for gpgrt < 1.47.
+  * gpg: Do not continue the export after a cancel for the primary key.
+  * gpg: Replace use of PRIu64 in log_debug.
+  * Update NEWS for 2.4.0.
+  * tests: Fix make check with GPGME.
+  * agent: Allow arguments to "scd serialno" in restricted mode.
+  * scd:p15: Skip deleted records.
+  * build: Remove Windows CE support.
+  * wkd: Do not send/install/mirror expired user ids.
+  * gpgsm: Print the revocation time also with --verify.
+  * gpgsm: Fix "problem re-searching certificate" case.
+  * gpgsm: Print revocation date and reason in cert listings.
+  * gpgsm: Silence the "non-critical certificate policy not allowed".
+  * gpgsm: Always use the chain model if the root-CA requests this.
+  * gpg: New export option "mode1003".
+  * gpg: Remove a mostly duplicated function.
+  * tests: Simplify fake-pinentry to use the option only.
+  * tests: Fix fake-pinentry for Windows.
+  * tests: Fix make check-all.
+  * agent: Fix import of protected v5 keys.
+  * gpgsm: Change default algo to AES-256.
+  * tests: Put a workaround for semihosted environment.
+  * tests: More fix for semihosted environment.
+  * tests: Support semihosted environment.
+  * tests: Fix tests under cms.
+  * tests,w32: Fix for semihosted environment.
+  * w32: Fix for tests on semihosted environment.
+  * w32: Fix gnupg_unsetenv.
+  * wkd: New option --add-revocs and some fixes.
+  * wkd: Make use of --debug extprog.
+  * gpg: New export-filter export-revocs.
+  * gpg: Fix double-free in gpg --card-edit.
+  * gpg: Make --require-compliance work with out --status-fd.
+  * gpg: New option --list-filter.
+  * dirmngr: Silence ocsp debug output.
+  * tests: Fix to support --enable-all-tests and variants.
+  * tests:w32: Fix for non-dot file name for Windows.
+  * tests:gpgscm:w32: Fix for GetTempPath.
+  * tests: Keep .log files in objdir.
+  * tests: Use 233 for invalid value of FD.
+  * w32: Fix gnupg_tmpfile for possible failure.
+  * scd: Redact --debug cardio output of a VERIFY APDU.
+  * common: Remove Windows CE support in common.
+  * gpgsm: Fix colon outout of ECC encryption certificates.
+  * scd:nks: Fix ECC signing if key not given by keygrip.
+  * dirmngr: Fix verification of ECDSA signed CRLs.
+  * agent: Allow trustlist on Windows in Unicode homedirs.
+  * gpg: Fix verification of cleartext signatures with overlong lines.
+  * gpg: Move w32_system function.
+  * gpg: New option --quick-update-pref.
+  * gpg: New list-options show-pref and show-pref-verbose.
+  * tests: Add tests to check that OCB is only used for capable keys.
+  * gpg: Make --list-packets work w/o --no-armor for plain OCB packets.
+  * tests: Add symmetric decryption tests.
+  * tests: Add tr:assert-same function.
+  * agent: Avoid blanks in the ssh key's comment.
+  * build: Update m4 files.
+  * gpg: Merge --rfc4880bis features into --gnupg.
+  * gpg: Allow only OCB for AEAD encryption.
+  * gpg: New option --compatibility-flags.
+  * gpgsm: Also announce AES256-CBC in signatures.
+  * gpg: Fix trusted introducer for user-ids with only the mbox.
+  * gpg: Import stray revocation certificates.
+  * agent: Automatically convert to extended key format by KEYATTR.
+  * card: New commands "gpg" and "gpgsm".
+  * card: Also show fingerprints of known X.509 certificates.
+  * scd:nks: Support non-ESIGN signing with the Signature Card v2.
+  * gpgsm: Allow ECC encryption keys with just keyAgreement specified.
+  * gpgsm: Use macro constants for cert_usage_p.
+  * build: Update gpg-error.m4.
+  * agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.
+  * gpg: Move NETLIBS after GPG_ERROR_LIBS.
+  * gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future.
+  * common,w32: Fix struct stat on Windows.
+  * agent,w32: Support Win32-OpenSSH emulation by gpg-agent.
+  * common: Don't use FD2INT for POSIX-only code.
+  * dirmngr: Fix build with no LDAP support.
+	
 -------------------------------------------------------------------
 Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 

gpg2.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.3.8
+Version:        2.4.0
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@@ -45,8 +45,8 @@ BuildRequires:  ibmswtpm2
 BuildRequires:  ibmtss-devel
 BuildRequires:  libassuan-devel >= 2.5.0
 BuildRequires:  libgcrypt-devel >= 1.9.1
-BuildRequires:  libgpg-error-devel >= 1.41
+BuildRequires:  libgpg-error-devel >= 1.46
-BuildRequires:  libksba-devel >= 1.3.4
+BuildRequires:  libksba-devel >= 1.6.3
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 1.2
 BuildRequires:  openldap2-devel