From e04faea0029eb04d0c2e6c584eb35311c275738f3891677a8bf89146f93169f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Fri, 8 Jun 2018 12:49:21 +0000 Subject: [PATCH 1/5] Accepting request 615233 from home:kbabioch:branches:Base:System - Applied spec-cleaner - Refreshed patches - Update to version 2.2.8: * gpg: Decryption of messages not using the MDC mode will now lead to a hard failure even if a legacy cipher algorithm was used. The option --ignore-mdc-error can be used to turn this failure into a warning. Take care: Never use that option unconditionally or without a prior warning. * gpg: The MDC encryption mode is now always used regardless of the cipher algorithm or any preferences. For testing --rfc2440 can be used to create a message without an MDC. * gpg: Sanitize the diagnostic output of the original file name in verbose mode. * gpg: Detect suspicious multiple plaintext packets in a more reliable way. * gpg: Fix the duplicate key signature detection code. * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc have no more effect. * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the list of startup environment variables. OBS-URL: https://build.opensuse.org/request/show/615233 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=198 --- gnupg-2.0.18-files-are-digests.patch | 36 +++++++++++----------- gnupg-2.0.9-langinfo.patch | 10 +++--- gnupg-2.2.7.tar.bz2 | 3 -- gnupg-2.2.7.tar.bz2.sig | Bin 310 -> 0 bytes gnupg-2.2.8.tar.bz2 | 3 ++ gnupg-2.2.8.tar.bz2.sig | Bin 0 -> 310 bytes gnupg-add_legacy_FIPS_mode_option.patch | 20 ++++++------ gnupg-detect_FIPS_mode.patch | 21 ++++++++----- gnupg-dont-fail-with-seahorse-agent.patch | 8 ++--- gpg2.changes | 22 +++++++++++++ gpg2.spec | 6 ++-- 11 files changed, 78 insertions(+), 51 deletions(-) delete mode 100644 gnupg-2.2.7.tar.bz2 delete mode 100644 gnupg-2.2.7.tar.bz2.sig create mode 100644 gnupg-2.2.8.tar.bz2 create mode 100644 gnupg-2.2.8.tar.bz2.sig diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch index 7035cc6..54005bb 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.0.18-files-are-digests.patch @@ -1,14 +1,14 @@ --- g10/gpg.c | 4 +++ g10/options.h | 1 - g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ - 3 files changed, 67 insertions(+), 6 deletions(-) + g10/sign.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- + 3 files changed, 70 insertions(+), 5 deletions(-) -Index: gnupg-2.1.23/g10/gpg.c +Index: gnupg-2.2.8/g10/gpg.c =================================================================== ---- gnupg-2.1.23.orig/g10/gpg.c 2017-08-09 15:46:17.000000000 +0200 -+++ gnupg-2.1.23/g10/gpg.c 2017-08-10 16:21:26.692847431 +0200 -@@ -380,6 +380,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.8.orig/g10/gpg.c ++++ gnupg-2.2.8/g10/gpg.c +@@ -376,6 +376,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, oLCmessages, @@ -16,7 +16,7 @@ Index: gnupg-2.1.23/g10/gpg.c oXauthority, oGroup, oUnGroup, -@@ -829,6 +830,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -824,6 +825,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), @@ -24,7 +24,7 @@ Index: gnupg-2.1.23/g10/gpg.c /* Aliases. I constantly mistype these, and assume other people do as well. */ -@@ -2388,6 +2390,7 @@ main (int argc, char **argv) +@@ -2392,6 +2394,7 @@ main (int argc, char **argv) opt.def_cert_expire = "0"; gnupg_set_homedir (NULL); opt.passphrase_repeat = 1; @@ -32,19 +32,19 @@ Index: gnupg-2.1.23/g10/gpg.c opt.emit_version = 0; opt.weak_digests = NULL; -@@ -2952,6 +2955,7 @@ main (int argc, char **argv) +@@ -2963,6 +2966,7 @@ main (int argc, char **argv) opt.verify_options&=~VERIFY_SHOW_PHOTOS; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; + case oFilesAreDigests: opt.files_are_digests = 1; break; - case oForceMDC: opt.force_mdc = 1; break; - case oNoForceMDC: opt.force_mdc = 0; break; -Index: gnupg-2.1.23/g10/options.h + case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; + +Index: gnupg-2.2.8/g10/options.h =================================================================== ---- gnupg-2.1.23.orig/g10/options.h 2017-08-09 15:46:17.000000000 +0200 -+++ gnupg-2.1.23/g10/options.h 2017-08-10 16:21:26.692847431 +0200 -@@ -213,6 +213,7 @@ struct +--- gnupg-2.2.8.orig/g10/options.h ++++ gnupg-2.2.8/g10/options.h +@@ -210,6 +210,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; int no_homedir_creation; @@ -52,10 +52,10 @@ Index: gnupg-2.1.23/g10/options.h struct groupitem *grouplist; int mangle_dos_filenames; int enable_progress_filter; -Index: gnupg-2.1.23/g10/sign.c +Index: gnupg-2.2.8/g10/sign.c =================================================================== ---- gnupg-2.1.23.orig/g10/sign.c 2017-07-28 19:39:06.000000000 +0200 -+++ gnupg-2.1.23/g10/sign.c 2017-08-10 16:21:26.692847431 +0200 +--- gnupg-2.2.8.orig/g10/sign.c ++++ gnupg-2.2.8/g10/sign.c @@ -43,6 +43,8 @@ #include "../common/mbox-util.h" #include "../common/compliance.h" diff --git a/gnupg-2.0.9-langinfo.patch b/gnupg-2.0.9-langinfo.patch index e7c22d8..f027f2f 100644 --- a/gnupg-2.0.9-langinfo.patch +++ b/gnupg-2.0.9-langinfo.patch @@ -1,13 +1,13 @@ # fix [bnc#305725] - non latin characters displayed incorrectly by pinentry --- -# jnlib/utf8conv.c | 1 + +# common/utf8conv.c | 1 + # 1 file changed, 1 insertion(+) # -Index: gnupg-2.1.0/common/utf8conv.c +Index: gnupg-2.2.8/common/utf8conv.c =================================================================== ---- gnupg-2.1.0.orig/common/utf8conv.c 2014-10-11 19:45:14.000000000 +0200 -+++ gnupg-2.1.0/common/utf8conv.c 2014-11-07 11:35:05.491413258 +0100 -@@ -198,6 +198,7 @@ set_native_charset (const char *newset) +--- gnupg-2.2.8.orig/common/utf8conv.c ++++ gnupg-2.2.8/common/utf8conv.c +@@ -205,6 +205,7 @@ set_native_charset (const char *newset) #else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/ #ifdef HAVE_LANGINFO_CODESET diff --git a/gnupg-2.2.7.tar.bz2 b/gnupg-2.2.7.tar.bz2 deleted file mode 100644 index 7cc2cef..0000000 --- a/gnupg-2.2.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d95b361ee6ef7eff86af40c8c72bf9313736ac9f7010d6604d78bf83818e976e -size 6631100 diff --git a/gnupg-2.2.7.tar.bz2.sig b/gnupg-2.2.7.tar.bz2.sig deleted file mode 100644 index 7e4ca39b0d8d3cc6e052543c65cdbb1831457ca07f27af78bf218f867b695933..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$S=AJpc*`5G0#9 z(oZGhw*SNk0Gh84=Q>A2n*Sozj_twIc3N4wRDXN5)?jE~T}wJSS_a^&iBS7}EB*}m zPQ(?F+b?c@goR&%aS^j+f!wyW2wVMU8cbI8wa6h$y6+~LmTXk=hW~1VxY13kAn`RO zwU9jQrsJQ^u?*yOe%1DsS0xkb8xl#cyPw3x%ubHK2B=d|0KsQD+F0<3tz2*sPdy^1x&@#<=_MM9%E2QXE+Y=V_Y!)aR2`zyxEpu#>%kyy5#dorJFa7ms5B$ zKrBpR+hztPCbpBPrywEf($g!H1lUN1Kr@6JRfXgaeyUMm8<)dRsb>1niA9m1PekXd I^lPMxw2zOIjsO4v diff --git a/gnupg-2.2.8.tar.bz2 b/gnupg-2.2.8.tar.bz2 new file mode 100644 index 0000000..94e11d7 --- /dev/null +++ b/gnupg-2.2.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd +size 6632465 diff --git a/gnupg-2.2.8.tar.bz2.sig b/gnupg-2.2.8.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..9647eb57d717fff0700b3ef34679121d323d30e3b67f43e5b0dce857cbed61d8 GIT binary patch literal 310 zcmV-60m=S}0W$;u0SEvc79j-KX(1!T23_i24?49Zn>o@?CF8aQ0$Unh761wf5G0#9 z(oZGhws!{y`UB5HR609$J%amN_3-xi*}e`1ZQ(8(xCwSkZQCBe77nd$NdWAhIg*<9 z{_tC){^?&7q|;zNJEDzpuK!0_?h1z~0`CoKyAgq_Dn%c3a%A{r+auZ5-pS2HJwTiU zTOp2ZQVbNy4}yeZCPTKt@=z2esJ_1owLG<3&8!4UO~EfF?Cw0K(~6zRUd74VPbHf$ z#2Pp21M_JL8rr16P$W^1)akLL-Ri?CYKElY$b}#Z&8gPv4oAV!2yaxW-2&NY<-Ebv zr{7KnjU-H=ETr-=%B{EN5VHUBL41vmmx%3q#oDz-F;p6??MT9X`HQd^ySyz+fN6jm I%)788Dv;cgaR2}S literal 0 HcmV?d00001 diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 0a89bec..0921fb7 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.7/doc/gpg.texi +Index: gnupg-2.2.8/doc/gpg.texi =================================================================== ---- gnupg-2.2.7.orig/doc/gpg.texi 2018-05-04 16:14:30.949580264 +0200 -+++ gnupg-2.2.7/doc/gpg.texi 2018-05-04 16:14:34.025609243 +0200 -@@ -2097,6 +2097,24 @@ implies, this option is for experts only +--- gnupg-2.2.8.orig/doc/gpg.texi ++++ gnupg-2.2.8/doc/gpg.texi +@@ -2076,6 +2076,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,11 +32,11 @@ Index: gnupg-2.2.7/doc/gpg.texi @end table -Index: gnupg-2.2.7/g10/gpg.c +Index: gnupg-2.2.8/g10/gpg.c =================================================================== ---- gnupg-2.2.7.orig/g10/gpg.c 2018-05-04 16:14:30.949580264 +0200 -+++ gnupg-2.2.7/g10/gpg.c 2018-05-04 16:15:00.441858109 +0200 -@@ -425,6 +425,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.8.orig/g10/gpg.c ++++ gnupg-2.2.8/g10/gpg.c +@@ -421,6 +421,7 @@ enum cmd_and_opt_values oKeyOrigin, oRequestOrigin, oNoSymkeyCache, @@ -44,7 +44,7 @@ Index: gnupg-2.2.7/g10/gpg.c oNoop }; -@@ -872,6 +873,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -864,6 +865,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.2.7/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3568,6 +3570,13 @@ main (int argc, char **argv) +@@ -3566,6 +3568,13 @@ main (int argc, char **argv) opt.def_new_key_algo = pargs.r.ret_str; break; diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch index 81aa96b..854b656 100644 --- a/gnupg-detect_FIPS_mode.patch +++ b/gnupg-detect_FIPS_mode.patch @@ -1,8 +1,13 @@ -Index: gnupg-2.1.1/g10/encrypt.c +--- + g10/encrypt.c | 5 ++++- + g10/mainproc.c | 7 ++++++- + 2 files changed, 10 insertions(+), 2 deletions(-) + +Index: gnupg-2.2.8/g10/encrypt.c =================================================================== ---- gnupg-2.1.1.orig/g10/encrypt.c -+++ gnupg-2.1.1/g10/encrypt.c -@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro +--- gnupg-2.2.8.orig/g10/encrypt.c ++++ gnupg-2.2.8/g10/encrypt.c +@@ -825,7 +825,10 @@ encrypt_filter (void *opaque, int contro /* Because 3DES is implicitly in the prefs, this can only happen if we do not have any public keys in the list. */ @@ -14,11 +19,11 @@ Index: gnupg-2.1.1/g10/encrypt.c } /* In case 3DES has been selected, print a warning if -Index: gnupg-2.1.1/g10/mainproc.c +Index: gnupg-2.2.8/g10/mainproc.c =================================================================== ---- gnupg-2.1.1.orig/g10/mainproc.c -+++ gnupg-2.1.1/g10/mainproc.c -@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt ) +--- gnupg-2.2.8.orig/g10/mainproc.c ++++ gnupg-2.2.8/g10/mainproc.c +@@ -821,7 +821,12 @@ proc_plaintext( CTX c, PACKET *pkt ) according to 2440, so hopefully it won't come up that often. There is no good way to specify what algorithms to use in that case, so these there are the historical answer. */ diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index 6302c8b..fab47e1 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,11 +2,11 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.1.0/g10/passphrase.c +Index: gnupg-2.2.8/g10/passphrase.c =================================================================== ---- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 -+++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 -@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) +--- gnupg-2.2.8.orig/g10/passphrase.c ++++ gnupg-2.2.8/g10/passphrase.c +@@ -70,7 +70,7 @@ encode_s2k_iterations (int iterations) { /* Don't print an error if an older agent is used. */ if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) diff --git a/gpg2.changes b/gpg2.changes index fbec722..4c6fe62 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Jun 8 12:44:46 UTC 2018 - kbabioch@suse.com + +- Applied spec-cleaner +- Refreshed patches +- Update to version 2.2.8: + * gpg: Decryption of messages not using the MDC mode will now lead to a + hard failure even if a legacy cipher algorithm was used. The option + --ignore-mdc-error can be used to turn this failure into a warning. Take + care: Never use that option unconditionally or without a prior warning. + * gpg: The MDC encryption mode is now always used regardless of the + cipher algorithm or any preferences. For testing --rfc2440 can be + used to create a message without an MDC. + * gpg: Sanitize the diagnostic output of the original file name in + verbose mode. + * gpg: Detect suspicious multiple plaintext packets in a more reliable way. + * gpg: Fix the duplicate key signature detection code. + * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, + --disable-mdc and --no-disable-mdc have no more effect. + * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the + list of startup environment variables. + ------------------------------------------------------------------- Fri May 4 14:15:27 UTC 2018 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 25aeb85..e00a612 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,12 +17,12 @@ Name: gpg2 -Version: 2.2.7 +Version: 2.2.8 Release: 0 Summary: File encryption, decryption, signature creation and verification utility -License: GPL-3.0+ +License: GPL-3.0-or-later Group: Productivity/Networking/Security -Url: http://www.gnupg.org/aegypten2/ +URL: http://www.gnupg.org/aegypten2/ Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html From 4e0530a4d3a233ab004f4f3e4a58fb13c179eb4e595bc04a81aa16e63d520dcc Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 8 Jun 2018 13:05:19 +0000 Subject: [PATCH 2/5] Accepting request 615235 from home:kbabioch:branches:Base:System - Fix URL OBS-URL: https://build.opensuse.org/request/show/615235 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=199 --- gpg2.changes | 5 +++++ gpg2.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 4c6fe62..5cc7bd4 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jun 8 12:52:39 UTC 2018 - kbabioch@suse.com + +- Fix URL + ------------------------------------------------------------------- Fri Jun 8 12:44:46 UTC 2018 - kbabioch@suse.com diff --git a/gpg2.spec b/gpg2.spec index e00a612..eba2494 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -22,7 +22,7 @@ Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later Group: Productivity/Networking/Security -URL: http://www.gnupg.org/aegypten2/ +URL: https://www.gnupg.org Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html From ab3b40ddff4ab064ac6b9aa39cf7461c5945efffc6251a9d0bc40a801f8b78bf Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 8 Jun 2018 13:06:08 +0000 Subject: [PATCH 3/5] OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=200 --- gpg2.changes | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/gpg2.changes b/gpg2.changes index 5cc7bd4..118b23e 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,13 +1,6 @@ ------------------------------------------------------------------- Fri Jun 8 12:52:39 UTC 2018 - kbabioch@suse.com -- Fix URL - -------------------------------------------------------------------- -Fri Jun 8 12:44:46 UTC 2018 - kbabioch@suse.com - -- Applied spec-cleaner -- Refreshed patches - Update to version 2.2.8: * gpg: Decryption of messages not using the MDC mode will now lead to a hard failure even if a legacy cipher algorithm was used. The option @@ -24,6 +17,7 @@ Fri Jun 8 12:44:46 UTC 2018 - kbabioch@suse.com --disable-mdc and --no-disable-mdc have no more effect. * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the list of startup environment variables. +- Applied spec-cleaner, Refreshed patches and fixed upstream URL ------------------------------------------------------------------- Fri May 4 14:15:27 UTC 2018 - astieger@suse.com From 539c3348abeae12cbea350694d100179d7bd8bbb42e35fd6d9d02bc588b0f81b Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 8 Jun 2018 14:30:19 +0000 Subject: [PATCH 4/5] OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=201 --- gpg2.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gpg2.changes b/gpg2.changes index 118b23e..bdc45f4 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -10,7 +10,7 @@ Fri Jun 8 12:52:39 UTC 2018 - kbabioch@suse.com cipher algorithm or any preferences. For testing --rfc2440 can be used to create a message without an MDC. * gpg: Sanitize the diagnostic output of the original file name in - verbose mode. + verbose mode (bsc#1096745, CVE-2018-12020) * gpg: Detect suspicious multiple plaintext packets in a more reliable way. * gpg: Fix the duplicate key signature detection code. * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc, From a1f48048e7dd31b78752a162feb6d79a57db6af7b3401da40acfacbacdc5d735 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Fri, 8 Jun 2018 14:38:26 +0000 Subject: [PATCH 5/5] tweak patches OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=202 --- gnupg-2.0.9-langinfo.patch | 10 ++++----- ...tch => gnupg-2.2.8-files-are-digests.patch | 16 +++++++------- gnupg-add_legacy_FIPS_mode_option.patch | 20 +++++++++--------- gnupg-detect_FIPS_mode.patch | 21 +++++++------------ gnupg-dont-fail-with-seahorse-agent.patch | 8 +++---- gpg2.changes | 5 +++-- gpg2.spec | 2 +- 7 files changed, 39 insertions(+), 43 deletions(-) rename gnupg-2.0.18-files-are-digests.patch => gnupg-2.2.8-files-are-digests.patch (92%) diff --git a/gnupg-2.0.9-langinfo.patch b/gnupg-2.0.9-langinfo.patch index f027f2f..e7c22d8 100644 --- a/gnupg-2.0.9-langinfo.patch +++ b/gnupg-2.0.9-langinfo.patch @@ -1,13 +1,13 @@ # fix [bnc#305725] - non latin characters displayed incorrectly by pinentry --- -# common/utf8conv.c | 1 + +# jnlib/utf8conv.c | 1 + # 1 file changed, 1 insertion(+) # -Index: gnupg-2.2.8/common/utf8conv.c +Index: gnupg-2.1.0/common/utf8conv.c =================================================================== ---- gnupg-2.2.8.orig/common/utf8conv.c -+++ gnupg-2.2.8/common/utf8conv.c -@@ -205,6 +205,7 @@ set_native_charset (const char *newset) +--- gnupg-2.1.0.orig/common/utf8conv.c 2014-10-11 19:45:14.000000000 +0200 ++++ gnupg-2.1.0/common/utf8conv.c 2014-11-07 11:35:05.491413258 +0100 +@@ -198,6 +198,7 @@ set_native_charset (const char *newset) #else /*!HAVE_W32_SYSTEM && !HAVE_ANDROID_SYSTEM*/ #ifdef HAVE_LANGINFO_CODESET diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.2.8-files-are-digests.patch similarity index 92% rename from gnupg-2.0.18-files-are-digests.patch rename to gnupg-2.2.8-files-are-digests.patch index 54005bb..6de374e 100644 --- a/gnupg-2.0.18-files-are-digests.patch +++ b/gnupg-2.2.8-files-are-digests.patch @@ -1,13 +1,13 @@ --- g10/gpg.c | 4 +++ g10/options.h | 1 - g10/sign.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- - 3 files changed, 70 insertions(+), 5 deletions(-) + g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ + 3 files changed, 67 insertions(+), 6 deletions(-) Index: gnupg-2.2.8/g10/gpg.c =================================================================== ---- gnupg-2.2.8.orig/g10/gpg.c -+++ gnupg-2.2.8/g10/gpg.c +--- gnupg-2.2.8.orig/g10/gpg.c 2018-06-06 11:59:06.000000000 +0200 ++++ gnupg-2.2.8/g10/gpg.c 2018-06-08 16:34:33.287514003 +0200 @@ -376,6 +376,7 @@ enum cmd_and_opt_values oTTYtype, oLCctype, @@ -42,8 +42,8 @@ Index: gnupg-2.2.8/g10/gpg.c Index: gnupg-2.2.8/g10/options.h =================================================================== ---- gnupg-2.2.8.orig/g10/options.h -+++ gnupg-2.2.8/g10/options.h +--- gnupg-2.2.8.orig/g10/options.h 2018-05-31 12:03:06.000000000 +0200 ++++ gnupg-2.2.8/g10/options.h 2018-06-08 16:34:33.287514003 +0200 @@ -210,6 +210,7 @@ struct int no_auto_check_trustdb; int preserve_permissions; @@ -54,8 +54,8 @@ Index: gnupg-2.2.8/g10/options.h int enable_progress_filter; Index: gnupg-2.2.8/g10/sign.c =================================================================== ---- gnupg-2.2.8.orig/g10/sign.c -+++ gnupg-2.2.8/g10/sign.c +--- gnupg-2.2.8.orig/g10/sign.c 2017-08-28 12:22:54.000000000 +0200 ++++ gnupg-2.2.8/g10/sign.c 2018-06-08 16:34:33.287514003 +0200 @@ -43,6 +43,8 @@ #include "../common/mbox-util.h" #include "../common/compliance.h" diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 0921fb7..0a89bec 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.2.8/doc/gpg.texi +Index: gnupg-2.2.7/doc/gpg.texi =================================================================== ---- gnupg-2.2.8.orig/doc/gpg.texi -+++ gnupg-2.2.8/doc/gpg.texi -@@ -2076,6 +2076,24 @@ implies, this option is for experts only +--- gnupg-2.2.7.orig/doc/gpg.texi 2018-05-04 16:14:30.949580264 +0200 ++++ gnupg-2.2.7/doc/gpg.texi 2018-05-04 16:14:34.025609243 +0200 +@@ -2097,6 +2097,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,11 +32,11 @@ Index: gnupg-2.2.8/doc/gpg.texi @end table -Index: gnupg-2.2.8/g10/gpg.c +Index: gnupg-2.2.7/g10/gpg.c =================================================================== ---- gnupg-2.2.8.orig/g10/gpg.c -+++ gnupg-2.2.8/g10/gpg.c -@@ -421,6 +421,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.7.orig/g10/gpg.c 2018-05-04 16:14:30.949580264 +0200 ++++ gnupg-2.2.7/g10/gpg.c 2018-05-04 16:15:00.441858109 +0200 +@@ -425,6 +425,7 @@ enum cmd_and_opt_values oKeyOrigin, oRequestOrigin, oNoSymkeyCache, @@ -44,7 +44,7 @@ Index: gnupg-2.2.8/g10/gpg.c oNoop }; -@@ -864,6 +865,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -872,6 +873,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.2.8/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3566,6 +3568,13 @@ main (int argc, char **argv) +@@ -3568,6 +3570,13 @@ main (int argc, char **argv) opt.def_new_key_algo = pargs.r.ret_str; break; diff --git a/gnupg-detect_FIPS_mode.patch b/gnupg-detect_FIPS_mode.patch index 854b656..81aa96b 100644 --- a/gnupg-detect_FIPS_mode.patch +++ b/gnupg-detect_FIPS_mode.patch @@ -1,13 +1,8 @@ ---- - g10/encrypt.c | 5 ++++- - g10/mainproc.c | 7 ++++++- - 2 files changed, 10 insertions(+), 2 deletions(-) - -Index: gnupg-2.2.8/g10/encrypt.c +Index: gnupg-2.1.1/g10/encrypt.c =================================================================== ---- gnupg-2.2.8.orig/g10/encrypt.c -+++ gnupg-2.2.8/g10/encrypt.c -@@ -825,7 +825,10 @@ encrypt_filter (void *opaque, int contro +--- gnupg-2.1.1.orig/g10/encrypt.c ++++ gnupg-2.1.1/g10/encrypt.c +@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro /* Because 3DES is implicitly in the prefs, this can only happen if we do not have any public keys in the list. */ @@ -19,11 +14,11 @@ Index: gnupg-2.2.8/g10/encrypt.c } /* In case 3DES has been selected, print a warning if -Index: gnupg-2.2.8/g10/mainproc.c +Index: gnupg-2.1.1/g10/mainproc.c =================================================================== ---- gnupg-2.2.8.orig/g10/mainproc.c -+++ gnupg-2.2.8/g10/mainproc.c -@@ -821,7 +821,12 @@ proc_plaintext( CTX c, PACKET *pkt ) +--- gnupg-2.1.1.orig/g10/mainproc.c ++++ gnupg-2.1.1/g10/mainproc.c +@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt ) according to 2440, so hopefully it won't come up that often. There is no good way to specify what algorithms to use in that case, so these there are the historical answer. */ diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index fab47e1..6302c8b 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,11 +2,11 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.2.8/g10/passphrase.c +Index: gnupg-2.1.0/g10/passphrase.c =================================================================== ---- gnupg-2.2.8.orig/g10/passphrase.c -+++ gnupg-2.2.8/g10/passphrase.c -@@ -70,7 +70,7 @@ encode_s2k_iterations (int iterations) +--- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 ++++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 +@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) { /* Don't print an error if an older agent is used. */ if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) diff --git a/gpg2.changes b/gpg2.changes index bdc45f4..4f5dec8 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Fri Jun 8 12:52:39 UTC 2018 - kbabioch@suse.com +Fri Jun 8 14:37:06 UTC 2018 - kbabioch@suse.com - Update to version 2.2.8: * gpg: Decryption of messages not using the MDC mode will now lead to a @@ -17,7 +17,8 @@ Fri Jun 8 12:52:39 UTC 2018 - kbabioch@suse.com --disable-mdc and --no-disable-mdc have no more effect. * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the list of startup environment variables. -- Applied spec-cleaner, Refreshed patches and fixed upstream URL +- Refresh gnupg-2.0.18-files-are-digests.patch + to gnupg-2.2.8-files-are-digests.patch ------------------------------------------------------------------- Fri May 4 14:15:27 UTC 2018 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index eba2494..89a86f9 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -29,7 +29,7 @@ Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Source3: %{name}.keyring Source99: %{name}.changes Patch4: gnupg-2.0.9-langinfo.patch -Patch5: gnupg-2.0.18-files-are-digests.patch +Patch5: gnupg-2.2.8-files-are-digests.patch Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch