pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 402813 from security:privacy

Browse Source 
GnuPG 2.1.13

OBS-URL: https://build.opensuse.org/request/show/402813
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=140
This commit is contained in:
Andreas Stieger 2016-06-16 20:47:53 +00:00 committed by Git OBS Bridge
parent 50d1dfe332
commit b446cc7747
9 changed files with 74 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
gnupg-2.0.18-files-are-digests.patch
View File

@ -4,11 +4,11 @@
g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
3 files changed, 67 insertions(+), 6 deletions(-)
Index: gnupg-2.1.10/g10/gpg.c
Index: gnupg-2.1.13/g10/gpg.c
===================================================================
--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:25:25.749577555 +0100
+++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:26:04.777192262 +0100
@@ -355,6 +355,7 @@ enum cmd_and_opt_values
--- gnupg-2.1.13.orig/g10/gpg.c
+++ gnupg-2.1.13/g10/gpg.c
@@ -358,6 +358,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
@ -16,7 +16,7 @@ Index: gnupg-2.1.10/g10/gpg.c
oXauthority,
oGroup,
oUnGroup,
@@ -757,6 +758,7 @@ static ARGPARSE_OPTS opts[] = {
@@ -770,6 +771,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@ -24,15 +24,15 @@ Index: gnupg-2.1.10/g10/gpg.c
/* Aliases. I constantly mistype these, and assume other people do
as well. */
@@ -2483,6 +2485,7 @@ main (int argc, char **argv)
@@ -2247,6 +2249,7 @@ main (int argc, char **argv)
opt.def_cert_expire = "0";
set_homedir (default_homedir ());
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
+ opt.files_are_digests=0;
opt.emit_version = 1; /* Limit to the major number. */
opt.weak_digests = NULL;
additional_weak_digest("MD5");
@@ -3022,6 +3025,7 @@ main (int argc, char **argv)
@@ -2797,6 +2800,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@ -40,11 +40,11 @@ Index: gnupg-2.1.10/g10/gpg.c
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
Index: gnupg-2.1.10/g10/options.h
Index: gnupg-2.1.13/g10/options.h
===================================================================
--- gnupg-2.1.10.orig/g10/options.h 2015-12-04 14:25:25.749577555 +0100
+++ gnupg-2.1.10/g10/options.h 2015-12-04 14:25:28.472550675 +0100
@@ -205,6 +205,7 @@ struct
--- gnupg-2.1.13.orig/g10/options.h
+++ gnupg-2.1.13/g10/options.h
@@ -206,6 +206,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@ -52,20 +52,20 @@ Index: gnupg-2.1.10/g10/options.h
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
Index: gnupg-2.1.10/g10/sign.c
Index: gnupg-2.1.13/g10/sign.c
===================================================================
--- gnupg-2.1.10.orig/g10/sign.c 2015-12-04 14:25:25.750577545 +0100
+++ gnupg-2.1.10/g10/sign.c 2015-12-04 14:25:28.473550666 +0100
@@ -41,7 +41,7 @@
#include "pkglue.h"
#include "sysutils.h"
--- gnupg-2.1.13.orig/g10/sign.c
+++ gnupg-2.1.13/g10/sign.c
@@ -42,6 +42,8 @@
#include "call-agent.h"
-
+#include "host2net.h"
#include "mbox-util.h"
+#include "host2net.h"
+
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
@@ -681,8 +681,12 @@ write_signature_packets (SK_LIST sk_list
#else
@@ -694,8 +696,12 @@ write_signature_packets (SK_LIST sk_list
mk_notation_policy_etc (sig, NULL, pk);
}
@ -78,7 +78,7 @@ Index: gnupg-2.1.10/g10/sign.c
rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md);
@@ -740,6 +744,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -753,6 +759,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
@ -87,7 +87,7 @@ Index: gnupg-2.1.10/g10/sign.c
pfx = new_progress_context ();
afx = new_armor_context ();
@@ -756,7 +762,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -769,7 +777,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
@ -105,7 +105,7 @@ Index: gnupg-2.1.10/g10/sign.c
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
@@ -777,7 +792,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -790,7 +807,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
/* prepare iobufs */
@ -114,7 +114,7 @@ Index: gnupg-2.1.10/g10/sign.c
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
@@ -915,7 +930,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -928,7 +945,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@ -123,7 +123,7 @@ Index: gnupg-2.1.10/g10/sign.c
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag)
@@ -970,6 +985,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -983,6 +1000,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
@ -132,7 +132,7 @@ Index: gnupg-2.1.10/g10/sign.c
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
@@ -1010,6 +1027,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1023,6 +1042,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
log_printf ("\n");
}
@ -178,7 +178,7 @@ Index: gnupg-2.1.10/g10/sign.c
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
@@ -1027,8 +1083,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1040,8 +1098,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,

3
gnupg-2.1.12.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506
size 5510723

BIN
gnupg-2.1.12.tar.bz2.sig
View File

Binary file not shown.

3
gnupg-2.1.13.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4f9d83a6221daa60130fa79f0b1d37d6c20fffdd0320b640c7a597c5b6219675
size 5545361

BIN
gnupg-2.1.13.tar.bz2.sig Normal file
View File

Binary file not shown.

22
gnupg-add_legacy_FIPS_mode_option.patch
View File

@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
Index: gnupg-2.1.10/doc/gpg.texi
Index: gnupg-2.1.13/doc/gpg.texi
===================================================================
--- gnupg-2.1.10.orig/doc/gpg.texi 2015-12-04 14:28:28.840769433 +0100
+++ gnupg-2.1.10/doc/gpg.texi 2015-12-04 14:28:33.784720588 +0100
@@ -1875,6 +1875,24 @@ implies, this option is for experts only
--- gnupg-2.1.13.orig/doc/gpg.texi
+++ gnupg-2.1.13/doc/gpg.texi
@@ -1996,6 +1996,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
@ -32,19 +32,19 @@ Index: gnupg-2.1.10/doc/gpg.texi
@end table
Index: gnupg-2.1.10/g10/gpg.c
Index: gnupg-2.1.13/g10/gpg.c
===================================================================
--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:28:28.843769403 +0100
+++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:29:04.084421214 +0100
@@ -394,6 +394,7 @@ enum cmd_and_opt_values
oWeakDigest,
--- gnupg-2.1.13.orig/g10/gpg.c
+++ gnupg-2.1.13/g10/gpg.c
@@ -398,6 +398,7 @@ enum cmd_and_opt_values
oUnwrap,
oOnlySignTextIDs,
oDisableSignerUID,
+ oSetLegacyFips,
oNoop
};
@@ -796,6 +797,7 @@ static ARGPARSE_OPTS opts[] = {
@@ -809,6 +810,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@ -52,7 +52,7 @@ Index: gnupg-2.1.10/g10/gpg.c
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
@@ -3556,6 +3558,13 @@ main (int argc, char **argv)
@@ -3330,6 +3332,13 @@ main (int argc, char **argv)
case oNoAutostart: opt.autostart = 0; break;

50
gnupg-fix-signature-checking.patch
View File

@ -1,50 +0,0 @@
From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 11 May 2016 19:27:03 +0900
Subject: [PATCH] g10: Fix signature checking.
* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
walk_kbnode.
--
Thanks to Vincent Brillault (Feandil).
GnuPG-bug-id: 2351
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
g10/sig-check.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 290f19a..7000b48 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
*is_selfsig = 1;
}
else
- /* See if one of the subkeys was the signer (although this is
- extremely unlikely). */
{
kbnode_t ctx = NULL;
kbnode_t n;
- while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY)))
+ /* See if one of the subkeys was the signer (although this
+ is extremely unlikely). */
+ while ((n = walk_kbnode (kb, &ctx, 0)))
{
- PKT_public_key *subk = n->pkt->pkt.public_key;
+ PKT_public_key *subk;
+
+ if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ continue;
+
+ subk = n->pkt->pkt.public_key;
if (sig->keyid[0] == subk->keyid[0]
&& sig->keyid[1] == subk->keyid[1])
/* Issued by a subkey. */
--
2.8.0.rc3

31
gpg2.changes
View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com
- GnuPG 2.1.13:
* gpg: New command --quick-addkey. Extend the --quick-gen-key
command.
* gpg: New --keyid-format "none" which is now also the default.
* gpg: New option --with-subkey-fingerprint.
* gpg: Include Signer's UID subpacket in signatures if the secret key
has been specified using a mail address and the new option
--disable-signer-uid is not used.
* gpg: Allow unattended deletion of a secret key.
* gpg: Allow export of non-passphrase protected secret keys.
* gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS.
* gpg: Change status line TOFU_STATS_LONG to use '~' as
a non-breaking-space character.
* gpg: Speedup key listings in Tofu mode.
* gpg: Make sure that the current and total values of a PROGRESS
status line are small enough.
* gpgsm: Allow the use of AES192 and SERPENT ciphers.
* dirmngr: Adjust WKD lookup to current specs.
* dirmngr: Fallback to LDAP v3 if v2 is is not supported.
* gpgconf: New commands --create-socketdir and --remove-socketdir,
new option --homedir.
* If a /run/user/$UID directory exists, that directory is now used
for IPC sockets instead of the GNUPGHOME directory. This fixes
problems with NFS and too long socket names and thus avoids the
need for redirection files.
* Speedup fd closing after a fork.
- drop upstreamed gnupg-fix-signature-checking.patch
-------------------------------------------------------------------
Thu Jun 2 16:01:40 UTC 2016 - pjanouch@suse.de

4
gpg2.spec
View File

@ -17,7 +17,7 @@
Name: gpg2
Version: 2.1.12
Version: 2.1.13
Release: 0
Summary: GnuPG 2
License: GPL-3.0+
@ -34,7 +34,6 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch
Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch12: gnupg-fix-signature-checking.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: libadns-devel
@ -85,7 +84,6 @@ gpg-agent, and a keybox library.
%patch8 -p1
%patch9 -p1
%patch11 -p1
%patch12 -p1
%build
date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})