From b446cc77479f137f7782ec63560c1fedff666d5ae69666803a0f6eca2badf324 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Thu, 16 Jun 2016 20:47:53 +0000
Subject: [PATCH] Accepting request 402813 from security:privacy

GnuPG 2.1.13

OBS-URL: https://build.opensuse.org/request/show/402813
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=140
---
 gnupg-2.0.18-files-are-digests.patch    |  56 ++++++++++++------------
 gnupg-2.1.12.tar.bz2                    |   3 --
 gnupg-2.1.12.tar.bz2.sig                | Bin 574 -> 0 bytes
 gnupg-2.1.13.tar.bz2                    |   3 ++
 gnupg-2.1.13.tar.bz2.sig                | Bin 0 -> 287 bytes
 gnupg-add_legacy_FIPS_mode_option.patch |  22 +++++-----
 gnupg-fix-signature-checking.patch      |  50 ---------------------
 gpg2.changes                            |  31 +++++++++++++
 gpg2.spec                               |   4 +-
 9 files changed, 74 insertions(+), 95 deletions(-)
 delete mode 100644 gnupg-2.1.12.tar.bz2
 delete mode 100644 gnupg-2.1.12.tar.bz2.sig
 create mode 100644 gnupg-2.1.13.tar.bz2
 create mode 100644 gnupg-2.1.13.tar.bz2.sig
 delete mode 100644 gnupg-fix-signature-checking.patch

diff --git a/gnupg-2.0.18-files-are-digests.patch b/gnupg-2.0.18-files-are-digests.patch
index 961e5a0..e08ff98 100644
--- a/gnupg-2.0.18-files-are-digests.patch
+++ b/gnupg-2.0.18-files-are-digests.patch
@@ -4,11 +4,11 @@
  g10/sign.c    |   68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.10/g10/gpg.c
+Index: gnupg-2.1.13/g10/gpg.c
 ===================================================================
---- gnupg-2.1.10.orig/g10/gpg.c	2015-12-04 14:25:25.749577555 +0100
-+++ gnupg-2.1.10/g10/gpg.c	2015-12-04 14:26:04.777192262 +0100
-@@ -355,6 +355,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.13.orig/g10/gpg.c
++++ gnupg-2.1.13/g10/gpg.c
+@@ -358,6 +358,7 @@ enum cmd_and_opt_values
      oTTYtype,
      oLCctype,
      oLCmessages,
@@ -16,7 +16,7 @@ Index: gnupg-2.1.10/g10/gpg.c
      oXauthority,
      oGroup,
      oUnGroup,
-@@ -757,6 +758,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -770,6 +771,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
    ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
    ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,15 +24,15 @@ Index: gnupg-2.1.10/g10/gpg.c
  
    /* Aliases.  I constantly mistype these, and assume other people do
       as well. */
-@@ -2483,6 +2485,7 @@ main (int argc, char **argv)
+@@ -2247,6 +2249,7 @@ main (int argc, char **argv)
      opt.def_cert_expire = "0";
-     set_homedir (default_homedir ());
+     gnupg_set_homedir (NULL);
      opt.passphrase_repeat = 1;
 +    opt.files_are_digests=0;
      opt.emit_version = 1; /* Limit to the major number.  */
      opt.weak_digests = NULL;
      additional_weak_digest("MD5");
-@@ -3022,6 +3025,7 @@ main (int argc, char **argv)
+@@ -2797,6 +2800,7 @@ main (int argc, char **argv)
  	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
  	    break;
  	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@@ -40,11 +40,11 @@ Index: gnupg-2.1.10/g10/gpg.c
  
  	  case oForceMDC: opt.force_mdc = 1; break;
  	  case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.10/g10/options.h
+Index: gnupg-2.1.13/g10/options.h
 ===================================================================
---- gnupg-2.1.10.orig/g10/options.h	2015-12-04 14:25:25.749577555 +0100
-+++ gnupg-2.1.10/g10/options.h	2015-12-04 14:25:28.472550675 +0100
-@@ -205,6 +205,7 @@ struct
+--- gnupg-2.1.13.orig/g10/options.h
++++ gnupg-2.1.13/g10/options.h
+@@ -206,6 +206,7 @@ struct
    int no_auto_check_trustdb;
    int preserve_permissions;
    int no_homedir_creation;
@@ -52,20 +52,20 @@ Index: gnupg-2.1.10/g10/options.h
    struct groupitem *grouplist;
    int mangle_dos_filenames;
    int enable_progress_filter;
-Index: gnupg-2.1.10/g10/sign.c
+Index: gnupg-2.1.13/g10/sign.c
 ===================================================================
---- gnupg-2.1.10.orig/g10/sign.c	2015-12-04 14:25:25.750577545 +0100
-+++ gnupg-2.1.10/g10/sign.c	2015-12-04 14:25:28.473550666 +0100
-@@ -41,7 +41,7 @@
- #include "pkglue.h"
- #include "sysutils.h"
+--- gnupg-2.1.13.orig/g10/sign.c
++++ gnupg-2.1.13/g10/sign.c
+@@ -42,6 +42,8 @@
  #include "call-agent.h"
--
-+#include "host2net.h"
+ #include "mbox-util.h"
  
++#include "host2net.h"
++
  #ifdef HAVE_DOSISH_SYSTEM
  #define LF "\r\n"
-@@ -681,8 +681,12 @@ write_signature_packets (SK_LIST sk_list
+ #else
+@@ -694,8 +696,12 @@ write_signature_packets (SK_LIST sk_list
            mk_notation_policy_etc (sig, NULL, pk);
          }
  
@@ -78,7 +78,7 @@ Index: gnupg-2.1.10/g10/sign.c
  
        rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
        gcry_md_close (md);
-@@ -740,6 +744,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -753,6 +759,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
      SK_LIST sk_rover = NULL;
      int multifile = 0;
      u32 duration=0;
@@ -87,7 +87,7 @@ Index: gnupg-2.1.10/g10/sign.c
  
      pfx = new_progress_context ();
      afx = new_armor_context ();
-@@ -756,7 +762,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -769,7 +777,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	fname = NULL;
  
      if( fname && filenames->next && (!detached || encryptflag) )
@@ -105,7 +105,7 @@ Index: gnupg-2.1.10/g10/sign.c
  
      if(encryptflag==2
         && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -777,7 +792,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -790,7 +807,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
        goto leave;
  
      /* prepare iobufs */
@@ -114,7 +114,7 @@ Index: gnupg-2.1.10/g10/sign.c
  	inp = NULL; /* we do it later */
      else {
        inp = iobuf_open(fname);
-@@ -915,7 +930,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -928,7 +945,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
      for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
        gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
  
@@ -123,7 +123,7 @@ Index: gnupg-2.1.10/g10/sign.c
  	iobuf_push_filter( inp, md_filter, &mfx );
  
      if( detached && !encryptflag)
-@@ -970,6 +985,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -983,6 +1000,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      write_status_begin_signing (mfx.md);
  
@@ -132,7 +132,7 @@ Index: gnupg-2.1.10/g10/sign.c
      /* Setup the inner packet. */
      if( detached ) {
  	if( multifile ) {
-@@ -1010,6 +1027,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1023,6 +1042,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	    if( opt.verbose )
                log_printf ("\n");
  	}
@@ -178,7 +178,7 @@ Index: gnupg-2.1.10/g10/sign.c
  	else {
  	    /* read, so that the filter can calculate the digest */
  	    while( iobuf_get(inp) != -1 )
-@@ -1027,8 +1083,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1040,8 +1098,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      /* write the signatures */
      rc = write_signature_packets (sk_list, out, mfx.md,
diff --git a/gnupg-2.1.12.tar.bz2 b/gnupg-2.1.12.tar.bz2
deleted file mode 100644
index 812395b..0000000
--- a/gnupg-2.1.12.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ac34929d2400a58a349963865442ee6cdd75e500a8d5df083d29835e88bfc506
-size 5510723
diff --git a/gnupg-2.1.12.tar.bz2.sig b/gnupg-2.1.12.tar.bz2.sig
deleted file mode 100644
index 98d8011791a246ca2600b873b5ab042fb7d20e0f042fc0636a0a711f63bf72e8..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 574
zcmV-E0>S->0UQJX0SEvF1p-$p0jmHC2@oWkInqxh<F*yF2mU1`U<_cWHBZc3_(@cf
zs+C@}Ny1gZ1;m-9HMjMi0hF~Je#DrQtwv42w-*PZZbd4%aSiTWGObX*)BkUn{*K|5
zmz37K+V67L3Z1mF=Xw70oNo33vy|X*Lew{8<__EectM??`Afwl+0t{lRK3o(3(#7C
zd+6;y^!F{=UfMBb;#-^#d6H>MO!k;5iY+<Xc+^c%(*@@#2PUbi)eJG_yR6i5CJ92V
zAFU8@L>f|feqg2`6y$fd%gRXL3a_?g0mu<^ZwuA=`l!z=9DqH$IF34)LH61BiBS}h
z1&&@cJ}&ERBy~rFPZVx%0VxF(7I{cGue!f?dxv@D>}-hv90ULX2ml5J0#_?Jy8sFa
z5Fl}|iZi`G2L56P|6iPV_uulhlVuSc%yFGNQV0OotN9`p<2S`_N8=DXm$c~o%nD;C
zV|q;&cyg#AcxS^1#4`>D9$prSgAJKuJL9fC77n*qG|89Hx2L5-8*3wnlSNKi$24by
zi+n(D`D0TH;oSS2fcNOeppkixfutZgd+i}Fca==@`|S4Z1l}T2Mq_B~$EXOolkPuM
zI;xn)WO*%?>H`+;9f#1UD&+#%f6+7X@>x6jhMC!vV4;^%)xLqBS`F;I7|gejcg18O
zqIz0KG!f@@w=u5YnGExxFu;a$zi?4jc6$}55f30ie`t@PQS#m#heWYm$h99#5uFR}
Mu2+ga_x5h#93Zg_?*IS*

diff --git a/gnupg-2.1.13.tar.bz2 b/gnupg-2.1.13.tar.bz2
new file mode 100644
index 0000000..6c6df08
--- /dev/null
+++ b/gnupg-2.1.13.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4f9d83a6221daa60130fa79f0b1d37d6c20fffdd0320b640c7a597c5b6219675
+size 5545361
diff --git a/gnupg-2.1.13.tar.bz2.sig b/gnupg-2.1.13.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..2507d3ae2166a5f92eb94ed17b7197b18164382c81d9a66463daa84b5d61cf29
GIT binary patch
literal 287
zcmV+)0pR|L0UQJX0SEvF1p-%M#s&Zi2@oWkInqxh<F<@h2mU#cY8ESVF*~wmaz6DN
zTpy$q_BvvD(|`GazzfYwK8MF9i%TaX?b}y+lChd9%{x)(V4jZYV{P1kAphkseD+}Z
z(v1<Iz14+n+2Eua*xWc&0$4#UuE8zbj_g@Q$AAx@(YTx~twu9V=6|h1HRLp|5Ta8)
zdadwN>?9xTxQ0?Ld@`HF4T!;kK9ITfz!Z#QvWDnRz5M6p2ZdWJh$25s-x(GTs<0~&
zTv!7k!ft!|xAt`=a~q8YIAs_W4dYWYViw);Kf@>ueKo*6)ne|#;58y7VSr#DdSG>r
lYR^tx6`!MMK;7eD&BHVM&K^<FlwuX}H!o@5a$cT5SoGf5gB<_>

literal 0
HcmV?d00001

diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch
index 968bc34..71d7ba4 100644
--- a/gnupg-add_legacy_FIPS_mode_option.patch
+++ b/gnupg-add_legacy_FIPS_mode_option.patch
@@ -3,11 +3,11 @@
  g10/gpg.c    |    9 +++++++++
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.1.10/doc/gpg.texi
+Index: gnupg-2.1.13/doc/gpg.texi
 ===================================================================
---- gnupg-2.1.10.orig/doc/gpg.texi	2015-12-04 14:28:28.840769433 +0100
-+++ gnupg-2.1.10/doc/gpg.texi	2015-12-04 14:28:33.784720588 +0100
-@@ -1875,6 +1875,24 @@ implies, this option is for experts only
+--- gnupg-2.1.13.orig/doc/gpg.texi
++++ gnupg-2.1.13/doc/gpg.texi
+@@ -1996,6 +1996,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,19 +32,19 @@ Index: gnupg-2.1.10/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.1.10/g10/gpg.c
+Index: gnupg-2.1.13/g10/gpg.c
 ===================================================================
---- gnupg-2.1.10.orig/g10/gpg.c	2015-12-04 14:28:28.843769403 +0100
-+++ gnupg-2.1.10/g10/gpg.c	2015-12-04 14:29:04.084421214 +0100
-@@ -394,6 +394,7 @@ enum cmd_and_opt_values
-     oWeakDigest,
+--- gnupg-2.1.13.orig/g10/gpg.c
++++ gnupg-2.1.13/g10/gpg.c
+@@ -398,6 +398,7 @@ enum cmd_and_opt_values
      oUnwrap,
      oOnlySignTextIDs,
+     oDisableSignerUID,
 +    oSetLegacyFips,
  
      oNoop
    };
-@@ -796,6 +797,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -809,6 +810,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
    ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
    ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -52,7 +52,7 @@ Index: gnupg-2.1.10/g10/gpg.c
  
    /* These two are aliases to help users of the PGP command line
       product use gpg with minimal pain.  Many commands are common
-@@ -3556,6 +3558,13 @@ main (int argc, char **argv)
+@@ -3330,6 +3332,13 @@ main (int argc, char **argv)
  
            case oNoAutostart: opt.autostart = 0; break;
  
diff --git a/gnupg-fix-signature-checking.patch b/gnupg-fix-signature-checking.patch
deleted file mode 100644
index 9ede8fe..0000000
--- a/gnupg-fix-signature-checking.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 11 May 2016 19:27:03 +0900
-Subject: [PATCH] g10: Fix signature checking.
-
-* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
-walk_kbnode.
-
---
-
-Thanks to Vincent Brillault (Feandil).
-
-GnuPG-bug-id: 2351
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- g10/sig-check.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/g10/sig-check.c b/g10/sig-check.c
-index 290f19a..7000b48 100644
---- a/g10/sig-check.c
-+++ b/g10/sig-check.c
-@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
-             *is_selfsig = 1;
-         }
-       else
--        /* See if one of the subkeys was the signer (although this is
--           extremely unlikely).  */
-         {
-           kbnode_t ctx = NULL;
-           kbnode_t n;
- 
--          while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY)))
-+          /* See if one of the subkeys was the signer (although this
-+             is extremely unlikely).  */
-+          while ((n = walk_kbnode (kb, &ctx, 0)))
-             {
--              PKT_public_key *subk = n->pkt->pkt.public_key;
-+              PKT_public_key *subk;
-+
-+              if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
-+                continue;
-+
-+              subk = n->pkt->pkt.public_key;
-               if (sig->keyid[0] == subk->keyid[0]
-                   && sig->keyid[1] == subk->keyid[1])
-                 /* Issued by a subkey.  */
--- 
-2.8.0.rc3
-
diff --git a/gpg2.changes b/gpg2.changes
index cb5faec..80ceebd 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com
+
+- GnuPG 2.1.13:
+ * gpg: New command --quick-addkey.  Extend the --quick-gen-key
+   command.
+ * gpg: New --keyid-format "none" which is now also the default.
+ * gpg: New option --with-subkey-fingerprint.
+ * gpg: Include Signer's UID subpacket in signatures if the secret key
+   has been specified using a mail address and the new option
+   --disable-signer-uid is not used.
+ * gpg: Allow unattended deletion of a secret key.
+ * gpg: Allow export of non-passphrase protected secret keys.
+ * gpg: New status lines KEY_CONSIDERED and NOTATION_FLAGS.
+ * gpg: Change status line TOFU_STATS_LONG to use '~' as
+   a non-breaking-space character.
+ * gpg: Speedup key listings in Tofu mode.
+ * gpg: Make sure that the current and total values of a PROGRESS
+   status line are small enough.
+ * gpgsm: Allow the use of AES192 and SERPENT ciphers.
+ * dirmngr: Adjust WKD lookup to current specs.
+ * dirmngr: Fallback to LDAP v3 if v2 is is not supported.
+ * gpgconf: New commands --create-socketdir and --remove-socketdir,
+   new option --homedir.
+ * If a /run/user/$UID directory exists, that directory is now used
+   for IPC sockets instead of the GNUPGHOME directory.  This fixes
+   problems with NFS and too long socket names and thus avoids the
+   need for redirection files.
+ * Speedup fd closing after a fork.
+- drop upstreamed gnupg-fix-signature-checking.patch
+
 -------------------------------------------------------------------
 Thu Jun  2 16:01:40 UTC 2016 - pjanouch@suse.de
 
diff --git a/gpg2.spec b/gpg2.spec
index 467e25a..7c2283a 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.1.12
+Version:        2.1.13
 Release:        0
 Summary:        GnuPG 2
 License:        GPL-3.0+
@@ -34,7 +34,6 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:        gnupg-fix-signature-checking.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -85,7 +84,6 @@ gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
 
 %build
 date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})