Accepting request 236179 from home:AndreasStieger:branches:Base:System

update to 2.0.23

OBS-URL: https://build.opensuse.org/request/show/236179
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=71

gnupg-2.0.18-files-are-digests.patch

@@ -1,7 +1,14 @@
-diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c
---- gnupg-2.0.18.orig/g10/gpg.c	2011-07-22 13:00:44.000000000 +0100
-+++ gnupg-2.0.18/g10/gpg.c	2011-08-06 21:07:32.000000000 +0100
-@@ -341,6 +341,7 @@ enum cmd_and_opt_values
+---
+ g10/gpg.c     |    4 +++
+ g10/options.h |    1 
+ g10/sign.c    |   66 +++++++++++++++++++++++++++++++++++++++++++++++++++++-----
+ 3 files changed, 66 insertions(+), 5 deletions(-)
+
+Index: gnupg-2.0.23/g10/gpg.c
+===================================================================
+--- gnupg-2.0.23.orig/g10/gpg.c	2014-06-03 22:36:44.000000000 +0100
++++ gnupg-2.0.23/g10/gpg.c	2014-06-03 22:36:55.000000000 +0100
+@@ -345,6 +345,7 @@ enum cmd_and_opt_values
      oTTYtype,
      oLCctype,
      oLCmessages,
@@ -9,7 +16,7 @@ diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c
      oXauthority,
      oGroup,
      oUnGroup,
-@@ -706,6 +707,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -711,6 +712,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
    ARGPARSE_s_s (oPersonalCompressPreferences,
                                           "personal-compress-preferences", "@"),
@@ -17,15 +24,15 @@ diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c
  
    /* Aliases.  I constantly mistype these, and assume other people do
       as well. */
-@@ -1996,6 +1998,7 @@ main (int argc, char **argv)
+@@ -2001,6 +2003,7 @@ main (int argc, char **argv)
      opt.def_sig_expire="0";
      opt.def_cert_expire="0";
      set_homedir ( default_homedir () );
 +	opt.files_are_digests=0;
      opt.passphrase_repeat=1;
+     opt.emit_version = 1; /* Limit to the major number.  */
  
-     /* Check whether we have a config file on the command line.  */
-@@ -2484,6 +2487,7 @@ main (int argc, char **argv)
+@@ -2491,6 +2494,7 @@ main (int argc, char **argv)
  	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
  	  case oForceV3Sigs: opt.force_v3_sigs = 1; break;
  	  case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
@@ -33,11 +40,11 @@ diff -rup gnupg-2.0.18.orig/g10/gpg.c gnupg-2.0.18/g10/gpg.c
            case oForceV4Certs: opt.force_v4_certs = 1; break;
            case oNoForceV4Certs: opt.force_v4_certs = 0; break;
  	  case oForceMDC: opt.force_mdc = 1; break;
-Only in gnupg-2.0.18/g10: gpg.c.orig
-diff -rup gnupg-2.0.18.orig/g10/options.h gnupg-2.0.18/g10/options.h
---- gnupg-2.0.18.orig/g10/options.h	2011-07-22 13:00:44.000000000 +0100
-+++ gnupg-2.0.18/g10/options.h	2011-08-06 21:07:32.000000000 +0100
-@@ -194,6 +194,7 @@ struct
+Index: gnupg-2.0.23/g10/options.h
+===================================================================
+--- gnupg-2.0.23.orig/g10/options.h	2014-06-03 22:36:44.000000000 +0100
++++ gnupg-2.0.23/g10/options.h	2014-06-03 22:36:55.000000000 +0100
+@@ -198,6 +198,7 @@ struct
    int no_auto_check_trustdb;
    int preserve_permissions;
    int no_homedir_creation;
@@ -45,9 +52,10 @@ diff -rup gnupg-2.0.18.orig/g10/options.h gnupg-2.0.18/g10/options.h
    struct groupitem *grouplist;
    int mangle_dos_filenames;
    int enable_progress_filter;
-diff -rup gnupg-2.0.18.orig/g10/sign.c gnupg-2.0.18/g10/sign.c
---- gnupg-2.0.18.orig/g10/sign.c	2011-07-22 13:00:44.000000000 +0100
-+++ gnupg-2.0.18/g10/sign.c	2011-08-06 21:07:32.000000000 +0100
+Index: gnupg-2.0.23/g10/sign.c
+===================================================================
+--- gnupg-2.0.23.orig/g10/sign.c	2014-06-03 22:36:44.000000000 +0100
++++ gnupg-2.0.23/g10/sign.c	2014-06-03 22:36:55.000000000 +0100
 @@ -665,8 +665,12 @@ write_signature_packets (SK_LIST sk_list
              mk_notation_policy_etc (sig, NULL, sk);
            }

gnupg-2.0.22.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251
-size 4277117

gnupg-2.0.23.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cf196b8056eafb4236f000a3e12543e0022a1fec4d6edff1b91b48936c109841
+size 4297195

gnupg-2.0.9-RSA_ES.patch

@@ -1,45 +0,0 @@
-# adds back support for deprecated RSA_E, RSA_S algorithms
----
-# g10/misc.c |    8 ++++++++
-# 1 file changed, 8 insertions(+)
-#
-Index: gnupg-2.0.22/g10/misc.c
-===================================================================
---- gnupg-2.0.22.orig/g10/misc.c	2013-10-04 16:54:48.000000000 +0100
-+++ gnupg-2.0.22/g10/misc.c	2013-10-05 12:39:16.000000000 +0100
-@@ -1333,6 +1333,8 @@ pubkey_get_npkey( int algo )
- 
-   if (algo == GCRY_PK_ELG_E)
-     algo = GCRY_PK_ELG;
-+  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
-+    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
-                          GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
-     n = 0;
-@@ -1353,6 +1355,8 @@ pubkey_get_nskey( int algo )
- 
-   if (algo == GCRY_PK_ELG_E)
-     algo = GCRY_PK_ELG;
-+  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
-+    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
-                          GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
-     n = 0;
-@@ -1373,6 +1377,8 @@ pubkey_get_nsig( int algo )
- 
-   if (algo == GCRY_PK_ELG_E)
-     algo = GCRY_PK_ELG;
-+  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
-+    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
-                          GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
-     n = 0;
-@@ -1393,6 +1399,8 @@ pubkey_get_nenc( int algo )
- 
-   if (algo == GCRY_PK_ELG_E)
-     algo = GCRY_PK_ELG;
-+  if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
-+    algo = GCRY_PK_RSA;
-   if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
-                          GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
-     n = 0;

gnupg-add_legacy_FIPS_mode_option.patch

@@ -1,8 +1,13 @@
-Index: gnupg-2.0.22/doc/gpg.texi
+---
+ doc/gpg.texi |   18 ++++++++++++++++++
+ g10/gpg.c    |    9 +++++++++
+ 2 files changed, 27 insertions(+)
+
+Index: gnupg-2.0.23/doc/gpg.texi
 ===================================================================
---- gnupg-2.0.22.orig/doc/gpg.texi	2013-10-04 19:08:32.000000000 +0200
-+++ gnupg-2.0.22/doc/gpg.texi	2014-04-30 12:42:35.129468147 +0200
-@@ -1795,6 +1795,24 @@ implies, this option is for experts only
+--- gnupg-2.0.23.orig/doc/gpg.texi	2014-06-03 22:22:56.000000000 +0100
++++ gnupg-2.0.23/doc/gpg.texi	2014-06-03 22:25:03.000000000 +0100
+@@ -1851,6 +1851,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -27,29 +32,29 @@ Index: gnupg-2.0.22/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.0.22/g10/gpg.c
+Index: gnupg-2.0.23/g10/gpg.c
 ===================================================================
---- gnupg-2.0.22.orig/g10/gpg.c	2014-04-30 12:42:35.117468014 +0200
-+++ gnupg-2.0.22/g10/gpg.c	2014-04-30 12:42:35.129468147 +0200
-@@ -368,6 +368,7 @@ enum cmd_and_opt_values
-     oDisableDSA2,
+--- gnupg-2.0.23.orig/g10/gpg.c	2014-06-03 22:24:52.000000000 +0100
++++ gnupg-2.0.23/g10/gpg.c	2014-06-03 22:25:56.000000000 +0100
+@@ -369,6 +369,7 @@ enum cmd_and_opt_values
      oAllowMultipleMessages,
      oNoAllowMultipleMessages,
+     oAllowWeakDigestAlgos,
 +    oSetLegacyFips,
  
      oNoop
    };
-@@ -744,6 +745,7 @@ static ARGPARSE_OPTS opts[] = {
-   ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
+@@ -746,6 +747,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
    ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
+   ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
 +  ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
  
    /* These two are aliases to help users of the PGP command line
       product use gpg with minimal pain.  Many commands are common
-@@ -2948,6 +2950,13 @@ main (int argc, char **argv)
- 	    opt.flags.allow_multiple_messages=0;
- 	    break;
+@@ -2959,6 +2961,13 @@ main (int argc, char **argv)
+             opt.flags.allow_weak_digest_algos = 1;
+             break;
  
 +	  case oSetLegacyFips:
 +	    if(gcry_fips_mode_active())

gnupg-dont-fail-with-seahorse-agent.patch

@@ -2,10 +2,10 @@
  g10/passphrase.c |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-Index: gnupg-2.0.15/g10/passphrase.c
+Index: gnupg-2.0.23/g10/passphrase.c
 ===================================================================
---- gnupg-2.0.15.orig/g10/passphrase.c	2010-01-11 15:11:17.000000000 +0100
-+++ gnupg-2.0.15/g10/passphrase.c	2010-04-07 16:06:49.000000000 +0200
+--- gnupg-2.0.23.orig/g10/passphrase.c	2014-06-03 07:59:18.000000000 +0100
++++ gnupg-2.0.23/g10/passphrase.c	2014-06-03 22:37:30.000000000 +0100
 @@ -72,7 +72,7 @@ encode_s2k_iterations (int iterations)
          {
            /* Don't print an error if an older agent is used.  */
@@ -13,5 +13,5 @@ Index: gnupg-2.0.15/g10/passphrase.c
 -            log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
 +            log_info (_("problem with the agent: %s\n"), gpg_strerror (err));
            /* Default to 65536 which we used up to 2.0.13.  */
-           return 96; 
+           return 96;
          }

gpg2.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Tue Jun  3 21:55:34 UTC 2014 - andreas.stieger@gmx.de
+
+- update to 2.0.23:
+ * gpg: Reject signatures made using the MD5 hash algorithm unless the
+   new option --allow-weak-digest-algos or --pgp2 are given.
+ * gpg: Do not create a trustdb file if --trust-model=always is used.
+ * gpg: Only the major version number is by default included in the
+   armored output.
+ * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
+   communication with the gpg-agent.
+ * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
+   aligned to the regular key listing ("gpg -k").
+ * gpg: The option--show-session-key prints its output now before the
+   decryption of the bulk message starts.
+ * gpg: New %U expando for the photo viewer.
+ * gpgsm: Improved handling of re-issued CA certificates.
+ * scdaemon: Various fixes for pinpad equipped card readers.
+ * Minor bug fixes.
+- Packaging changes:
+  * add gpgtar utility
+  * update and use use source URL for tarball signing key
+  * removed gnupg-2.0.9-RSA_ES.patch, applied upstream
+  * updated for context changes:
+    gnupg-add_legacy_FIPS_mode_option.patch
+    gnupg-2.0.18-files-are-digests.patch
+    gnupg-dont-fail-with-seahorse-agent.patch
+
 -------------------------------------------------------------------
 Tue Apr 29 12:06:03 UTC 2014 - vcizek@suse.com
 

gpg2.spec

@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.0.22
+Version:        2.0.23
 Release:        0
 BuildRequires:  automake >= 1.10
 BuildRequires:  expect
@@ -55,9 +55,9 @@ License:        GPL-3.0+
 Group:          Productivity/Networking/Security
 Source:         ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2
 Source2:        ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig
+Source3:        https://www.gnupg.org/signature_key.html#/%{name}.keyring
 Patch1:         gnupg-2.0.18-tmpdir.diff
 Patch2:         gnupg-2.0.4-install_tools.diff
-Patch3:         gnupg-2.0.9-RSA_ES.patch
 Patch4:         gnupg-2.0.9-langinfo.patch
 Patch5:         gnupg-2.0.18-files-are-digests.patch
 Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
@@ -78,7 +78,6 @@ gpg-agent, and a keybox library.
 %setup  -q -n gnupg-%version
 %patch1 -p1
 %patch2
-%patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
@@ -108,6 +107,7 @@ export LDFLAGS=-pie
     --enable-ldap \
     --enable-gpgsm=yes \
     --enable-gpg \
+    --enable-gpgtar \
     --with-gnu-ld
 
 make %{?_smp_mflags}