pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 420625 from security:privacy

Browse Source 
GnuPG 2.1.15

OBS-URL: https://build.opensuse.org/request/show/420625
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=145
This commit is contained in:
P. Janouch 2016-08-22 09:24:09 +00:00 committed by Git OBS Bridge
parent 5b257985f5
commit c121f5f68c
10 changed files with 143 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch Normal file
View File

@ -0,0 +1,28 @@
From ae52c486ef5e71445aa0adfdac30124abff7da46 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <astieger@suse.com>
Date: Fri, 19 Aug 2016 23:09:13 +0200
Subject: [PATCH] common: Follow-up to 14479e2, fix void return in non-void
function
* simple-pwquery.c (agent_open): return -1 in errout label as documented.
Signed-off-by: Andreas Stieger <astieger@suse.com>
---
common/simple-pwquery.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index 240451b..0c3233b 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -285,6 +285,7 @@ agent_open (assuan_context_t *ctx)
errout:
assuan_release (*ctx);
*ctx = NULL;
+ return -1;
}
--
2.6.6

46
gnupg-2.0.18-files-are-digests.patch
View File

@ -4,11 +4,11 @@
g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
3 files changed, 67 insertions(+), 6 deletions(-)
Index: gnupg-2.1.13/g10/gpg.c
Index: gnupg-2.1.15/g10/gpg.c
===================================================================
--- gnupg-2.1.13.orig/g10/gpg.c
+++ gnupg-2.1.13/g10/gpg.c
@@ -358,6 +358,7 @@ enum cmd_and_opt_values
--- gnupg-2.1.15.orig/g10/gpg.c
+++ gnupg-2.1.15/g10/gpg.c
@@ -368,6 +368,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
@ -16,7 +16,7 @@ Index: gnupg-2.1.13/g10/gpg.c
oXauthority,
oGroup,
oUnGroup,
@@ -770,6 +771,7 @@ static ARGPARSE_OPTS opts[] = {
@@ -791,6 +792,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@ -24,15 +24,15 @@ Index: gnupg-2.1.13/g10/gpg.c
/* Aliases. I constantly mistype these, and assume other people do
as well. */
@@ -2247,6 +2249,7 @@ main (int argc, char **argv)
@@ -2239,6 +2241,7 @@ main (int argc, char **argv)
opt.def_cert_expire = "0";
gnupg_set_homedir (NULL);
opt.passphrase_repeat = 1;
+ opt.files_are_digests=0;
opt.emit_version = 1; /* Limit to the major number. */
opt.emit_version = 0;
opt.weak_digests = NULL;
additional_weak_digest("MD5");
@@ -2797,6 +2800,7 @@ main (int argc, char **argv)
@@ -2807,6 +2810,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@ -40,11 +40,11 @@ Index: gnupg-2.1.13/g10/gpg.c
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
Index: gnupg-2.1.13/g10/options.h
Index: gnupg-2.1.15/g10/options.h
===================================================================
--- gnupg-2.1.13.orig/g10/options.h
+++ gnupg-2.1.13/g10/options.h
@@ -206,6 +206,7 @@ struct
--- gnupg-2.1.15.orig/g10/options.h
+++ gnupg-2.1.15/g10/options.h
@@ -212,6 +212,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@ -52,10 +52,10 @@ Index: gnupg-2.1.13/g10/options.h
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
Index: gnupg-2.1.13/g10/sign.c
Index: gnupg-2.1.15/g10/sign.c
===================================================================
--- gnupg-2.1.13.orig/g10/sign.c
+++ gnupg-2.1.13/g10/sign.c
--- gnupg-2.1.15.orig/g10/sign.c
+++ gnupg-2.1.15/g10/sign.c
@@ -42,6 +42,8 @@
#include "call-agent.h"
#include "mbox-util.h"
@ -65,7 +65,7 @@ Index: gnupg-2.1.13/g10/sign.c
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
#else
@@ -694,8 +696,12 @@ write_signature_packets (SK_LIST sk_list
@@ -711,8 +713,12 @@ write_signature_packets (SK_LIST sk_list
mk_notation_policy_etc (sig, NULL, pk);
}
@ -78,7 +78,7 @@ Index: gnupg-2.1.13/g10/sign.c
rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md);
@@ -753,6 +759,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -770,6 +776,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
@ -87,7 +87,7 @@ Index: gnupg-2.1.13/g10/sign.c
pfx = new_progress_context ();
afx = new_armor_context ();
@@ -769,7 +777,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -786,7 +794,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
@ -105,7 +105,7 @@ Index: gnupg-2.1.13/g10/sign.c
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
@@ -790,7 +807,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -807,7 +824,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
/* prepare iobufs */
@ -114,7 +114,7 @@ Index: gnupg-2.1.13/g10/sign.c
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
@@ -928,7 +945,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -945,7 +962,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@ -123,7 +123,7 @@ Index: gnupg-2.1.13/g10/sign.c
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag)
@@ -983,6 +1000,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1000,6 +1017,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
@ -132,7 +132,7 @@ Index: gnupg-2.1.13/g10/sign.c
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
@@ -1023,6 +1042,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1040,6 +1059,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
log_printf ("\n");
}
@ -178,7 +178,7 @@ Index: gnupg-2.1.13/g10/sign.c
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
@@ -1040,8 +1098,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
@@ -1058,8 +1116,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,

3
gnupg-2.1.13.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4f9d83a6221daa60130fa79f0b1d37d6c20fffdd0320b640c7a597c5b6219675
size 5545361

BIN
gnupg-2.1.13.tar.bz2.sig
View File

Binary file not shown.

3
gnupg-2.1.15.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd
size 5723689

BIN
gnupg-2.1.15.tar.bz2.sig Normal file
View File

Binary file not shown.

22
gnupg-add_legacy_FIPS_mode_option.patch
View File

@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
Index: gnupg-2.1.13/doc/gpg.texi
Index: gnupg-2.1.15/doc/gpg.texi
===================================================================
--- gnupg-2.1.13.orig/doc/gpg.texi
+++ gnupg-2.1.13/doc/gpg.texi
@@ -1996,6 +1996,24 @@ implies, this option is for experts only
--- gnupg-2.1.15.orig/doc/gpg.texi
+++ gnupg-2.1.15/doc/gpg.texi
@@ -1992,6 +1992,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
@ -32,19 +32,19 @@ Index: gnupg-2.1.13/doc/gpg.texi
@end table
Index: gnupg-2.1.13/g10/gpg.c
Index: gnupg-2.1.15/g10/gpg.c
===================================================================
--- gnupg-2.1.13.orig/g10/gpg.c
+++ gnupg-2.1.13/g10/gpg.c
@@ -398,6 +398,7 @@ enum cmd_and_opt_values
oUnwrap,
--- gnupg-2.1.15.orig/g10/gpg.c
+++ gnupg-2.1.15/g10/gpg.c
@@ -409,6 +409,7 @@ enum cmd_and_opt_values
oOnlySignTextIDs,
oDisableSignerUID,
oSender,
+ oSetLegacyFips,
oNoop
};
@@ -809,6 +810,7 @@ static ARGPARSE_OPTS opts[] = {
@@ -830,6 +831,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@ -52,7 +52,7 @@ Index: gnupg-2.1.13/g10/gpg.c
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
@@ -3330,6 +3332,13 @@ main (int argc, char **argv)
@@ -3373,6 +3375,13 @@ main (int argc, char **argv)
case oNoAutostart: opt.autostart = 0; break;

129
gnupg-make_--try-all-secrets_work.patch
View File

@ -1,129 +0,0 @@
From 82b90eee100cf1c9680517059b2d35e295dd992a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 18 Aug 2015 16:57:44 +0900
Subject: [PATCH] gpg: Make --try-all-secrets work for hidden recipients
Upstream: committed
* g10/getkey.c (enum_secret_keys): Really enumerate all secret
keys if --try-all-secrets is specified.
--
GnuPG-bug-id: 1985
Signed-off-by: Daiki Ueno <ueno@gnu.org>
- Add new arg CTRL to getkey_byname call.
Signed-off-by: Werner Koch <wk@gnupg.org>
---
g10/getkey.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 50 insertions(+), 10 deletions(-)
On openSUSE, this fixes the unit tests of the duplicity package.
diff --git a/g10/getkey.c b/g10/getkey.c
index 90fd175..3fe8274 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3555,6 +3555,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
{
gpg_error_t err = 0;
const char *name;
+ kbnode_t keyblock;
struct
{
int eof;
@@ -3562,6 +3563,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
strlist_t sl;
kbnode_t keyblock;
kbnode_t node;
+ getkey_ctx_t ctx;
} *c = *context;
if (!c)
@@ -3577,6 +3579,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
{
/* Free the context. */
release_kbnode (c->keyblock);
+ getkey_end (c->ctx);
xfree (c);
*context = NULL;
return 0;
@@ -3594,6 +3597,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
do
{
name = NULL;
+ keyblock = NULL;
switch (c->state)
{
case 0: /* First try to use the --default-key. */
@@ -3616,24 +3620,60 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
c->state++;
break;
+ case 3: /* Init search context to try all keys. */
+ if (opt.try_all_secrets)
+ {
+ err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock);
+ if (err)
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ getkey_end (c->ctx);
+ c->ctx = NULL;
+ }
+ }
+ c->state++;
+ break;
+
+ case 4: /* Get next item from the context. */
+ if (c->ctx)
+ {
+ err = getkey_next (c->ctx, NULL, &keyblock);
+ if (err)
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ getkey_end (c->ctx);
+ c->ctx = NULL;
+ }
+ }
+ else
+ c->state++;
+ break;
+
default: /* No more names to check - stop. */
c->eof = 1;
return gpg_error (GPG_ERR_EOF);
}
}
- while (!name || !*name);
+ while ((!name || !*name) && !keyblock);
- err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
- if (err)
+ if (keyblock)
+ c->node = c->keyblock = keyblock;
+ else
{
- /* getkey_byname might return a keyblock even in the
- error case - I have not checked. Thus better release
- it. */
- release_kbnode (c->keyblock);
- c->keyblock = NULL;
+ err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
+ if (err)
+ {
+ /* getkey_byname might return a keyblock even in the
+ error case - I have not checked. Thus better release
+ it. */
+ release_kbnode (c->keyblock);
+ c->keyblock = NULL;
+ }
+ else
+ c->node = c->keyblock;
}
- else
- c->node = c->keyblock;
}
/* Get the next key from the current keyblock. */

71
gpg2.changes
View File

@ -1,3 +1,74 @@
-------------------------------------------------------------------
Fri Aug 19 21:22:22 UTC 2016 - astieger@suse.com
- GnuPG 2.1.15:
* gpg: Remove the --tofu-db-format option and support for the
split TOFU database.
* gpg: Add option --sender to prepare for coming features.
* gpg: Add option --input-size-hint to help progress indicators.
* gpg: Extend the PROGRESS status line with the counted unit.
* gpg: Avoid publishing the GnuPG version by default with --armor.
* gpg: Properly ignore legacy keys in the keyring cache.
* gpg: Always print fingerprint records in --with-colons mode.
* gpg: Make sure that keygrips are printed for each subkey in
--with-colons mode.
* gpg: New import filter "drop-sig".
* gpgsm: Fix a bug in the machine-readable key listing.
* gpg,gpgsm: Block signals during keyring updates to limits the
effects of a Ctrl-C at the wrong time.
* g13: Add command --umount and other fixes for dm-crypt.
* agent: Fix regression in SIGTERM handling.
* agent: Cleanup of the ssh-agent code.
* agent: Allow import of overly long keys.
* scd: Fix problems with card removal.
* dirmngr: Remove all code for running as a system service.
* tools: Make gpg-wks-client conforming to the specs.
* tests: Improve the output of the new regression test tool.
* tests: Distribute the standalone test runner.
* tests: Run each test in a clean environment.
* Spelling and grammar fixes.
- fix build error, adding
0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
-------------------------------------------------------------------
Sun Aug 14 14:12:40 UTC 2016 - astieger@suse.com
- GnuPG 2.1.14:
* gpg: Removed options --print-dane-records and --print-pka-records.
The new export options "export-pka" and "export-dane" can instead
be used with the export command.
* gpg: New options --import-filter and --export-filter.
* gpg: New import options "import-show" and "import-export".
* gpg: New option --no-keyring.
* gpg: New command --quick-revuid.
* gpg: New options -f/--recipient-file and -F/--hidden-recipient-file
to directly specify encryption keys.
* gpg: New option --mimemode to indicate that the content is a MIME
part. Does only enable --textmode right now.
* gpg: New option --rfc4880bis to allow experiments with proposed
changes to the current OpenPGP specs.
* gpg: Fix regression in the "fetch" sub-command of --card-edit.
* gpg: Fix regression since 2.1 in option --try-all-secrets.
* gpgv: Change default options for extra security.
* gpgsm: No more root certificates are installed by default.
* agent: "updatestartuptty" does now affect more environment
variables.
* scd: The option --homedir does now work with scdaemon.
* scd: Support some more GEMPlus card readers.
* gpgtar: Fix handling of '-' as file name.
* gpgtar: New commands --create and --extract.
* gpgconf: Tweak for --list-dirs to better support shell scripts.
* tools: Add programs gpg-wks-client and gpg-wks-server to implement
a Web Key Service. The configure option --enable-wks-tools is
required to build them; they should be considered Beta software.
* tests: Complete rework of the openpgp part of the test suite. The
test scripts have been changed from Bourne shell scripts to Scheme
programs. A customized scheme interpreter (gpgscm) is included.
This change was triggered by the need to run the test suite on
non-Unix platforms.
* The rendering of the man pages has been improved.
- drop upstream gnupg-make_--try-all-secrets_work.patch
-------------------------------------------------------------------
Thu Aug 4 12:17:14 UTC 2016 - tchvatal@suse.com

14
gpg2.spec
View File

@ -17,7 +17,7 @@
Name: gpg2
Version: 2.1.13
Version: 2.1.15
Release: 0
Summary: GnuPG 2
License: GPL-3.0+
@ -34,18 +34,18 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch
Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch12: gnupg-make_--try-all-secrets_work.patch
Patch12: 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: libadns-devel
BuildRequires: libassuan-devel >= 2.4.1
BuildRequires: libassuan-devel >= 2.4.3
# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG
# raising gcrypt requirement from 1.4.0
BuildRequires: libgcrypt-devel >= 1.6.1
BuildRequires: libgpg-error-devel >= 1.21
BuildRequires: libksba-devel >= 1.2.0
BuildRequires: libgcrypt-devel >= 1.7.0
BuildRequires: libgpg-error-devel >= 1.24
BuildRequires: libksba-devel >= 1.3.4
BuildRequires: makeinfo
BuildRequires: npth-devel >= 0.91
BuildRequires: npth-devel >= 1.2
BuildRequires: openldap2-devel
BuildRequires: pkg-config
BuildRequires: readline-devel