diff --git a/gnupg-2.2.5.tar.bz2 b/gnupg-2.2.5.tar.bz2 deleted file mode 100644 index ccb4d41..0000000 --- a/gnupg-2.2.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57 -size 6584756 diff --git a/gnupg-2.2.5.tar.bz2.sig b/gnupg-2.2.5.tar.bz2.sig deleted file mode 100644 index 9c1f226..0000000 Binary files a/gnupg-2.2.5.tar.bz2.sig and /dev/null differ diff --git a/gnupg-2.2.6.tar.bz2 b/gnupg-2.2.6.tar.bz2 new file mode 100644 index 0000000..4f13a70 --- /dev/null +++ b/gnupg-2.2.6.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e64d8c5fa2d05938a5080cb784a98ac21be0812f2a26f844b18f0d6a0e711984 +size 6605028 diff --git a/gnupg-2.2.6.tar.bz2.sig b/gnupg-2.2.6.tar.bz2.sig new file mode 100644 index 0000000..acda3da Binary files /dev/null and b/gnupg-2.2.6.tar.bz2.sig differ diff --git a/gnupg-CVE-2018-9234.patch b/gnupg-CVE-2018-9234.patch deleted file mode 100644 index c3a550f..0000000 --- a/gnupg-CVE-2018-9234.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Karol Babioch -Date: Thu Apr 5 10:32:21 CEST 2018 -Upstream: merged -References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657 -References: https://dev.gnupg.org/T3844 -Subject: Fix for bnc#1088255 (CVE-2018-9234) ---- - g10/getkey.c | 2 ++ - 1 file changed, 2 insertions(+) - -Index: gnupg-2.2.5/g10/getkey.c -=================================================================== ---- gnupg-2.2.5.orig/g10/getkey.c -+++ gnupg-2.2.5/g10/getkey.c -@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu - ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 - : KEYDB_SEARCH_MODE_FPR20; - memcpy (ctx.items[0].u.fpr, fprint, fprint_len); -+ if (pk) -+ ctx.req_usage = pk->req_usage; - rc = lookup (ctrl, &ctx, 0, &kb, &found_key); - if (!rc && pk) - pk_from_block (pk, kb, found_key); diff --git a/gnupg-add_legacy_FIPS_mode_option.patch b/gnupg-add_legacy_FIPS_mode_option.patch index 01607e7..56d9841 100644 --- a/gnupg-add_legacy_FIPS_mode_option.patch +++ b/gnupg-add_legacy_FIPS_mode_option.patch @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.1.22/doc/gpg.texi +Index: gnupg-2.2.6/doc/gpg.texi =================================================================== ---- gnupg-2.1.22.orig/doc/gpg.texi -+++ gnupg-2.1.22/doc/gpg.texi -@@ -2079,6 +2079,24 @@ implies, this option is for experts only +--- gnupg-2.2.6.orig/doc/gpg.texi 2018-04-10 09:05:55.807324463 +0200 ++++ gnupg-2.2.6/doc/gpg.texi 2018-04-10 09:05:58.627349563 +0200 +@@ -2094,6 +2094,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,19 +32,19 @@ Index: gnupg-2.1.22/doc/gpg.texi @end table -Index: gnupg-2.1.22/g10/gpg.c +Index: gnupg-2.2.6/g10/gpg.c =================================================================== ---- gnupg-2.1.22.orig/g10/gpg.c -+++ gnupg-2.1.22/g10/gpg.c -@@ -422,6 +422,7 @@ enum cmd_and_opt_values - oDisableSignerUID, +--- gnupg-2.2.6.orig/g10/gpg.c 2018-04-10 09:05:55.807324463 +0200 ++++ gnupg-2.2.6/g10/gpg.c 2018-04-10 09:06:21.583553887 +0200 +@@ -424,6 +424,7 @@ enum cmd_and_opt_values oSender, oKeyOrigin, + oRequestOrigin, + oSetLegacyFips, oNoop }; -@@ -867,6 +868,7 @@ static ARGPARSE_OPTS opts[] = { +@@ -871,6 +872,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), @@ -52,7 +52,7 @@ Index: gnupg-2.1.22/g10/gpg.c ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), -@@ -3537,6 +3539,13 @@ main (int argc, char **argv) +@@ -3565,6 +3567,13 @@ main (int argc, char **argv) opt.def_new_key_algo = pargs.r.ret_str; break; diff --git a/gpg2.changes b/gpg2.changes index e9a66c3..52aaa26 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Tue Apr 10 06:32:22 UTC 2018 - kbabioch@suse.com + +- GnuPG 2.2.6: + * gpg,gpgsm: New option --request-origin to pretend requests coming + from a browser or a remote site. + * gpg: Fix race condition on trustdb.gpg updates due to too early + released lock. + * gpg: Emit FAILURE status lines in almost all cases. + * gpg: Implement --dry-run for --passwd to make checking a key's + passphrase straightforward. + * gpg: Make sure to only accept a certification capable key for key + signatures. + * gpg: Better user interaction in --card-edit for the factory-reset + sub-command. + * gpg: Improve changing key attributes in --card-edit by adding an + explicit "key-attr" sub-command. + * gpg: Print the keygrips in the --card-status. + * scd: Support KDF DO setup. + * scd: Fix suspend/resume handling in the CCID driver. + * agent: Evict cached passphrases also via a timer. + * agent: Use separate passphrase caches depending on the request + origin. + * ssh: Support signature flags. + * dirmngr: Handle failures related to missing IPv6 support + gracefully. + * Allow the use of UNC directory names as homedir. [#3818] +- Dropped gnupg-CVE-2018-9234.patch since it is included upstream + ------------------------------------------------------------------- Thu Apr 5 08:38:58 UTC 2018 - kbabioch@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2a62784..68043ee 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.2.5 +Version: 2.2.6 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0+ @@ -34,7 +34,6 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-CVE-2018-9234.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libassuan-devel >= 2.5.0 @@ -86,7 +85,6 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 -%patch12 -p1 %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})