Accepting request 597193 from Base:System

GnuPG 2.2.6

OBS-URL: https://build.opensuse.org/request/show/597193
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=126

gnupg-2.2.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57
-size 6584756

gnupg-2.2.6.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e64d8c5fa2d05938a5080cb784a98ac21be0812f2a26f844b18f0d6a0e711984
+size 6605028

gnupg-CVE-2018-9234.patch

@@ -1,23 +0,0 @@
-From: Karol Babioch <kbabioch@suse.de>
-Date: Thu Apr  5 10:32:21 CEST 2018
-Upstream: merged
-References: https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657
-References: https://dev.gnupg.org/T3844
-Subject: Fix for bnc#1088255 (CVE-2018-9234)
----
- g10/getkey.c |    2 ++
- 1 file changed, 2 insertions(+)
-
-Index: gnupg-2.2.5/g10/getkey.c
-===================================================================
---- gnupg-2.2.5.orig/g10/getkey.c
-+++ gnupg-2.2.5/g10/getkey.c
-@@ -1810,6 +1810,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_pu
-       ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
- 	: KEYDB_SEARCH_MODE_FPR20;
-       memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
-+      if (pk)
-+        ctx.req_usage = pk->req_usage;
-       rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
-       if (!rc && pk)
- 	pk_from_block (pk, kb, found_key);

gnupg-add_legacy_FIPS_mode_option.patch

@@ -3,11 +3,11 @@
  g10/gpg.c    |    9 +++++++++
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.1.22/doc/gpg.texi
+Index: gnupg-2.2.6/doc/gpg.texi
 ===================================================================
---- gnupg-2.1.22.orig/doc/gpg.texi
+--- gnupg-2.2.6.orig/doc/gpg.texi	2018-04-10 09:05:55.807324463 +0200
-+++ gnupg-2.1.22/doc/gpg.texi
++++ gnupg-2.2.6/doc/gpg.texi	2018-04-10 09:05:58.627349563 +0200
-@@ -2079,6 +2079,24 @@ implies, this option is for experts only
+@@ -2094,6 +2094,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,19 +32,19 @@ Index: gnupg-2.1.22/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.1.22/g10/gpg.c
+Index: gnupg-2.2.6/g10/gpg.c
 ===================================================================
---- gnupg-2.1.22.orig/g10/gpg.c
+--- gnupg-2.2.6.orig/g10/gpg.c	2018-04-10 09:05:55.807324463 +0200
-+++ gnupg-2.1.22/g10/gpg.c
++++ gnupg-2.2.6/g10/gpg.c	2018-04-10 09:06:21.583553887 +0200
-@@ -422,6 +422,7 @@ enum cmd_and_opt_values
+@@ -424,6 +424,7 @@ enum cmd_and_opt_values
-     oDisableSignerUID,
      oSender,
      oKeyOrigin,
+     oRequestOrigin,
 +    oSetLegacyFips,
  
      oNoop
    };
-@@ -867,6 +868,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -871,6 +872,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
    ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
    ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -52,7 +52,7 @@ Index: gnupg-2.1.22/g10/gpg.c
  
    ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
  
-@@ -3537,6 +3539,13 @@ main (int argc, char **argv)
+@@ -3565,6 +3567,13 @@ main (int argc, char **argv)
              opt.def_new_key_algo = pargs.r.ret_str;
              break;
  

gpg2.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Tue Apr 10 06:32:22 UTC 2018 - kbabioch@suse.com
+
+- GnuPG 2.2.6:
+  * gpg,gpgsm: New option --request-origin to pretend requests coming
+    from a browser or a remote site.
+  * gpg: Fix race condition on trustdb.gpg updates due to too early
+    released lock.
+  * gpg: Emit FAILURE status lines in almost all cases.
+  * gpg: Implement --dry-run for --passwd to make checking a key's
+    passphrase straightforward.
+  * gpg: Make sure to only accept a certification capable key for key
+    signatures.
+  * gpg: Better user interaction in --card-edit for the factory-reset
+    sub-command.
+  * gpg: Improve changing key attributes in --card-edit by adding an
+    explicit "key-attr" sub-command.
+  * gpg: Print the keygrips in the --card-status.
+  * scd: Support KDF DO setup.
+  * scd: Fix suspend/resume handling in the CCID driver.
+  * agent: Evict cached passphrases also via a timer.
+  * agent: Use separate passphrase caches depending on the request
+    origin.
+  * ssh: Support signature flags.
+  * dirmngr: Handle failures related to missing IPv6 support
+    gracefully.
+  * Allow the use of UNC directory names as homedir.  [#3818]
+- Dropped gnupg-CVE-2018-9234.patch since it is included upstream 
+
 -------------------------------------------------------------------
 Thu Apr  5 08:38:58 UTC 2018 - kbabioch@suse.com
 

gpg2.spec

@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.2.5
+Version:        2.2.6
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0+
@@ -34,7 +34,6 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
-Patch12:        gnupg-CVE-2018-9234.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.5.0
@@ -86,7 +85,6 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
-%patch12 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})