From 0b19f2992d6c02f9b849bf97a0646bc561ca1255409ad9ff146df78285e1c7d4 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Mon, 21 Jun 2021 14:51:47 +0000 Subject: [PATCH 1/3] Accepting request 899451 from home:pmonrealgonzalez:branches:Base:System - GnuPG 2.3.1: * The new configuration file common.conf is now used to enable the use of the key database daemon with "use-keyboxd". Using this option in gpg.conf and gpgsm.conf is supported for a transitional period. See doc/example/common.conf for more. * gpg: Force version 5 key creation for ed448 and cv448 algorithms. * gpg: By default do not use the self-sigs-only option when importing from an LDAP keyserver. * gpg: Lookup a missing public key of the active card via LDAP. * gpgsm: New command --show-certs. * scd: Fix CCID driver for SCM SPR332/SPR532. * scd: Further improvements for PKCS#15 cards. * New configure option --with-tss to allow the selection of the TSS library. - Rebase patches: * gnupg-add_legacy_FIPS_mode_option.patch * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-dont-fail-with-seahorse-agent.patch * gnupg-set_umask_before_open_outfile.patch - GnuPG 2.3.0: * A new experimental key database daemon is provided. To enable it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored in a SQLite database and make key lookup much faster. * New tool gpg-card as a flexible frontend for all types of supported smartcards. * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and gpg-connect-agent. * The gpg-wks-client tool is now installed under bin; a wrapper for its old location at libexec is also installed. OBS-URL: https://build.opensuse.org/request/show/899451 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=267 --- gnupg-2.2.27.tar.bz2 | 3 - gnupg-2.2.27.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.1.tar.bz2 | 3 + gnupg-2.3.1.tar.bz2.sig | Bin 0 -> 119 bytes gnupg-add_legacy_FIPS_mode_option.patch | 47 +++++------ ...viously-known-keys-even-without-UIDs.patch | 28 ++++--- gnupg-dont-fail-with-seahorse-agent.patch | 24 +++--- gnupg-set_umask_before_open_outfile.patch | 10 +-- gpg2.changes | 74 ++++++++++++++++++ gpg2.spec | 27 +++---- 10 files changed, 145 insertions(+), 71 deletions(-) delete mode 100644 gnupg-2.2.27.tar.bz2 delete mode 100644 gnupg-2.2.27.tar.bz2.sig create mode 100644 gnupg-2.3.1.tar.bz2 create mode 100644 gnupg-2.3.1.tar.bz2.sig diff --git a/gnupg-2.2.27.tar.bz2 b/gnupg-2.2.27.tar.bz2 deleted file mode 100644 index 451f1a3..0000000 --- a/gnupg-2.2.27.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:34e60009014ea16402069136e0a5f63d9b65f90096244975db5cea74b3d02399 -size 7191555 diff --git a/gnupg-2.2.27.tar.bz2.sig b/gnupg-2.2.27.tar.bz2.sig deleted file mode 100644 index 8c34ebea76e995867b091e6a73811b2cfe37533d722f040a9f260b56c71e5d5c..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0@qec2F>rATz(l;(F*0nE z=vnkWx8v}!PSK}3cQF1rEL<6& g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.2.19/g10/import.c +Index: gnupg-2.3.0/g10/import.c =================================================================== ---- gnupg-2.2.19.orig/g10/import.c -+++ gnupg-2.2.19/g10/import.c -@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.3.0.orig/g10/import.c ++++ gnupg-2.3.0/g10/import.c +@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,12 +29,12 @@ Index: gnupg-2.2.19/g10/import.c KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, +@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } - -- if (!uidnode ) +- if (!uidnode) - { - if (!silent) - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); @@ -44,16 +44,18 @@ Index: gnupg-2.2.19/g10/import.c if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, +@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, + xfree(user); } } - -- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) - { - if (!silent) - { -- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet ) +- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet) - log_info(_("this may be caused by a missing self-signature\n")); - } - stats->no_user_id++; @@ -66,7 +68,7 @@ Index: gnupg-2.2.19/g10/import.c /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, +@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -91,7 +93,7 @@ Index: gnupg-2.2.19/g10/import.c } /* The keyblock is valid and ready for real import. */ -@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, +@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/gnupg-dont-fail-with-seahorse-agent.patch b/gnupg-dont-fail-with-seahorse-agent.patch index 6302c8b..e4bbb06 100644 --- a/gnupg-dont-fail-with-seahorse-agent.patch +++ b/gnupg-dont-fail-with-seahorse-agent.patch @@ -2,16 +2,16 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.1.0/g10/passphrase.c +Index: gnupg-2.3.0/g10/passphrase.c =================================================================== ---- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 -+++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 -@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) - { - /* Don't print an error if an older agent is used. */ - if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) -- log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); -+ log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); - /* Default to 65536 which we used up to 2.0.13. */ - return 96; - } +--- gnupg-2.3.0.orig/g10/passphrase.c ++++ gnupg-2.3.0/g10/passphrase.c +@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac + } + else + { +- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); ++ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); + /* Due to limitations in the API of the upper layers they + consider an error as no passphrase entered. This works in + most cases but not during key creation where this should diff --git a/gnupg-set_umask_before_open_outfile.patch b/gnupg-set_umask_before_open_outfile.patch index 195e99c..7e78d69 100644 --- a/gnupg-set_umask_before_open_outfile.patch +++ b/gnupg-set_umask_before_open_outfile.patch @@ -1,7 +1,7 @@ -Index: gnupg-2.1.20/g10/plaintext.c +Index: gnupg-2.3.0/g10/plaintext.c =================================================================== ---- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200 -+++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200 +--- gnupg-2.3.0.orig/g10/plaintext.c ++++ gnupg-2.3.0/g10/plaintext.c @@ -24,6 +24,7 @@ #include #include @@ -39,5 +39,5 @@ Index: gnupg-2.1.20/g10/plaintext.c + } + umask(saved_umask); } - #else /* __riscos__ */ - /* If no output filename was given, i.e. we constructed it, convert + + leave: diff --git a/gpg2.changes b/gpg2.changes index 8cd6050..1a4ba01 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,77 @@ +------------------------------------------------------------------- +Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal + +- GnuPG 2.3.1: + * The new configuration file common.conf is now used to enable + the use of the key database daemon with "use-keyboxd". Using + this option in gpg.conf and gpgsm.conf is supported for a + transitional period. See doc/example/common.conf for more. + * gpg: Force version 5 key creation for ed448 and cv448 algorithms. + * gpg: By default do not use the self-sigs-only option when + importing from an LDAP keyserver. + * gpg: Lookup a missing public key of the active card via LDAP. + * gpgsm: New command --show-certs. + * scd: Fix CCID driver for SCM SPR332/SPR532. + * scd: Further improvements for PKCS#15 cards. + * New configure option --with-tss to allow the selection of the + TSS library. +- Rebase patches: + * gnupg-add_legacy_FIPS_mode_option.patch + * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + * gnupg-dont-fail-with-seahorse-agent.patch + * gnupg-set_umask_before_open_outfile.patch + +------------------------------------------------------------------- +Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger + +- GnuPG 2.3.0: + * A new experimental key database daemon is provided. To enable + it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored + in a SQLite database and make key lookup much faster. + * New tool gpg-card as a flexible frontend for all types of + supported smartcards. + * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and + gpg-connect-agent. + * The gpg-wks-client tool is now installed under bin; a wrapper for + its old location at libexec is also installed. + * tpm2d: New daemon to physically bind keys to the local machine. + * gpg: Switch to ed25519/cv25519 as default public key algorithms. + * gpg: Verification results now depend on the --sender option and + the signer's UID subpacket. + * gpg: Do not use any 64-bit block size cipher algorithm for + encryption. Use AES as last resort cipher preference instead of + 3DES. This can be reverted using --allow-old-cipher-algos. + * gpg: Support AEAD encryption mode using OCB or EAX. + * gpg: Support v5 keys and signatures. + * gpg: Support curve X448 (ed448, cv448). + * gpg: Allow use of group names in key listings. + * gpg: New option --full-timestrings to print date and time. + * gpg: New option --force-sign-key. + * gpg: New option --no-auto-trust-new-key. + * gpg: The legacy key discovery method PKA is no longer supported. + The command --print-pka-records and the PKA related import and + export options have been removed. + * gpg: Support export of Ed448 Secure Shell keys. + * gpgsm: Add basic ECC support. + * gpgsm: Support creation of EdDSA certificates. [#4888] + * agent: Allow the use of "Label:" in a key file to customize the + pinentry prompt. + * agent: Support ssh-agent extensions for environment variables. + With a patched version of OpenSSH this avoids the need for the + "updatestartuptty" kludge. + * scd: Improve support for multiple card readers and tokens. + * scd: Support PIV cards. + * scd: Support for Rohde&Schwarz Cybersecurity cards. + * scd: Support Telesec Signature Cards v2.0 + * scd: Support multiple application on certain smartcard. + * scd: New option --application-priority. + * scd: New option --pcsc-shared; see man page for important notes. + * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. + * The symcryptrun tool, a wrapper for the now obsolete external + Chiasmus tool, has been removed. + * Full Unicode support for the command line. +- dropped legacy commands: gpg-zip + ------------------------------------------------------------------- Wed Apr 7 20:56:23 UTC 2021 - Andreas Stieger diff --git a/gpg2.spec b/gpg2.spec index 53739ec..7c53cc1 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,14 +17,14 @@ Name: gpg2 -Version: 2.2.27 +Version: 2.3.1 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later Group: Productivity/Networking/Security URL: https://www.gnupg.org -Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 -Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig +Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 +Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring Source4: scdaemon.udev @@ -41,10 +41,12 @@ Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.pa Patch1124847: gnupg-gpg-agent-ulimit.patch BuildRequires: expect BuildRequires: fdupes +BuildRequires: ibmswtpm2 +BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.8.0 -BuildRequires: libgpg-error-devel >= 1.27 -BuildRequires: libksba-devel >= 1.3.5 +BuildRequires: libgcrypt-devel >= 1.9.1 +BuildRequires: libgpg-error-devel >= 1.41 +BuildRequires: libksba-devel >= 1.3.4 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -53,12 +55,12 @@ BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) -BuildRequires: pkgconfig(sqlite3) >= 3.7 +BuildRequires: pkgconfig(sqlite3) >= 3.27 BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 -Requires: libgcrypt20 >= 1.8.0 -Requires: libksba >= 1.3.5 +Requires: libgcrypt20 >= 1.9.1 +Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} Provides: gnupg = %{version} @@ -112,7 +114,6 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-scdaemon-pgm=%{_bindir}/scdaemon \ --enable-ldap \ --enable-gpgsm=yes \ - --enable-gpg \ --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ @@ -120,8 +121,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ - --enable-gpg-is-gpg2 \ - --enable-Werror + --enable-gpg-is-gpg2 %make_build @@ -145,9 +145,6 @@ mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules -# install legacy tools -install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} -# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir} %find_lang gnupg2 %fdupes -s %{buildroot} From 929791d8d35f3447739b9735f08c3b43dda37e7833eeff7a59530746c8b5c27c Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 27 Aug 2021 11:48:41 +0000 Subject: [PATCH 2/3] Accepting request 914200 from home:pmonrealgonzalez:branches:Base:System - GnuPG 2.3.2: * gpg: Allow fingerprint based lookup with --locate-external-key. * gpg: Allow decryption w/o public key but with correct card inserted. * gpg: Auto import keys specified with --trusted-keys. * gpg: Do not use import-clean for LDAP keyserver imports. * gpg: Fix mailbox based search via AKL keyserver method. * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. * gpg: Use a more descriptive prompt for symmetric decryption. * gpg: Improve speed of secret key listing. * gpg: Support keygrip search with traditional keyring. * gpg: Let --fetch-key return an exit code on failure. * gpg: Emit the NO_SECKEY status again for decryption. * gpgsm: Support decryption of password based encryption (pwri). * gpgsm: Support AES-GCM decryption. * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. * gpgsm: Fix finding of issuer in use-keyboxd mode. * gpgsm: New option --ldapserver as an alias for --keyserver. * agent: Use SHA-256 for SSH fingerprint by default. * agent: Fix calling handle_pincache_put. * agent: Fix importing protected secret key. * agent: Fix a regression in agent_get_shadow_info_type. * agent: Add translatable text for Caps Lock hint. * agent: New option --pinentry-formatted-passphrase. * agent: Add checkpin inquiry for pinentry. * agent: New option --check-sym-passphrase-pattern. * agent: Use the sysconfdir for a pattern file. * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. * dirmngr: LDAP search by a mailbox now ignores revoked keys. * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. * dirmngr: Allow for non-URL specified ldap keyservers. OBS-URL: https://build.opensuse.org/request/show/914200 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=268 --- gnupg-2.3.1.tar.bz2 | 3 --- gnupg-2.3.1.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.2.tar.bz2 | 3 +++ gnupg-2.3.2.tar.bz2.sig | Bin 0 -> 119 bytes gpg2.changes | 57 ++++++++++++++++++++++++++++++++++++++++ gpg2.spec | 39 +++++++++++---------------- 6 files changed, 76 insertions(+), 26 deletions(-) delete mode 100644 gnupg-2.3.1.tar.bz2 delete mode 100644 gnupg-2.3.1.tar.bz2.sig create mode 100644 gnupg-2.3.2.tar.bz2 create mode 100644 gnupg-2.3.2.tar.bz2.sig diff --git a/gnupg-2.3.1.tar.bz2 b/gnupg-2.3.1.tar.bz2 deleted file mode 100644 index 7719901..0000000 --- a/gnupg-2.3.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c498db346a9b9a4b399e514c8f56dfc0a888ce8f327f10376ff984452cd154ec -size 7570431 diff --git a/gnupg-2.3.1.tar.bz2.sig b/gnupg-2.3.1.tar.bz2.sig deleted file mode 100644 index f03209c3aa23cab4d5714f59e5873cf467bbc1b7273c1cda8f5db4a96c117701..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv033b~ZGjMSVz(iyt8U7c{ zSw8XUEB*W1Rl2x8xIS}vSLZb)?NYiD!;xU=jNYvW7#U7&X}bM&&3iYgIdLnP-hK#N VeL;Qup&2QEf1F754(oPj0|1dhGu;3H diff --git a/gnupg-2.3.2.tar.bz2 b/gnupg-2.3.2.tar.bz2 new file mode 100644 index 0000000..f73b40c --- /dev/null +++ b/gnupg-2.3.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e1d953e0e296072fca284215103ef168885eaac596c4660c5039a36a83e3041b +size 7589445 diff --git a/gnupg-2.3.2.tar.bz2.sig b/gnupg-2.3.2.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..b4aa29923f89d3f8a2a443b0412a2d880311d465664010ee838b26b8a7a3158f GIT binary patch literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0iK<#<3|yQ7Fp-dtj0{WH z9-UeDXm6RydB>fOx66dC{@h*Sq5Sjwat6iT*}dmV7#Z&R+p{I;{`+#xy + +- GnuPG 2.3.2: + * gpg: Allow fingerprint based lookup with --locate-external-key. + * gpg: Allow decryption w/o public key but with correct card inserted. + * gpg: Auto import keys specified with --trusted-keys. + * gpg: Do not use import-clean for LDAP keyserver imports. + * gpg: Fix mailbox based search via AKL keyserver method. + * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. + * gpg: Use a more descriptive prompt for symmetric decryption. + * gpg: Improve speed of secret key listing. + * gpg: Support keygrip search with traditional keyring. + * gpg: Let --fetch-key return an exit code on failure. + * gpg: Emit the NO_SECKEY status again for decryption. + * gpgsm: Support decryption of password based encryption (pwri). + * gpgsm: Support AES-GCM decryption. + * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. + * gpgsm: Fix finding of issuer in use-keyboxd mode. + * gpgsm: New option --ldapserver as an alias for --keyserver. + * agent: Use SHA-256 for SSH fingerprint by default. + * agent: Fix calling handle_pincache_put. + * agent: Fix importing protected secret key. + * agent: Fix a regression in agent_get_shadow_info_type. + * agent: Add translatable text for Caps Lock hint. + * agent: New option --pinentry-formatted-passphrase. + * agent: Add checkpin inquiry for pinentry. + * agent: New option --check-sym-passphrase-pattern. + * agent: Use the sysconfdir for a pattern file. + * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. + * dirmngr: LDAP search by a mailbox now ignores revoked keys. + * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. + * dirmngr: Allow for non-URL specified ldap keyservers. + * dirmngr: New option --ldapserver. + * dirmngr: Fix regression in KS_GET for mail address pattern. + * card: New option --shadow for the list command. + * tests: Make sure the built keyboxd is used. + * scd: Fix computing shared secrets for 512 bit curves. + * scd: Fix unblock PIN by a Reset Code with KDF. + * scd: Fix PC/SC removed card problem. + * scd: Recover the partial match for PORTSTR for PC/SC. + * scd: Make sure to release the PC/SC context. + * scd: Fix zero-byte handling in ECC. + * scd: Fix serial number detection for Yubikey 5. + * scd: Add basic support for AET JCOP cards. + * scd: Detect external interference when --pcsc-shared is in use. + * scd: Fix access to the list of cards. + * gpgconf: Do not list a disabled tpm2d. + * gpgconf: Make runtime changes with different homedir work. + * keyboxd: Fix searching for exact mail adddress. + * keyboxd: Fix searching with multiple patterns. + * tools: Extend gpg-check-pattern. + * wkd: Fix client issue with leading or trailing spaces in user-ids. + * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. + * Change the default keyserver to keyserver.ubuntu.com. This is a + temporary change due to the shutdown of the SKS keyserver pools. + ------------------------------------------------------------------- Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal diff --git a/gpg2.spec b/gpg2.spec index 7c53cc1..229c933 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.1 +Version: 2.3.2 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -29,16 +29,16 @@ Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes -Patch4: gnupg-2.0.9-langinfo.patch -Patch6: gnupg-dont-fail-with-seahorse-agent.patch -Patch8: gnupg-set_umask_before_open_outfile.patch -Patch9: gnupg-detect_FIPS_mode.patch -Patch11: gnupg-add_legacy_FIPS_mode_option.patch -Patch12: gnupg-2.2.16-secmem.patch -Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch -Patch14: gnupg-add-test-cases-for-import-without-uid.patch -Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch -Patch1124847: gnupg-gpg-agent-ulimit.patch +Patch1: gnupg-gpg-agent-ulimit.patch +Patch2: gnupg-2.0.9-langinfo.patch +Patch3: gnupg-dont-fail-with-seahorse-agent.patch +Patch4: gnupg-set_umask_before_open_outfile.patch +Patch5: gnupg-detect_FIPS_mode.patch +Patch6: gnupg-add_legacy_FIPS_mode_option.patch +Patch7: gnupg-2.2.16-secmem.patch +Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch +Patch9: gnupg-add-test-cases-for-import-without-uid.patch +Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: ibmswtpm2 @@ -90,18 +90,11 @@ gpgsm, or via the gpg-connect-agent tool. %lang_package %prep -%setup -q -n gnupg-%{version} -%patch1124847 -p1 -%patch4 -p1 -%patch6 -p1 -%patch8 -p1 -%patch9 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) +%autosetup -p1 -n gnupg-%{version} + +# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch +# to not have man pages and info files have the build date (boo#1047218) +touch -d 2018-05-04 doc/gpg.texi %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) From 92a47f5ddd45f0e2718b6abbdd665689a8abc22e1cf3c88832c3867a3e5284ff Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 15 Oct 2021 12:24:25 +0000 Subject: [PATCH 3/3] Accepting request 924947 from home:AndreasStieger:branches:Base:System GnuPG 2.3.3 OBS-URL: https://build.opensuse.org/request/show/924947 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=269 --- gnupg-2.3.2.tar.bz2 | 3 --- gnupg-2.3.2.tar.bz2.sig | Bin 119 -> 0 bytes gnupg-2.3.3.tar.bz2 | 3 +++ gnupg-2.3.3.tar.bz2.sig | Bin 0 -> 119 bytes gpg2.changes | 17 +++++++++++++++++ gpg2.spec | 2 +- 6 files changed, 21 insertions(+), 4 deletions(-) delete mode 100644 gnupg-2.3.2.tar.bz2 delete mode 100644 gnupg-2.3.2.tar.bz2.sig create mode 100644 gnupg-2.3.3.tar.bz2 create mode 100644 gnupg-2.3.3.tar.bz2.sig diff --git a/gnupg-2.3.2.tar.bz2 b/gnupg-2.3.2.tar.bz2 deleted file mode 100644 index f73b40c..0000000 --- a/gnupg-2.3.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e1d953e0e296072fca284215103ef168885eaac596c4660c5039a36a83e3041b -size 7589445 diff --git a/gnupg-2.3.2.tar.bz2.sig b/gnupg-2.3.2.tar.bz2.sig deleted file mode 100644 index b4aa29923f89d3f8a2a443b0412a2d880311d465664010ee838b26b8a7a3158f..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0iK<#<3|yQ7Fp-dtj0{WH z9-UeDXm6RydB>fOx66dC{@h*Sq5Sjwat6iT*}dmV7#Z&R+p{I;{`+#xypD=e5F=yWcLaQ9iVi3jjV}GGG7z literal 0 HcmV?d00001 diff --git a/gpg2.changes b/gpg2.changes index b0f7561..345edea 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger + +- GnuPG 2.3.3: + * agent: Fix segv in GET_PASSPHRASE (regression) + * dirmngr: Fix Let's Encrypt certificate chain validation + * gpg: Change default and maximum AEAD chunk size to 4 MiB + * gpg: Print a warning when importing a bad cv25519 secret key + * gpg: Fix --list-packets for undecryptable AEAD packets + * gpg: Verify backsigs for v5 keys correctly + * keyboxd: Fix checksum computation for no UBID entry on disk + * keyboxd: Fix "invalid object" error with cv448 keys + * dirmngr: New option --ignore-cert + * agent: Fix calibrate_get_time use of clock_gettime + * Support a gpgconf.ctl file under Unix and use this for the + regression tests + ------------------------------------------------------------------- Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal diff --git a/gpg2.spec b/gpg2.spec index 229c933..f676530 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.3.2 +Version: 2.3.3 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later