From dcafaab052cb7efe6943ed4b94812d618e0c16ddb78397e91110f930f535f519 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fvogt+factory@suse.de>
Date: Sun, 31 Jul 2022 21:00:18 +0000
Subject: [PATCH] Accepting request 989805 from Base:System

GnuPG 2.3.7 CVE-2022-34903 boo#1201225 (forwarded request 988764 from AndreasStieger)

OBS-URL: https://build.opensuse.org/request/show/989805
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=161
---
 gnupg-2.3.6.tar.bz2     |   3 ---
 gnupg-2.3.6.tar.bz2.sig | Bin 119 -> 0 bytes
 gnupg-2.3.7.tar.bz2     |   3 +++
 gnupg-2.3.7.tar.bz2.sig | Bin 0 -> 119 bytes
 gpg2.changes            |  14 ++++++++++++++
 gpg2.spec               |   2 +-
 6 files changed, 18 insertions(+), 4 deletions(-)
 delete mode 100644 gnupg-2.3.6.tar.bz2
 delete mode 100644 gnupg-2.3.6.tar.bz2.sig
 create mode 100644 gnupg-2.3.7.tar.bz2
 create mode 100644 gnupg-2.3.7.tar.bz2.sig

diff --git a/gnupg-2.3.6.tar.bz2 b/gnupg-2.3.6.tar.bz2
deleted file mode 100644
index 85d4e03..0000000
--- a/gnupg-2.3.6.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:21f7fe2fc5c2f214184ab050977ec7a8e304e58bfae2ab098fec69f8fabda9c1
-size 7604761
diff --git a/gnupg-2.3.6.tar.bz2.sig b/gnupg-2.3.6.tar.bz2.sig
deleted file mode 100644
index 3614025a4838df557d61505d3465588751365b1845106eb5a332b2d897c2295a..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 119
zcmeAuWnmEGV2~A4WXWBXm$E!p!y#PSlPRcU`VKV*t6Qv0Nong97`QkEU?R)cG5mL$
zcf(0%(%cr_6Lu`VJ7dE>>|5$K@2Y+%D`SB9BlYiB8UANVOg5KXrnz^8r+KgA$9IqA
UWzIJ9s3oSnSaHtXP~Dyl0Lum~`v3p{

diff --git a/gnupg-2.3.7.tar.bz2 b/gnupg-2.3.7.tar.bz2
new file mode 100644
index 0000000..f5ee5ef
--- /dev/null
+++ b/gnupg-2.3.7.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669
+size 7599853
diff --git a/gnupg-2.3.7.tar.bz2.sig b/gnupg-2.3.7.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..bdfdc3f72059cccd4f5c9a0133beb1530963c2571e726139e9ff55f05c553e5b
GIT binary patch
literal 119
zcmeAuWnmEJV2~A4WMTT;`@dNJXUzu7g||ZHWyVd2Uc|x5lyru>nt_W`049>-#qdvO
zL7+3Q{`(J>+YGMdISHrR+s@B?aK9^PapD{99~W0eGW_?yT>p52R_TMa9j2v<Uw3VC
UYqfNYe`erj9(cy|`Ibj|0Md3dHUIzs

literal 0
HcmV?d00001

diff --git a/gpg2.changes b/gpg2.changes
index 3b8c465..8ba8580 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Jul 12 22:06:02 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- GnuPG 2.3.7:
+  * CVE-2022-34903: garbled status messages could trick gpgme and
+    other parsers to accept faked status lines [boo#1201225]
+  * A number of bug fixes to the gpg command line interface
+  * gpgsm gained a number of new options and got some rework on
+    the PKCS#12 parser to support DFN issues keys
+  * The gpg agent got some added options and UI tweaks
+  * smart card support got a number of bug fixes, and improved
+    support for Technology Nexus cards and Yubikey
+  * The Telesec ESIGN application is now supported
+
 -------------------------------------------------------------------
 Mon May 16 09:12:06 UTC 2022 - Marcus Meissner <meissner@suse.com>
 
diff --git a/gpg2.spec b/gpg2.spec
index 22b46be..24e4ac6 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.3.6
+Version:        2.3.7
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later