Accepting request 485777 from security:privacy

2.1.20

OBS-URL: https://build.opensuse.org/request/show/485777
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=168

gnupg-2.0.18-files-are-digests.patch

@@ -4,11 +4,11 @@
  g10/sign.c    |   68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
  3 files changed, 67 insertions(+), 6 deletions(-)
 
-Index: gnupg-2.1.15/g10/gpg.c
+Index: gnupg-2.1.20/g10/gpg.c
 ===================================================================
---- gnupg-2.1.15.orig/g10/gpg.c
-+++ gnupg-2.1.15/g10/gpg.c
-@@ -368,6 +368,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.20.orig/g10/gpg.c	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/gpg.c	2017-04-04 15:59:20.823799866 +0200
+@@ -374,6 +374,7 @@ enum cmd_and_opt_values
      oTTYtype,
      oLCctype,
      oLCmessages,
@@ -16,7 +16,7 @@ Index: gnupg-2.1.15/g10/gpg.c
      oXauthority,
      oGroup,
      oUnGroup,
-@@ -791,6 +792,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -820,6 +821,7 @@ static ARGPARSE_OPTS opts[] = {
    ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
    ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
    ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
@@ -24,7 +24,7 @@ Index: gnupg-2.1.15/g10/gpg.c
  
    /* Aliases.  I constantly mistype these, and assume other people do
       as well. */
-@@ -2239,6 +2241,7 @@ main (int argc, char **argv)
+@@ -2393,6 +2395,7 @@ main (int argc, char **argv)
      opt.def_cert_expire = "0";
      gnupg_set_homedir (NULL);
      opt.passphrase_repeat = 1;
@@ -32,7 +32,7 @@ Index: gnupg-2.1.15/g10/gpg.c
      opt.emit_version = 0;
      opt.weak_digests = NULL;
      additional_weak_digest("MD5");
-@@ -2807,6 +2810,7 @@ main (int argc, char **argv)
+@@ -2942,6 +2945,7 @@ main (int argc, char **argv)
  	    opt.verify_options&=~VERIFY_SHOW_PHOTOS;
  	    break;
  	  case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@@ -40,11 +40,11 @@ Index: gnupg-2.1.15/g10/gpg.c
  
  	  case oForceMDC: opt.force_mdc = 1; break;
  	  case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.15/g10/options.h
+Index: gnupg-2.1.20/g10/options.h
 ===================================================================
---- gnupg-2.1.15.orig/g10/options.h
-+++ gnupg-2.1.15/g10/options.h
-@@ -212,6 +212,7 @@ struct
+--- gnupg-2.1.20.orig/g10/options.h	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/options.h	2017-04-04 15:59:20.827799905 +0200
+@@ -214,6 +214,7 @@ struct
    int no_auto_check_trustdb;
    int preserve_permissions;
    int no_homedir_creation;
@@ -52,20 +52,20 @@ Index: gnupg-2.1.15/g10/options.h
    struct groupitem *grouplist;
    int mangle_dos_filenames;
    int enable_progress_filter;
-Index: gnupg-2.1.15/g10/sign.c
+Index: gnupg-2.1.20/g10/sign.c
 ===================================================================
---- gnupg-2.1.15.orig/g10/sign.c
-+++ gnupg-2.1.15/g10/sign.c
+--- gnupg-2.1.20.orig/g10/sign.c	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/sign.c	2017-04-04 15:59:27.515864763 +0200
 @@ -42,6 +42,8 @@
  #include "call-agent.h"
- #include "mbox-util.h"
+ #include "../common/mbox-util.h"
  
-+#include "host2net.h"
++#include "../common/host2net.h"
 +
  #ifdef HAVE_DOSISH_SYSTEM
  #define LF "\r\n"
  #else
-@@ -711,8 +713,12 @@ write_signature_packets (SK_LIST sk_list
+@@ -718,8 +720,12 @@ write_signature_packets (ctrl_t ctrl,
            mk_notation_policy_etc (sig, NULL, pk);
          }
  
@@ -76,9 +76,9 @@ Index: gnupg-2.1.15/g10/sign.c
 +          log_bug("files-are-digests doesn't work with v4 sigs\n");
 +      }
  
-       rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
+       rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce);
        gcry_md_close (md);
-@@ -770,6 +776,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -781,6 +787,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
      SK_LIST sk_rover = NULL;
      int multifile = 0;
      u32 duration=0;
@@ -87,7 +87,7 @@ Index: gnupg-2.1.15/g10/sign.c
  
      pfx = new_progress_context ();
      afx = new_armor_context ();
-@@ -786,7 +794,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -798,7 +806,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	fname = NULL;
  
      if( fname && filenames->next && (!detached || encryptflag) )
@@ -105,7 +105,7 @@ Index: gnupg-2.1.15/g10/sign.c
  
      if(encryptflag==2
         && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -807,7 +824,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -819,7 +836,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
        goto leave;
  
      /* prepare iobufs */
@@ -114,7 +114,7 @@ Index: gnupg-2.1.15/g10/sign.c
  	inp = NULL; /* we do it later */
      else {
        inp = iobuf_open(fname);
-@@ -945,7 +962,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -957,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
      for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
        gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
  
@@ -123,7 +123,7 @@ Index: gnupg-2.1.15/g10/sign.c
  	iobuf_push_filter( inp, md_filter, &mfx );
  
      if( detached && !encryptflag)
-@@ -1000,6 +1017,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1012,6 +1029,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      write_status_begin_signing (mfx.md);
  
@@ -132,7 +132,7 @@ Index: gnupg-2.1.15/g10/sign.c
      /* Setup the inner packet. */
      if( detached ) {
  	if( multifile ) {
-@@ -1040,6 +1059,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1052,6 +1071,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
  	    if( opt.verbose )
                log_printf ("\n");
  	}
@@ -178,10 +178,10 @@ Index: gnupg-2.1.15/g10/sign.c
  	else {
  	    /* read, so that the filter can calculate the digest */
  	    while( iobuf_get(inp) != -1 )
-@@ -1058,8 +1116,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1070,8 +1128,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
  
      /* write the signatures */
-     rc = write_signature_packets (sk_list, out, mfx.md,
+     rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
 -                                  opt.textmode && !outfile? 0x01 : 0x00,
 -				  0, duration, detached ? 'D':'S', NULL);
 +                                  sigclass,

gnupg-2.1.19.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:46cced1f5641ce29cc28250f52fadf6e417e649b3bfdec49a5a0d0b22a639bf0
-size 6404836

gnupg-2.1.20.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:24cf9a69369be64a9f6f8cc11a1be33ab7780ad77a6a1b93719438f49f69960d
+size 6456128

gnupg-set_umask_before_open_outfile.patch

@@ -1,7 +1,7 @@
-Index: gnupg-2.1.12/g10/plaintext.c
+Index: gnupg-2.1.20/g10/plaintext.c
 ===================================================================
---- gnupg-2.1.12.orig/g10/plaintext.c	2016-05-04 11:43:16.000000000 +0200
-+++ gnupg-2.1.12/g10/plaintext.c	2016-05-04 17:36:13.945784756 +0200
+--- gnupg-2.1.20.orig/g10/plaintext.c	2017-04-03 17:13:56.000000000 +0200
++++ gnupg-2.1.20/g10/plaintext.c	2017-04-04 09:53:31.541145727 +0200
 @@ -24,6 +24,7 @@
  #include <string.h>
  #include <errno.h>
@@ -11,8 +11,8 @@ Index: gnupg-2.1.12/g10/plaintext.c
  # include <fcntl.h> /* for setmode() */
  #endif
 @@ -38,6 +39,9 @@
- #include "status.h"
- #include "i18n.h"
+ #include "../common/status.h"
+ #include "../common/i18n.h"
  
 +/* define safe permissions for creating plaintext files */
 +#define GPG_SAFE_PERMS (S_IRUSR | S_IWUSR)
@@ -20,7 +20,7 @@ Index: gnupg-2.1.12/g10/plaintext.c
  
  /* Get the output filename.  On success, the actual filename that is
     used is set in *FNAMEP and a filepointer is returned in *FP.
-@@ -145,11 +149,15 @@ get_output_file (const byte *embedded_na
+@@ -161,11 +165,15 @@ get_output_file (const byte *embedded_na
        log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
        goto leave;
      }

gpg2.changes

@@ -1,3 +1,33 @@
+-------------------------------------------------------------------
+Tue Apr  4 14:00:36 UTC 2017 - astieger@suse.com
+
+- GnuPG 2.1.20:
+  * gpg: New properties 'expired', 'revoked', and 'disabled' for the
+    import and export filters.
+  * gpg: New command --quick-set-primary-uid.
+  * gpg: New compliance field for the --with-colon key listing.
+  * gpg: Changed the key parser to generalize the processing of local
+    meta data packets.
+  * gpg: Fixed assertion failure in the TOFU trust model.
+  * gpg: Fixed exporting of zero length user ID packets.
+  * scd: Improved support for multiple readers.
+  * scd: Fixed timeout handling for key generation.
+  * agent: New option --enable-extended-key-format.
+  * dirmngr: Do not add a keyserver to a new dirmngr.conf.  Dirmngr
+    uses a default keyserver.
+  * dimngr: Do not treat TLS warning alerts as severe error when
+    building with GNUTLS.
+  * dirmngr: Actually take /etc/hosts in account.
+  * wks: Fixed client problems on Windows.  Published keys are now set
+    to world-readable.
+  * tests: Fixed creation of temporary directories.
+  * A socket directory for a non standard GNUGHOME is now created on
+    the fly under /run/user.  Thus "gpgconf --create-socketdir" is now
+    optional.  The use of "gpgconf --remove-socketdir" to clean up
+    obsolete socket directories is however recommended to avoid
+    cluttering /run/user with useless directories.
+  * Fixed build problems on some platforms.
+
 -------------------------------------------------------------------
 Tue Mar 14 20:41:55 UTC 2017 - astieger@suse.com
 

gpg2.spec

@@ -17,7 +17,7 @@
 
 
 Name:           gpg2
-Version:        2.1.19
+Version:        2.1.20
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0+