From 8fdc352d9d5500d125515a6d75c370b25736ee986f28c0880b997e78f3d9f3d6 Mon Sep 17 00:00:00 2001
From: Karol Babioch <karol@babioch.de>
Date: Thu, 8 Feb 2018 22:16:08 +0000
Subject: [PATCH] Accepting request 574409 from
 home:kbabioch:branches:security:privacy

- Update to version 1.0.5
  * added secure memory allocation from libgcrypt for some parts
  * dkg-verify: added options "-f" and "-t" for a validity period
  * added simple initalization procedure for memory locking
  * added basic check on signature strength in parse_signature()
  * added some basic checks on key strength in parse_public_key()
  * added check for revocation signatures in parse_public_key()
  * dkg-encrypt: added option "-z" for improved privacy (zero key ID)
  * dkg-verify: added validity checks on key and signature
  * dkg-keycheck: added ROCA vulnerability detector (Infineon RSALib)
  * added option "-U" for dkg-keysign (policy URI)
  * added option "-r" for dkg-keysign (revocation signature)
  * added option "-r" for dkg-keycheck (support for RSA keys)
  * added program dkg-keysign for creating certification signatures
  * dkg-decrypt: removed support for not integrity protected messages
  * dkg-keycheck: added test for small/same k in DSA signatures
  * dkg-refresh: added cache for very strong randomness
- Use https instead of http

OBS-URL: https://build.opensuse.org/request/show/574409
OBS-URL: https://build.opensuse.org/package/show/security:privacy/dkgpg?expand=0&rev=2
---
 dkgpg-1.0.4.tar.gz     |  3 ---
 dkgpg-1.0.4.tar.gz.sig |  6 ------
 dkgpg-1.0.5.tar.gz     |  3 +++
 dkgpg-1.0.5.tar.gz.sig |  6 ++++++
 dkgpg.changes          | 23 +++++++++++++++++++++++
 dkgpg.spec             |  8 ++++----
 6 files changed, 36 insertions(+), 13 deletions(-)
 delete mode 100644 dkgpg-1.0.4.tar.gz
 delete mode 100644 dkgpg-1.0.4.tar.gz.sig
 create mode 100644 dkgpg-1.0.5.tar.gz
 create mode 100644 dkgpg-1.0.5.tar.gz.sig

diff --git a/dkgpg-1.0.4.tar.gz b/dkgpg-1.0.4.tar.gz
deleted file mode 100644
index 8fad9ce..0000000
--- a/dkgpg-1.0.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:65e9d0ae7f6a56f441989b194dddcf16b84bc44faa8935a3501ce776238d23dd
-size 592458
diff --git a/dkgpg-1.0.4.tar.gz.sig b/dkgpg-1.0.4.tar.gz.sig
deleted file mode 100644
index 9b2e5dc..0000000
--- a/dkgpg-1.0.4.tar.gz.sig
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQR29zARMp0n2418P5dPWE64+yvhTwUCWj4YiAAKCRBPWE64+yvh
-TzqjAJ9TGCHZU/ipLDVtdOg4BkjUWwEj+wCfQ08Y9MlpAVwe0B3NYOg9Msh4djo=
-=kaWv
------END PGP SIGNATURE-----
diff --git a/dkgpg-1.0.5.tar.gz b/dkgpg-1.0.5.tar.gz
new file mode 100644
index 0000000..a385209
--- /dev/null
+++ b/dkgpg-1.0.5.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d802d50d832decb6ed9ec4b1c24610d34892da3dd431a71e4ad0bf37dc26dceb
+size 627249
diff --git a/dkgpg-1.0.5.tar.gz.sig b/dkgpg-1.0.5.tar.gz.sig
new file mode 100644
index 0000000..5359315
--- /dev/null
+++ b/dkgpg-1.0.5.tar.gz.sig
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQR29zARMp0n2418P5dPWE64+yvhTwUCWnyzBAAKCRBPWE64+yvh
+T++UAJ9bMP1RnFehCIv352jWx81tLMPqgACgmeMMeKsBlUw9yYTIWWKcWQBa1b0=
+=+iYo
+-----END PGP SIGNATURE-----
diff --git a/dkgpg.changes b/dkgpg.changes
index 7380d66..e93ab7a 100644
--- a/dkgpg.changes
+++ b/dkgpg.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Thu Feb  8 22:13:12 UTC 2018 - kbabioch@suse.com
+
+- Update to version 1.0.5 
+  * added secure memory allocation from libgcrypt for some parts
+  * dkg-verify: added options "-f" and "-t" for a validity period
+  * added simple initalization procedure for memory locking
+  * added basic check on signature strength in parse_signature()
+  * added some basic checks on key strength in parse_public_key()
+  * added check for revocation signatures in parse_public_key()
+  * dkg-encrypt: added option "-z" for improved privacy (zero key ID) 
+  * dkg-verify: added validity checks on key and signature
+  * dkg-keycheck: added ROCA vulnerability detector (Infineon RSALib)
+  * added option "-U" for dkg-keysign (policy URI)
+  * added option "-r" for dkg-keysign (revocation signature)
+  * added option "-r" for dkg-keycheck (support for RSA keys)
+  * added program dkg-keysign for creating certification signatures
+  * dkg-decrypt: removed support for not integrity protected messages
+  * dkg-keycheck: added test for small/same k in DSA signatures
+  * dkg-refresh: added cache for very strong randomness
+
+- Use https instead of http
+
 -------------------------------------------------------------------
 Mon Jan 15 15:23:49 UTC 2018 - kbabioch@suse.com
 
diff --git a/dkgpg.spec b/dkgpg.spec
index acf9816..aaa6688 100644
--- a/dkgpg.spec
+++ b/dkgpg.spec
@@ -17,14 +17,14 @@
 
 
 Name:           dkgpg
-Version:        1.0.4
+Version:        1.0.5
 Release:        0
 Summary:        Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP
 License:        GPL-2.0+
 Group:          Productivity/Security
-URL:            http://www.nongnu.org/dkgpg/
-Source:         http://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz
-Source2:        http://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz.sig
+URL:            https://www.nongnu.org/dkgpg/
+Source:         https://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz
+Source2:        https://download.savannah.gnu.org/releases/dkgpg/%{name}-%{version}.tar.gz.sig
 Source3:        %{name}.keyring
 BuildRequires:  gcc-c++
 BuildRequires:  gmp-devel >= 4.2