Accepting request 637010 from security:privacy

OBS-URL: https://build.opensuse.org/request/show/637010
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dkgpg?expand=0&rev=5

dkgpg-1.0.7.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:38675dd6b8078999a60b0b1df1182a115f11aa4f27398ce9cc58bef8f6ff6eae
-size 622912

dkgpg-1.0.7.tar.gz.sig

@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQR29zARMp0n2418P5dPWE64+yvhTwUCWzKFXQAKCRBPWE64+yvh
-T+eaAJ0W5IZi9UsXgRt4mTKe9X01IHKblQCeK8tc+/fNg/YymVeftt18a/2jOZE=
-=PEaK
------END PGP SIGNATURE-----

dkgpg-1.0.8.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3594a4ade2bbdfa1cdda7ffd4ce6c4d68b0d4eea823c5c5ab51f3e8249df37c4
+size 683474

dkgpg-1.0.8.tar.gz.sig

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQR29zARMp0n2418P5dPWE64+yvhTwUCW5lfEgAKCRBPWE64+yvh
+TzLCAJ0Rh+XVAZz3a/Xi2j5b9PvZfEGwJgCaAxEnuDMnyvrd919NolDT119EWMA=
+=wbEG
+-----END PGP SIGNATURE-----

dkgpg.changes

@@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Thu Sep 13 07:13:51 UTC 2018 - Karol Babioch <kbabioch@suse.com>
+
+- Update to version 1.0.8:
+    First of all, passive support for ECDSA, ECDH, and EdDSA (cf. RFC 6637
+    and Werner Koch's draft RFC 4880bis) has been added by relying on the
+    most recent version of LibTMCG. The threshold signature scheme and the
+    threshold encryption are still limited to finite field cryptography
+    (i.e. DSA and ElGamal). Moreover, the programs generate and recognize
+    a few other new OpenPGP features (e.g. issuer fingerprint subpackets)
+    from RFC 4880bis. Compressed messages are now decompressed by the
+    program dkg-decrypt using zlib Compression Library (and optionally by
+    library routines from libbzip2). This completes DKGPG's compatibility
+    with other OpenPGP software, however, the prefered compression algorithm
+    (i.e. "no compression") in self-signatures of generated keys is kept
+    for now. Support for symmetric-key decryption by dkg-decrypt has been
+    added too. The program dkg-verify now reads the signature from a file,
+    if option "-s" is used. To keep track of later protocol changes, all
+    interactive programs include a version identifier in their common ID of
+    the reliable broadcast channel. Thus programs from previous releases
+    will not communicate with those of this release. With the new programs
+    dkg-timestamp and dkg-timestamp-verify a OpenPGP timestamp signature
+    can be generated and verified, respectively. Last but not least, by the
+    new option "-y" some programs (dkg-generate, dkg-decrypt, dkg-sign,
+    dkg-keysign, and dkg-timestamp) will work with regular OpenPGP keys too.
+    The README file contains a configuration sample showing how to replace
+    classic PGP by DKGPG in the famous mail user agent mutt based on this
+    option. Please note that this feature is experimental and semantics
+    may be changed later.
+- Added new build requirements:
+  * zlib
+  * bzip2
+
 -------------------------------------------------------------------
 Mon Jul  9 05:33:30 UTC 2018 - kbabioch@suse.com
 

dkgpg.spec

@@ -17,7 +17,7 @@
 
 
 Name:           dkgpg
-Version:        1.0.7
+Version:        1.0.8
 Release:        0
 Summary:        Distributed Key Generation (DKG) and Threshold Cryptography for OpenPGP
 License:        GPL-2.0-or-later
@@ -28,9 +28,11 @@ Source2:        https://download.savannah.gnu.org/releases/dkgpg/%{name}-%{versi
 Source3:        %{name}.keyring
 BuildRequires:  gcc-c++
 BuildRequires:  gmp-devel >= 4.2
-BuildRequires:  libTMCG-devel >= 1.3.13
+BuildRequires:  libTMCG-devel >= 1.3.14
+BuildRequires:  libbz2-devel
 BuildRequires:  libgcrypt-devel >= 1.6
 BuildRequires:  libgpg-error-devel >= 1.12
+BuildRequires:  zlib-devel
 
 %description
 The Distributed Privacy Guard (DKGPG) implements Distributed Key