Accepting request 1083567 from home:david.anes:branches:Base:System

- Rebased patches: * gnupg-add_legacy_FIPS_mode_option.patch - Removed patches (already upstream): * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - Don't ship systemd examples, as they are removed from upstream release tarball. - Update to 2.4.1: * If the ~/.gnupg directory does not exist, the keyboxd is now automagically enabled. * gpg: New option --add-desig-revoker. * gpg: New option --assert-signer. * gpg: New command --quick-add-adsk and other ADSK features. * gpg: New list-option "show-unusable-sigs". Also show "[self-signature]" instead of the user-id in key signature listings. * gpg: For symmetric encryption the default S2K hash is now SHA256. * gpg: Detect already compressed data also when using a pipe. Also detect JPEG and PNG file formats. * gpg: New subcommand "openpgp" for --card-edit. * gpgsm: Verification of detached signatures does now strip trailing zeroes from the input if --assume-binary is used. * gpgsm: Non-armored detached signature are now created without using indefinite form length octets. This improves compatibility with some PDF signature verification software. * gpgtar: Emit progress status lines in create mode. * dirmngr: The LDAP modifyTimestamp is now returned by some keyserver commands. * ssh: Allow specification of the order keys are presented to ssh. See the man page entry for --enable-ssh-support. * gpg: Make list-options "show-sig-subpackets" work again. OBS-URL: https://build.opensuse.org/request/show/1083567 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=284
2023-04-29 07:28:45 +00:00 · 2023-04-29 07:28:45 +00:00 · 0f5ef67105
commit 0f5ef67105
parent bcc05eb282
7 changed files with 72 additions and 35 deletions
--- a/gnupg-2.4.0.tar.bz2
+++ b/gnupg-2.4.0.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
-size 7666935
--- a/gnupg-2.4.0.tar.bz2.sig
+++ b/gnupg-2.4.0.tar.bz2.sig
--- a/gnupg-2.4.1.tar.bz2
+++ b/gnupg-2.4.1.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:76b71e5aeb443bfd910ce9cbc8281b617c8341687afb67bae455877972b59de8
+size 7341338
--- a/gnupg-2.4.1.tar.bz2.sig
+++ b/gnupg-2.4.1.tar.bz2.sig
--- a/gnupg-add_legacy_FIPS_mode_option.patch
+++ b/gnupg-add_legacy_FIPS_mode_option.patch
@ -3,11 +3,11 @@
 g10/gpg.c    |    9 +++++++++
 2 files changed, 27 insertions(+)

-Index: gnupg-2.4.0/doc/gpg.texi
+Index: gnupg-2.4.1/doc/gpg.texi
 ===================================================================
--- gnupg-2.4.0.orig/doc/gpg.texi
-+++ gnupg-2.4.0/doc/gpg.texi
-@@ -2218,6 +2218,24 @@ implies, this option is for experts only
+--- gnupg-2.4.1.orig/doc/gpg.texi
+++ gnupg-2.4.1/doc/gpg.texi
+@@ -2285,6 +2285,24 @@ implies, this option is for experts only
 understand the implications of what it allows you to do, leave this
 off. @option{--no-expert} disables this option.
 
@ -32,38 +32,37 @@ Index: gnupg-2.4.0/doc/gpg.texi
 @end table
 
 
-Index: gnupg-2.4.0/g10/gpg.c
+Index: gnupg-2.4.1/g10/gpg.c
 ===================================================================
--- gnupg-2.4.0.orig/g10/gpg.c
-+++ gnupg-2.4.0/g10/gpg.c
-@@ -443,6 +443,7 @@ enum cmd_and_opt_values
+--- gnupg-2.4.1.orig/g10/gpg.c
+++ gnupg-2.4.1/g10/gpg.c
+@@ -444,6 +444,7 @@ enum cmd_and_opt_values
     oForceSignKey,
     oForbidGenKey,
     oRequireCompliance,
 +    oSetLegacyFips,
     oCompatibilityFlags,
- 
-     oNoop
-@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = {
-   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
-   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
-   ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"),
+     oAddDesigRevoker,
+     oAssertSigner,
+@@ -978,6 +979,7 @@ static gpgrt_opt_t opts[] = {
+   ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
+   ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
+   ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
 +  ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
 
 
-   ARGPARSE_header (NULL, N_("Options for unattended use")),
-@@ -3711,6 +3713,14 @@ main (int argc, char **argv)
-             opt.flags.require_compliance = 1;
-             break;
+   ARGPARSE_group (302, N_(
+@@ -3743,6 +3745,13 @@ main (int argc, char **argv)
+             add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str);
+ 	    break;
+ 
+    case oSetLegacyFips:
+      if(gcry_fips_mode_active())
+        gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG,
+                      "Enable legacy support in FIPS 140-2 mode");
+      else
+        log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
+      break;
 
-+         case oSetLegacyFips:
-+           if(gcry_fips_mode_active())
-+             gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG,
-+                           "Enable legacy support in FIPS 140-2 mode");
-+           else
-+             log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n");
-+           break;
-+
 	  case oNoop: break;
 
- 	  default:
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,45 @@
+-------------------------------------------------------------------
+Fri Apr 28 17:32:11 UTC 2023 - David Anes <david.anes@suse.com>
+
+- Rebased patches:
+  * gnupg-add_legacy_FIPS_mode_option.patch
+
+- Removed patches (already upstream):
+  * gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch 
+
+- Don't ship systemd examples, as they are removed from upstream
+  release tarball.
+
+- Update to 2.4.1:
+  * If the ~/.gnupg directory does not exist, the keyboxd is now
+    automagically enabled.
+  * gpg: New option --add-desig-revoker.
+  * gpg: New option --assert-signer.
+  * gpg: New command --quick-add-adsk and other ADSK features.
+  * gpg: New list-option "show-unusable-sigs".  Also show
+    "[self-signature]" instead of the user-id in key signature
+    listings. 
+  * gpg: For symmetric encryption the default S2K hash is now SHA256.
+  * gpg: Detect already compressed data also when using a pipe.  Also
+    detect JPEG and PNG file formats.
+  * gpg: New subcommand "openpgp" for --card-edit.
+  * gpgsm: Verification of detached signatures does now strip trailing
+    zeroes from the input if --assume-binary is used.
+  * gpgsm: Non-armored detached signature are now created without
+    using indefinite form length octets.  This improves compatibility
+    with some PDF signature verification software.
+  * gpgtar: Emit progress status lines in create mode.
+  * dirmngr: The LDAP modifyTimestamp is now returned by some
+    keyserver commands.
+  * ssh: Allow specification of the order keys are presented to ssh.
+    See the man page entry for --enable-ssh-support.
+  * gpg: Make list-options "show-sig-subpackets" work again.
+    Fixes regression in 2.4.0.
+  * gpg: Fix the keytocard command for Yubikeys.
+  * gpg: Do not continue an export after a cancel for the primary key.
+  * gpg: Replace the --override-compliance-check hack by a real fix.
+  * gpgtar: Fix decryption with input taken from stdin.
+
 -------------------------------------------------------------------
 Wed Jan 11 11:15:54 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

--- a/gpg2.spec
+++ b/gpg2.spec
@ -17,7 +17,7 @@


 Name:           gpg2
-Version:        2.4.0
+Version:        2.4.1
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@ -39,8 +39,6 @@ Patch7:         gnupg-2.2.16-secmem.patch
 Patch8:         gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
 Patch9:         gnupg-add-test-cases-for-import-without-uid.patch
 Patch10:        gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
-#PATCH-FIX-UPSTREAM dev.gnupg.org/T6313
-Patch11:        gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  ibmswtpm2
@ -173,7 +171,6 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 %{_mandir}/*/*%{ext_man}
 %license COPYING*
 %doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ
-%exclude %{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %doc %{_docdir}/%{name}
 %exclude %{_bindir}/dirmngr*
 %exclude %{_bindir}/tpm2daemon*
@ -190,7 +187,6 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
 %files -n dirmngr
 %license COPYING*
 %{_mandir}/*/dirmngr*%{ext_man}
-%{_docdir}/%{name}/examples/systemd-user/dirmngr.*
 %{_bindir}/dirmngr*

 %files tpm