From 4a38996a405088155477faf617f4ca6cbcd69adb33b023d7c4cb07ba6a34cf08 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <andreas.stieger@gmx.de>
Date: Thu, 16 Mar 2017 09:35:18 +0000
Subject: [PATCH] Accepting request 479376 from security:privacy

- Use stronger defaults for new users, using SHA-2 digest family
  for certificates and message signatures - FATE#323084
  adding gnupg-2.1.19-stronger-defaults.patch

OBS-URL: https://build.opensuse.org/request/show/479376
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=166
---
 gnupg-2.1.19-stronger-defaults.patch | 26 ++++++++++++++++++++++++++
 gpg2.changes                         |  7 +++++++
 gpg2.spec                            |  2 ++
 3 files changed, 35 insertions(+)
 create mode 100644 gnupg-2.1.19-stronger-defaults.patch

diff --git a/gnupg-2.1.19-stronger-defaults.patch b/gnupg-2.1.19-stronger-defaults.patch
new file mode 100644
index 0000000..983dabd
--- /dev/null
+++ b/gnupg-2.1.19-stronger-defaults.patch
@@ -0,0 +1,26 @@
+From: Andreas Stieger <astieger@suse.com>
+Date: Tue, 14 Mar 2017 20:43:20 +0000
+Subject; FATE#323084: Stronger GnuPG defaults
+References: FATE#323084
+Upstream: no
+
+Index: gnupg-2.1.19/g10/options.skel
+===================================================================
+--- gnupg-2.1.19.orig/g10/options.skel
++++ gnupg-2.1.19/g10/options.skel
+@@ -137,3 +137,15 @@
+ # Uncomment the following option to get rid of the copyright notice
+ 
+ #no-greeting
++
++# SUSE recommended output options
++with-fingerprint
++keyid-format 0xlong
++no-emit-version
++
++# SUSE recommends SHA-2 family of hashes for all  
++personal-digest-preferences SHA512 SHA384 SHA256 SHA224
++default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
++cert-digest-algo SHA512
++digest-algo SHA512
++
diff --git a/gpg2.changes b/gpg2.changes
index 0e1f74b..aedb1c6 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar 14 20:41:55 UTC 2017 - astieger@suse.com
+
+- Use stronger defaults for new users, using SHA-2 digest family
+  for certificates and message signatures - FATE#323084
+  adding gnupg-2.1.19-stronger-defaults.patch
+
 -------------------------------------------------------------------
 Tue Mar  7 12:55:14 UTC 2017 - astieger@suse.com
 
diff --git a/gpg2.spec b/gpg2.spec
index 08a32ac..0daa985 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -34,6 +34,7 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:        gnupg-2.1.19-stronger-defaults.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libassuan-devel >= 2.4.3
@@ -86,6 +87,7 @@ gpg2 provides GPGSM, gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})