SHA256
1
0
forked from pool/gpg2

Accepting request 441007 from security:privacy

GnuPG 2.1.16

OBS-URL: https://build.opensuse.org/request/show/441007
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=150
This commit is contained in:
Marcus Meissner 2016-11-19 22:26:09 +00:00 committed by Git OBS Bridge
parent 5058b5ebe2
commit 5cd70f3b2e
8 changed files with 51 additions and 226 deletions

View File

@ -1,28 +0,0 @@
From ae52c486ef5e71445aa0adfdac30124abff7da46 Mon Sep 17 00:00:00 2001
From: Andreas Stieger <astieger@suse.com>
Date: Fri, 19 Aug 2016 23:09:13 +0200
Subject: [PATCH] common: Follow-up to 14479e2, fix void return in non-void
function
* simple-pwquery.c (agent_open): return -1 in errout label as documented.
Signed-off-by: Andreas Stieger <astieger@suse.com>
---
common/simple-pwquery.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index 240451b..0c3233b 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -285,6 +285,7 @@ agent_open (assuan_context_t *ctx)
errout:
assuan_release (*ctx);
*ctx = NULL;
+ return -1;
}
--
2.6.6

View File

@ -1,190 +0,0 @@
From 31fc420727f45dd081f8ad5d056da6675dad29f2 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 12 Sep 2016 17:42:50 +0200
Subject: [PATCH] gpg: Avoid mixing up status and colon line output.
* g10/keylist.c (list_keyblock_colon): Avoid calling functions which
trigger a status line output before having printed a LF.
--
Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the
colons output, like here:
pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...]
Reported-by: Andreas Stieger <astieger@suse.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
---
This version of the patch backported onto the 2.1.15 tag -- astieger@suse.com
---
g10/keylist.c | 83 +++++++++++++++++++++++++++++++++--------------------------
1 file changed, 47 insertions(+), 36 deletions(-)
Index: gnupg-2.1.15/g10/keylist.c
===================================================================
--- gnupg-2.1.15.orig/g10/keylist.c 2016-09-13 15:40:30.178482877 +0200
+++ gnupg-2.1.15/g10/keylist.c 2016-09-13 15:45:53.605670795 +0200
@@ -1183,9 +1183,10 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
PKT_public_key *pk;
u32 keyid[2];
int trustletter = 0;
+ int trustletter_print;
+ int ownertrust_print;
int ulti_hack = 0;
int i;
- char *p;
char *hexgrip_buffer = NULL;
const char *hexgrip = NULL;
char *serialno = NULL;
@@ -1217,31 +1218,38 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
stubkey = 1; /* Key not found. */
keyid_from_pk (pk, keyid);
- es_fputs (secret? "sec:":"pub:", es_stdout);
if (!pk->flags.valid)
- es_putc ('i', es_stdout);
+ trustletter_print = 'i';
else if (pk->flags.revoked)
- es_putc ('r', es_stdout);
+ trustletter_print = 'r';
else if (pk->has_expired)
- es_putc ('e', es_stdout);
+ trustletter_print = 'e';
else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
- ;
+ trustletter_print = 0;
else
{
trustletter = get_validity_info (ctrl, pk, NULL);
if (trustletter == 'u')
ulti_hack = 1;
- es_putc (trustletter, es_stdout);
+ trustletter_print = trustletter;
}
+ if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
+ ownertrust_print = get_ownertrust_info (pk);
+ else
+ ownertrust_print = 0;
+
+ es_fputs (secret? "sec:":"pub:", es_stdout);
+ if (trustletter_print)
+ es_putc (trustletter_print, es_stdout);
es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::",
nbits_from_pk (pk),
pk->pubkey_algo,
(ulong) keyid[0], (ulong) keyid[1],
colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
- if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
- es_putc (get_ownertrust_info (pk), es_stdout);
+ if (ownertrust_print)
+ es_putc (ownertrust_print, es_stdout);
es_putc (':', es_stdout);
es_putc (':', es_stdout);
@@ -1286,31 +1294,27 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
{
if (node->pkt->pkttype == PKT_USER_ID)
{
- char *str;
PKT_user_id *uid = node->pkt->pkt.user_id;
+ int uid_validity;
if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
dump_attribs (node->pkt->pkt.user_id, pk);
- /*
- * Fixme: We need a valid flag here too
- */
- str = uid->attrib_data ? "uat" : "uid";
+
if (uid->is_revoked)
- es_fprintf (es_stdout, "%s:r::::", str);
+ uid_validity = 'r';
else if (uid->is_expired)
- es_fprintf (es_stdout, "%s:e::::", str);
+ uid_validity = 'e';
else if (opt.no_expensive_trust_checks)
- es_fprintf (es_stdout, "%s:::::", str);
- else
- {
- int uid_validity;
-
- if (!ulti_hack)
- uid_validity = get_validity_info (ctrl, pk, uid);
- else
- uid_validity = 'u';
- es_fprintf (es_stdout, "%s:%c::::", str, uid_validity);
- }
+ uid_validity = 0;
+ else if (ulti_hack)
+ uid_validity = 'u';
+ else
+ uid_validity = get_validity_info (ctrl, pk, uid);
+
+ es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
+ if (uid_validity)
+ es_putc (uid_validity, es_stdout);
+ es_fputs ("::::", es_stdout);
es_fprintf (es_stdout, "%s:", colon_strtime (uid->created));
es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate));
@@ -1425,6 +1429,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
char *sigstr;
size_t fplen;
byte fparray[MAX_FINGERPRINT_LEN];
+ char *siguid;
+ size_t siguidlen;
if (sig->sig_class == 0x20 || sig->sig_class == 0x28
|| sig->sig_class == 0x30)
@@ -1484,6 +1490,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
rc = 0;
sigrc = ' ';
}
+
+ if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
+ siguid = get_user_id (sig->keyid, &siguidlen);
+ else
+ {
+ siguid = NULL;
+ siguidlen = 0;
+ }
+
+
es_fputs (sigstr, es_stdout);
es_putc (':', es_stdout);
if (sigrc != ' ')
@@ -1504,17 +1520,11 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
if (sigrc == '%')
es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
- else if (sigrc == '?')
- ;
- else if (!opt.fast_list_mode)
- {
- size_t n;
- p = get_user_id (sig->keyid, &n);
- es_write_sanitized (es_stdout, p, n, ":", NULL);
- xfree (p);
- }
+ else if (siguid)
+ es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL);
+
es_fprintf (es_stdout, ":%02x%c::", sig->sig_class,
- sig->flags.exportable ? 'x' : 'l');
+ sig->flags.exportable ? 'x' : 'l');
if (opt.no_sig_cache && opt.check_sigs && fprokay)
{
@@ -1528,6 +1538,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode
print_subpackets_colon (sig);
/* fixme: check or list other sigs here */
+ xfree (siguid);
}
}

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c28c1a208f1b8ad63bdb6b88d252f6734ff4d33de6b54e38494b11d49e00ffdd
size 5723689

Binary file not shown.

3
gnupg-2.1.16.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:49b9a6a6787ad00d4d2d69d8c7ee8905923782583f06078a064a0c80531d8844
size 5840687

BIN
gnupg-2.1.16.tar.bz2.sig Normal file

Binary file not shown.

View File

@ -1,3 +1,50 @@
-------------------------------------------------------------------
Sat Nov 19 22:07:13 UTC 2016 - astieger@suse.com
- GnuPG 2.1.16:
* gpg: New algorithm for selecting the best ranked public key when
using a mail address with -r, -R, or --locate-key.
* gpg: New option --with-tofu-info to print a new "tfs" record in
colon formatted key listings.
* gpg: New option --compliance as an alternative way to specify
options like --rfc2440, --rfc4880, et al.
* gpg: Many changes to the TOFU implementation.
* gpg: Improve usability of --quick-gen-key.
* gpg: In --verbose mode print a diagnostic when a pinentry is
launched.
* gpg: Remove code which warns for old versions of gnome-keyring.
* gpg: New option --override-session-key-fd.
* gpg: Option --output does now work with --verify.
* gpgv: New option --output to allow saving the verified data.
* gpgv: New option --enable-special-filenames.
* agent, dirmngr: New --supervised mode for use by systemd and alike.
* agent: By default listen on all available sockets using standard
names.
* agent: Invoke scdaemon with --homedir.
* dirmngr: On Linux now detects the removal of its own socket and
terminates.
* scd: Support ECC key generation.
* scd: Support more card readers.
* dirmngr: New option --allow-version-check to download a software
version database in the background.
* dirmngr: Use system provided CAs if no --hkp-cacert is given.
* dirmngr: Use a default keyserver if none is explicitly set
* gpgconf: New command --query-swdb to check software versions
against an copy of an online database.
* gpgconf: Print the socket directory with --list-dirs.
* tools: The WKS tools now support draft version -02.
* tools: Always build gpg-wks-client and install under libexec.
* tools: New option --supported for gpg-wks-client.
* The log-file option now accepts a value "socket://" to log to the
socket named "S.log" in the standard socket directory.
* Provide fake pinentries for use by tests cases of downstream
developers.
* Fixed many bugs and regressions.
* Many changes and improvements for the test suite.
- drop upstreamed patches:
* 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
* gnupg-2.1.15-bsc993324-status-output.patch
-------------------------------------------------------------------
Tue Sep 13 13:50:52 UTC 2016 - astieger@suse.com

View File

@ -17,7 +17,7 @@
Name: gpg2
Version: 2.1.15
Version: 2.1.16
Release: 0
Summary: GnuPG 2
License: GPL-3.0+
@ -34,8 +34,6 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch
Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch12: 0001-common-Follow-up-to-14479e2-fix-void-return-in-non-v.patch
Patch13: gnupg-2.1.15-bsc993324-status-output.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: libadns-devel
@ -86,8 +84,6 @@ gpg-agent, and a keybox library.
%patch8 -p1
%patch9 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%build
date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})