Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2025-02-20 16:27:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.1873 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Thu Feb 20 16:27:36 2025 rev:180 rq:1247136 version:2.5.4 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2025-01-16 18:31:00.930233104 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new.1873/gpg2.changes 2025-02-20 16:28:51.513117354 +0100 @@ -1,0 +2,22 @@ +Wed Feb 19 10:41:27 UTC 2025 - Pedro Monreal <[email protected]> + +- Update to 2.5.4: + * gpg: New option --disable-pqc-encryption. [rG00c31f8b04] + * gpg: Fix --quick-add-key for Weierstrass ECC with usage given. [T7506] + * gpg: Fix handling with no CRC armor. [T7071] + * gpg: New private Kyber keys are now cross-referenced using a new + Link attribute. [T6638] + * gpg: Fix an import problem with keys having another primary key as + a subkey. [T7527] + * gpgsm: Allow unattended PKCS#12 export without passphrase. [rG159e801043] + * gpgsm: Allow CSR generation with an unprotected key. [rG89055f24f4] + * agent: New option --change-std-env-name. [T7522] + * agent: Fix ssh-agent's request_identities for skipped Brainpool + keys. [rG2469dc5aae] + * Do not package zlib and bzip2 object files in a speedo release build. [T7442] + * Rebase patches: + - gnupg-add_legacy_FIPS_mode_option.patch + - gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch + - gnupg-revert-rfc4880bis.patch + +------------------------------------------------------------------- Old: ---- gnupg-2.5.3.tar.bz2 gnupg-2.5.3.tar.bz2.sig New: ---- gnupg-2.5.4.tar.bz2 gnupg-2.5.4.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.pRw02c/_old 2025-02-20 16:28:55.277274888 +0100 +++ /var/tmp/diff_new_pack.pRw02c/_new 2025-02-20 16:28:55.289275390 +0100 @@ -18,7 +18,7 @@ Name: gpg2 -Version: 2.5.3 +Version: 2.5.4 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -167,7 +167,6 @@ %license COPYING* %doc AUTHORS NEWS THANKS TODO ChangeLog %{_infodir}/gnupg* -%dir %{_mandir}/manh/ %{_mandir}/*/[aghsw]*%{ext_man} %doc %{_docdir}/%{name} %{_bindir}/[gkw]* ++++++ gnupg-2.5.3.tar.bz2 -> gnupg-2.5.4.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/gpg2/gnupg-2.5.3.tar.bz2 /work/SRC/openSUSE:Factory/.gpg2.new.1873/gnupg-2.5.4.tar.bz2 differ: char 11, line 1 ++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++ --- /var/tmp/diff_new_pack.pRw02c/_old 2025-02-20 16:28:55.833298158 +0100 +++ /var/tmp/diff_new_pack.pRw02c/_new 2025-02-20 16:28:55.861299330 +0100 @@ -3,10 +3,10 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.5.1/doc/gpg.texi +Index: gnupg-2.5.4/doc/gpg.texi =================================================================== ---- gnupg-2.5.1.orig/doc/gpg.texi -+++ gnupg-2.5.1/doc/gpg.texi +--- gnupg-2.5.4.orig/doc/gpg.texi ++++ gnupg-2.5.4/doc/gpg.texi @@ -2340,6 +2340,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,10 +32,10 @@ @end table -Index: gnupg-2.5.1/g10/gpg.c +Index: gnupg-2.5.4/g10/gpg.c =================================================================== ---- gnupg-2.5.1.orig/g10/gpg.c -+++ gnupg-2.5.1/g10/gpg.c +--- gnupg-2.5.4.orig/g10/gpg.c ++++ gnupg-2.5.4/g10/gpg.c @@ -455,6 +455,7 @@ enum cmd_and_opt_values oForceSignKey, oForbidGenKey, @@ -44,15 +44,15 @@ oCompatibilityFlags, oAddDesigRevoker, oAssertSigner, -@@ -906,6 +907,7 @@ static gpgrt_opt_t opts[] = { +@@ -907,6 +908,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), ARGPARSE_s_n (oRequirePQCEncryption, "require-pqc-encryption", "@"), + ARGPARSE_s_n (oDisablePQCEncryption, "disable-pqc-encryption", "@"), - ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3855,6 +3857,14 @@ main (int argc, char **argv) +@@ -3865,6 +3867,14 @@ main (int argc, char **argv) keybox_set_buffersize (pargs.r.ret_ulong, 0); break; ++++++ gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch ++++++ --- /var/tmp/diff_new_pack.pRw02c/_old 2025-02-20 16:28:55.969303850 +0100 +++ /var/tmp/diff_new_pack.pRw02c/_new 2025-02-20 16:28:56.113309876 +0100 @@ -17,19 +17,19 @@ g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.4.0/g10/import.c +Index: gnupg-2.5.4/g10/import.c =================================================================== ---- gnupg-2.4.0.orig/g10/import.c -+++ gnupg-2.4.0/g10/import.c -@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl, - size_t an; +--- gnupg-2.5.4.orig/g10/import.c ++++ gnupg-2.5.4/g10/import.c +@@ -1996,7 +1996,6 @@ import_one_real (ctrl_t ctrl, + int non_self_or_utk = 0; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; - int any_filter = 0; KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl, +@@ -2033,14 +2032,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -44,7 +44,7 @@ if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl, +@@ -2134,18 +2125,10 @@ import_one_real (ctrl_t ctrl, } } @@ -67,7 +67,7 @@ /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl, +@@ -2155,24 +2138,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -92,7 +92,7 @@ } /* The keyblock is valid and ready for real import. */ -@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl, +@@ -2234,6 +2204,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } ++++++ gnupg-revert-rfc4880bis.patch ++++++ --- /var/tmp/diff_new_pack.pRw02c/_old 2025-02-20 16:28:56.337319252 +0100 +++ /var/tmp/diff_new_pack.pRw02c/_new 2025-02-20 16:28:56.373320758 +0100 @@ -13,10 +13,10 @@ (read_parameter_file): Activate the v4 and v5 keywords. -- -Index: gnupg-2.5.1/g10/gpg.c +Index: gnupg-2.5.4/g10/gpg.c =================================================================== ---- gnupg-2.5.1.orig/g10/gpg.c -+++ gnupg-2.5.1/g10/gpg.c +--- gnupg-2.5.4.orig/g10/gpg.c ++++ gnupg-2.5.4/g10/gpg.c @@ -254,6 +254,7 @@ enum cmd_and_opt_values oGnuPG, oRFC2440, @@ -25,7 +25,7 @@ oOpenPGP, oPGP7, oPGP8, -@@ -653,6 +654,7 @@ static gpgrt_opt_t opts[] = { +@@ -654,6 +655,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), @@ -33,7 +33,7 @@ ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), ARGPARSE_s_n (oPGP7, "pgp6", "@"), ARGPARSE_s_n (oPGP7, "pgp7", "@"), -@@ -1006,7 +1008,6 @@ static gpgrt_opt_t opts[] = { +@@ -1008,7 +1010,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), ARGPARSE_s_s (oNoop, "aead-algo", "@"), ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), @@ -41,7 +41,7 @@ ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), -@@ -2261,7 +2262,7 @@ static struct gnupg_compliance_option co +@@ -2263,7 +2264,7 @@ static struct gnupg_compliance_option co { { "gnupg", oGnuPG }, { "openpgp", oOpenPGP }, @@ -50,7 +50,7 @@ { "rfc4880", oRFC4880 }, { "rfc2440", oRFC2440 }, { "pgp6", oPGP7 }, -@@ -2277,8 +2278,28 @@ static struct gnupg_compliance_option co +@@ -2279,8 +2280,29 @@ static struct gnupg_compliance_option co static void set_compliance_option (enum cmd_and_opt_values option) { @@ -76,26 +76,19 @@ + opt.s2k_digest_algo = DIGEST_ALGO_SHA256; + opt.s2k_cipher_algo = CIPHER_ALGO_AES256; + break; - case oOpenPGP: - case oRFC4880: - /* This is effectively the same as RFC2440, but with -@@ -2322,6 +2343,7 @@ set_compliance_option (enum cmd_and_opt_ - case oPGP8: opt.compliance = CO_PGP8; break; ++ case oGnuPG: + /* set up default options affected by policy compliance: */ opt.compliance = CO_GNUPG; +@@ -2299,6 +2321,7 @@ set_compliance_option (enum cmd_and_opt_ + opt.s2k_digest_algo = 0; + opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO; + opt.flags.allow_old_cipher_algos = 0; + opt.flags.rfc4880bis = 1; break; - case oDE_VS: -@@ -2526,6 +2548,7 @@ main (int argc, char **argv) - opt.weak_digests = NULL; - opt.with_subkey_fingerprint = 1; - opt.compliance = CO_GNUPG; -+ opt.flags.rfc4880bis = 1; - - /* Check special options given on the command line. */ - orig_argc = argc; -@@ -3085,6 +3108,7 @@ main (int argc, char **argv) + case oOpenPGP: +@@ -3090,6 +3113,7 @@ main (int argc, char **argv) case oOpenPGP: case oRFC2440: case oRFC4880: @@ -103,7 +96,7 @@ case oPGP7: case oPGP8: case oGnuPG: -@@ -3990,6 +4014,11 @@ main (int argc, char **argv) +@@ -4000,6 +4024,11 @@ main (int argc, char **argv) if( may_coredump && !opt.quiet ) log_info(_("WARNING: program may create a core file!\n")); @@ -115,7 +108,7 @@ if (eyes_only) { if (opt.set_filename) log_info(_("WARNING: %s overrides %s\n"), -@@ -4212,7 +4241,7 @@ main (int argc, char **argv) +@@ -4222,7 +4251,7 @@ main (int argc, char **argv) /* Check our chosen algorithms against the list of legal algorithms. */ @@ -124,20 +117,20 @@ { const char *badalg=NULL; preftype_t badtype=PREFTYPE_NONE; -Index: gnupg-2.5.1/g10/keygen.c +Index: gnupg-2.5.4/g10/keygen.c =================================================================== ---- gnupg-2.5.1.orig/g10/keygen.c -+++ gnupg-2.5.1/g10/keygen.c -@@ -453,7 +453,7 @@ keygen_set_std_prefs (const char *string +--- gnupg-2.5.4.orig/g10/keygen.c ++++ gnupg-2.5.4/g10/keygen.c +@@ -489,7 +489,7 @@ keygen_set_std_prefs (const char *string strcat(dummy_string,"S7 "); strcat(dummy_string,"S2 "); /* 3DES */ - if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) -+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) ++ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) strcat(dummy_string,"A2 "); if (personal) -@@ -938,7 +938,7 @@ keygen_upd_std_prefs (PKT_signature *sig +@@ -974,7 +974,7 @@ keygen_upd_std_prefs (PKT_signature *sig /* Make sure that the MDC feature flag is set if needed. */ add_feature_mdc (sig,mdc_available); add_feature_aead (sig, aead_available); @@ -146,7 +139,7 @@ add_keyserver_modify (sig,ks_modify); keygen_add_keyserver_url(sig,NULL); -@@ -3974,7 +3974,10 @@ parse_key_parameter_part (ctrl_t ctrl, +@@ -4118,7 +4118,10 @@ parse_key_parameter_part (ctrl_t ctrl, } } else if (!ascii_strcasecmp (s, "v5")) @@ -158,7 +151,7 @@ else if (!ascii_strcasecmp (s, "v4")) keyversion = 4; else -@@ -4235,7 +4238,7 @@ parse_key_parameter_part (ctrl_t ctrl, +@@ -4379,7 +4382,7 @@ parse_key_parameter_part (ctrl_t ctrl, * ecdsa := Use algorithm ECDSA. * eddsa := Use algorithm EdDSA. * ecdh := Use algorithm ECDH. @@ -167,7 +160,7 @@ * * There are several defaults and fallbacks depending on the * algorithm. PART can be used to select which part of STRING is -@@ -5206,9 +5209,9 @@ read_parameter_file (ctrl_t ctrl, const +@@ -5353,9 +5356,9 @@ read_parameter_file (ctrl_t ctrl, const } } @@ -180,7 +173,7 @@ else { r = xmalloc_clear( sizeof *r + strlen( value ) ); -@@ -5303,11 +5306,14 @@ quickgen_set_para (struct para_data_s *p +@@ -5450,11 +5453,14 @@ quickgen_set_para (struct para_data_s *p r->next = para; para = r;
