Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2021-10-22 14:39:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Fri Oct 22 14:39:51 2021 rev:156 rq: version:2.2.27 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2021-10-20 20:23:59.941367510 +0200 +++ /work/SRC/openSUSE:Factory/.gpg2.new.1890/gpg2.changes 2021-10-22 14:39:52.546630345 +0200 @@ -2,148 +1,0 @@ -Tue Oct 12 19:20:50 UTC 2021 - Andreas Stieger <andreas.stie...@gmx.de> - -- GnuPG 2.3.3: - * agent: Fix segv in GET_PASSPHRASE (regression) - * dirmngr: Fix Let's Encrypt certificate chain validation - * gpg: Change default and maximum AEAD chunk size to 4 MiB - * gpg: Print a warning when importing a bad cv25519 secret key - * gpg: Fix --list-packets for undecryptable AEAD packets - * gpg: Verify backsigs for v5 keys correctly - * keyboxd: Fix checksum computation for no UBID entry on disk - * keyboxd: Fix "invalid object" error with cv448 keys - * dirmngr: New option --ignore-cert - * agent: Fix calibrate_get_time use of clock_gettime - * Support a gpgconf.ctl file under Unix and use this for the - regression tests - -------------------------------------------------------------------- -Wed Aug 25 10:01:38 UTC 2021 - Pedro Monreal <pmonr...@suse.com> - -- GnuPG 2.3.2: - * gpg: Allow fingerprint based lookup with --locate-external-key. - * gpg: Allow decryption w/o public key but with correct card inserted. - * gpg: Auto import keys specified with --trusted-keys. - * gpg: Do not use import-clean for LDAP keyserver imports. - * gpg: Fix mailbox based search via AKL keyserver method. - * gpg: Fix memory corruption with --clearsign introduced with 2.3.1. - * gpg: Use a more descriptive prompt for symmetric decryption. - * gpg: Improve speed of secret key listing. - * gpg: Support keygrip search with traditional keyring. - * gpg: Let --fetch-key return an exit code on failure. - * gpg: Emit the NO_SECKEY status again for decryption. - * gpgsm: Support decryption of password based encryption (pwri). - * gpgsm: Support AES-GCM decryption. - * gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint. - * gpgsm: Fix finding of issuer in use-keyboxd mode. - * gpgsm: New option --ldapserver as an alias for --keyserver. - * agent: Use SHA-256 for SSH fingerprint by default. - * agent: Fix calling handle_pincache_put. - * agent: Fix importing protected secret key. - * agent: Fix a regression in agent_get_shadow_info_type. - * agent: Add translatable text for Caps Lock hint. - * agent: New option --pinentry-formatted-passphrase. - * agent: Add checkpin inquiry for pinentry. - * agent: New option --check-sym-passphrase-pattern. - * agent: Use the sysconfdir for a pattern file. - * agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry. - * dirmngr: LDAP search by a mailbox now ignores revoked keys. - * dirmngr: For KS_SEARCH return the fingerprint also with LDAP. - * dirmngr: Allow for non-URL specified ldap keyservers. - * dirmngr: New option --ldapserver. - * dirmngr: Fix regression in KS_GET for mail address pattern. - * card: New option --shadow for the list command. - * tests: Make sure the built keyboxd is used. - * scd: Fix computing shared secrets for 512 bit curves. - * scd: Fix unblock PIN by a Reset Code with KDF. - * scd: Fix PC/SC removed card problem. - * scd: Recover the partial match for PORTSTR for PC/SC. - * scd: Make sure to release the PC/SC context. - * scd: Fix zero-byte handling in ECC. - * scd: Fix serial number detection for Yubikey 5. - * scd: Add basic support for AET JCOP cards. - * scd: Detect external interference when --pcsc-shared is in use. - * scd: Fix access to the list of cards. - * gpgconf: Do not list a disabled tpm2d. - * gpgconf: Make runtime changes with different homedir work. - * keyboxd: Fix searching for exact mail adddress. - * keyboxd: Fix searching with multiple patterns. - * tools: Extend gpg-check-pattern. - * wkd: Fix client issue with leading or trailing spaces in user-ids. - * Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry. - * Change the default keyserver to keyserver.ubuntu.com. This is a - temporary change due to the shutdown of the SKS keyserver pools. - -------------------------------------------------------------------- -Fri Jun 11 12:19:16 UTC 2021 - Pedro Monreal <pmonr...@suse.com> - -- GnuPG 2.3.1: - * The new configuration file common.conf is now used to enable - the use of the key database daemon with "use-keyboxd". Using - this option in gpg.conf and gpgsm.conf is supported for a - transitional period. See doc/example/common.conf for more. - * gpg: Force version 5 key creation for ed448 and cv448 algorithms. - * gpg: By default do not use the self-sigs-only option when - importing from an LDAP keyserver. - * gpg: Lookup a missing public key of the active card via LDAP. - * gpgsm: New command --show-certs. - * scd: Fix CCID driver for SCM SPR332/SPR532. - * scd: Further improvements for PKCS#15 cards. - * New configure option --with-tss to allow the selection of the - TSS library. -- Rebase patches: - * gnupg-add_legacy_FIPS_mode_option.patch - * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch - * gnupg-dont-fail-with-seahorse-agent.patch - * gnupg-set_umask_before_open_outfile.patch - -------------------------------------------------------------------- -Fri Jun 11 12:15:37 UTC 2021 - Andreas Stieger <andreas.stie...@gmx.de> - -- GnuPG 2.3.0: - * A new experimental key database daemon is provided. To enable - it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored - in a SQLite database and make key lookup much faster. - * New tool gpg-card as a flexible frontend for all types of - supported smartcards. - * New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and - gpg-connect-agent. - * The gpg-wks-client tool is now installed under bin; a wrapper for - its old location at libexec is also installed. - * tpm2d: New daemon to physically bind keys to the local machine. - * gpg: Switch to ed25519/cv25519 as default public key algorithms. - * gpg: Verification results now depend on the --sender option and - the signer's UID subpacket. - * gpg: Do not use any 64-bit block size cipher algorithm for - encryption. Use AES as last resort cipher preference instead of - 3DES. This can be reverted using --allow-old-cipher-algos. - * gpg: Support AEAD encryption mode using OCB or EAX. - * gpg: Support v5 keys and signatures. - * gpg: Support curve X448 (ed448, cv448). - * gpg: Allow use of group names in key listings. - * gpg: New option --full-timestrings to print date and time. - * gpg: New option --force-sign-key. - * gpg: New option --no-auto-trust-new-key. - * gpg: The legacy key discovery method PKA is no longer supported. - The command --print-pka-records and the PKA related import and - export options have been removed. - * gpg: Support export of Ed448 Secure Shell keys. - * gpgsm: Add basic ECC support. - * gpgsm: Support creation of EdDSA certificates. [#4888] - * agent: Allow the use of "Label:" in a key file to customize the - pinentry prompt. - * agent: Support ssh-agent extensions for environment variables. - With a patched version of OpenSSH this avoids the need for the - "updatestartuptty" kludge. - * scd: Improve support for multiple card readers and tokens. - * scd: Support PIV cards. - * scd: Support for Rohde&Schwarz Cybersecurity cards. - * scd: Support Telesec Signature Cards v2.0 - * scd: Support multiple application on certain smartcard. - * scd: New option --application-priority. - * scd: New option --pcsc-shared; see man page for important notes. - * dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs. - * The symcryptrun tool, a wrapper for the now obsolete external - Chiasmus tool, has been removed. - * Full Unicode support for the command line. -- dropped legacy commands: gpg-zip - -------------------------------------------------------------------- Old: ---- gnupg-2.3.3.tar.bz2 gnupg-2.3.3.tar.bz2.sig New: ---- gnupg-2.2.27.tar.bz2 gnupg-2.2.27.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.i2aILq/_old 2021-10-22 14:39:53.290630675 +0200 +++ /var/tmp/diff_new_pack.i2aILq/_new 2021-10-22 14:39:53.294630677 +0200 @@ -17,36 +17,34 @@ Name: gpg2 -Version: 2.3.3 +Version: 2.2.27 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later Group: Productivity/Networking/Security URL: https://www.gnupg.org -Source: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 -Source2: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig +Source: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2 +Source2: ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig # https://www.gnupg.org/signature_key.html Source3: %{name}.keyring Source4: scdaemon.udev Source99: %{name}.changes -Patch1: gnupg-gpg-agent-ulimit.patch -Patch2: gnupg-2.0.9-langinfo.patch -Patch3: gnupg-dont-fail-with-seahorse-agent.patch -Patch4: gnupg-set_umask_before_open_outfile.patch -Patch5: gnupg-detect_FIPS_mode.patch -Patch6: gnupg-add_legacy_FIPS_mode_option.patch -Patch7: gnupg-2.2.16-secmem.patch -Patch8: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch -Patch9: gnupg-add-test-cases-for-import-without-uid.patch -Patch10: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +Patch4: gnupg-2.0.9-langinfo.patch +Patch6: gnupg-dont-fail-with-seahorse-agent.patch +Patch8: gnupg-set_umask_before_open_outfile.patch +Patch9: gnupg-detect_FIPS_mode.patch +Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-2.2.16-secmem.patch +Patch13: gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch +Patch14: gnupg-add-test-cases-for-import-without-uid.patch +Patch15: gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch +Patch1124847: gnupg-gpg-agent-ulimit.patch BuildRequires: expect BuildRequires: fdupes -BuildRequires: ibmswtpm2 -BuildRequires: ibmtss-devel BuildRequires: libassuan-devel >= 2.5.0 -BuildRequires: libgcrypt-devel >= 1.9.1 -BuildRequires: libgpg-error-devel >= 1.41 -BuildRequires: libksba-devel >= 1.3.4 +BuildRequires: libgcrypt-devel >= 1.8.0 +BuildRequires: libgpg-error-devel >= 1.27 +BuildRequires: libksba-devel >= 1.3.5 BuildRequires: makeinfo BuildRequires: npth-devel >= 1.2 BuildRequires: openldap2-devel @@ -55,12 +53,12 @@ BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libusb-1.0) -BuildRequires: pkgconfig(sqlite3) >= 3.27 +BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 -Requires: libgcrypt20 >= 1.9.1 -Requires: libksba >= 1.3.4 +Requires: libgcrypt20 >= 1.8.0 +Requires: libksba >= 1.3.5 Requires: pinentry Recommends: dirmngr = %{version} Provides: gnupg = %{version} @@ -90,11 +88,18 @@ %lang_package %prep -%autosetup -p1 -n gnupg-%{version} - -# In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch -# to not have man pages and info files have the build date (boo#1047218) -touch -d 2018-05-04 doc/gpg.texi +%setup -q -n gnupg-%{version} +%patch1124847 -p1 +%patch4 -p1 +%patch6 -p1 +%patch8 -p1 +%patch9 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +touch -d 2018-05-04 doc/gpg.texi # to compensate for patch11 in order to not have man pages and info files have the build date (boo#1047218) %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) @@ -107,6 +112,7 @@ --with-scdaemon-pgm=%{_bindir}/scdaemon \ --enable-ldap \ --enable-gpgsm=yes \ + --enable-gpg \ --enable-gpgtar \ --enable-g13 \ --enable-large-secmem \ @@ -114,7 +120,8 @@ --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ - --enable-gpg-is-gpg2 + --enable-gpg-is-gpg2 \ + --enable-Werror %make_build @@ -138,6 +145,9 @@ mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules +# install legacy tools +install -m 755 tools/gpg-zip %{buildroot}/%{_bindir} +# install -m 755 tools/gpgsplit %%{buildroot}/%%{_bindir} %find_lang gnupg2 %fdupes -s %{buildroot} ++++++ gnupg-2.3.3.tar.bz2 -> gnupg-2.2.27.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/gpg2/gnupg-2.3.3.tar.bz2 /work/SRC/openSUSE:Factory/.gpg2.new.1890/gnupg-2.2.27.tar.bz2 differ: char 11, line 1 ++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++ --- /var/tmp/diff_new_pack.i2aILq/_old 2021-10-22 14:39:53.374630712 +0200 +++ /var/tmp/diff_new_pack.i2aILq/_new 2021-10-22 14:39:53.374630712 +0200 @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.3.0/doc/gpg.texi +Index: gnupg-2.2.20/doc/gpg.texi =================================================================== ---- gnupg-2.3.0.orig/doc/gpg.texi -+++ gnupg-2.3.0/doc/gpg.texi -@@ -2178,6 +2178,24 @@ implies, this option is for experts only +--- gnupg-2.2.20.orig/doc/gpg.texi ++++ gnupg-2.2.20/doc/gpg.texi +@@ -2133,6 +2133,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,37 +32,36 @@ @end table -Index: gnupg-2.3.0/g10/gpg.c +Index: gnupg-2.2.20/g10/gpg.c =================================================================== ---- gnupg-2.3.0.orig/g10/gpg.c -+++ gnupg-2.3.0/g10/gpg.c -@@ -437,6 +437,7 @@ enum cmd_and_opt_values +--- gnupg-2.2.20.orig/g10/gpg.c ++++ gnupg-2.2.20/g10/gpg.c +@@ -429,6 +429,7 @@ enum cmd_and_opt_values + oUseOnlyOpenPGPCard, + oIncludeKeyBlock, oNoIncludeKeyBlock, - oChUid, - oForceSignKey, + oSetLegacyFips, oNoop }; -@@ -870,6 +871,7 @@ static gpgrt_opt_t opts[] = { - ARGPARSE_s_s (oAEADAlgo, "aead-algo", "@"), - ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), - ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), +@@ -874,6 +875,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), + ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), + ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), + ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), - ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3688,6 +3690,14 @@ main (int argc, char **argv) - opt.flags.full_timestrings = 1; +@@ -3614,6 +3616,13 @@ main (int argc, char **argv) + opt.flags.use_only_openpgp_card = 1; break; -+ case oSetLegacyFips: -+ if(gcry_fips_mode_active()) -+ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, -+ "Enable legacy support in FIPS 140-2 mode"); -+ else -+ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); -+ break; ++ case oSetLegacyFips: ++ if(gcry_fips_mode_active()) ++ gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode"); ++ else ++ log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); ++ break; + case oNoop: break; ++++++ gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch ++++++ --- /var/tmp/diff_new_pack.i2aILq/_old 2021-10-22 14:39:53.386630717 +0200 +++ /var/tmp/diff_new_pack.i2aILq/_new 2021-10-22 14:39:53.386630717 +0200 @@ -17,11 +17,11 @@ g10/import.c | 49 +++++++++++-------------------------------------- 1 file changed, 11 insertions(+), 38 deletions(-) -Index: gnupg-2.3.0/g10/import.c +Index: gnupg-2.2.19/g10/import.c =================================================================== ---- gnupg-2.3.0.orig/g10/import.c -+++ gnupg-2.3.0/g10/import.c -@@ -1876,7 +1876,6 @@ import_one_real (ctrl_t ctrl, +--- gnupg-2.2.19.orig/g10/import.c ++++ gnupg-2.2.19/g10/import.c +@@ -1792,7 +1792,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -29,12 +29,12 @@ KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1913,14 +1912,6 @@ import_one_real (ctrl_t ctrl, +@@ -1829,14 +1828,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } - -- if (!uidnode) +- if (!uidnode ) - { - if (!silent) - log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); @@ -44,18 +44,16 @@ if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1999,19 +1990,10 @@ import_one_real (ctrl_t ctrl, - xfree(user); +@@ -1911,17 +1902,10 @@ import_one_real (ctrl_t ctrl, } } -- -- /* Delete invalid parts and bail out if there are no user ids left. */ -- if (!delete_inv_parts (ctrl, keyblock, keyid, options)) + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) - { - if (!silent) - { -- log_error ( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); -- if (!opt.quiet) +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) - log_info(_("this may be caused by a missing self-signature\n")); - } - stats->no_user_id++; @@ -68,7 +66,7 @@ /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -2021,24 +2003,11 @@ import_one_real (ctrl_t ctrl, +@@ -1931,24 +1915,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -93,7 +91,7 @@ } /* The keyblock is valid and ready for real import. */ -@@ -2096,6 +2065,13 @@ import_one_real (ctrl_t ctrl, +@@ -2006,6 +1977,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } ++++++ gnupg-dont-fail-with-seahorse-agent.patch ++++++ --- /var/tmp/diff_new_pack.i2aILq/_old 2021-10-22 14:39:53.402630724 +0200 +++ /var/tmp/diff_new_pack.i2aILq/_new 2021-10-22 14:39:53.402630724 +0200 @@ -2,16 +2,16 @@ g10/passphrase.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -Index: gnupg-2.3.0/g10/passphrase.c +Index: gnupg-2.1.0/g10/passphrase.c =================================================================== ---- gnupg-2.3.0.orig/g10/passphrase.c -+++ gnupg-2.3.0/g10/passphrase.c -@@ -222,7 +222,7 @@ passphrase_get (int newsymkey, int nocac - } - else - { -- log_error (_("problem with the agent: %s\n"), gpg_strerror (rc)); -+ log_info (_("problem with the agent: %s\n"), gpg_strerror (rc)); - /* Due to limitations in the API of the upper layers they - consider an error as no passphrase entered. This works in - most cases but not during key creation where this should +--- gnupg-2.1.0.orig/g10/passphrase.c 2014-11-07 16:52:11.080483153 +0100 ++++ gnupg-2.1.0/g10/passphrase.c 2014-11-07 16:52:11.996494299 +0100 +@@ -71,7 +71,7 @@ encode_s2k_iterations (int iterations) + { + /* Don't print an error if an older agent is used. */ + if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER) +- log_error (_("problem with the agent: %s\n"), gpg_strerror (err)); ++ log_info (_("problem with the agent: %s\n"), gpg_strerror (err)); + /* Default to 65536 which we used up to 2.0.13. */ + return 96; + } ++++++ gnupg-set_umask_before_open_outfile.patch ++++++ --- /var/tmp/diff_new_pack.i2aILq/_old 2021-10-22 14:39:53.418630731 +0200 +++ /var/tmp/diff_new_pack.i2aILq/_new 2021-10-22 14:39:53.418630731 +0200 @@ -1,7 +1,7 @@ -Index: gnupg-2.3.0/g10/plaintext.c +Index: gnupg-2.1.20/g10/plaintext.c =================================================================== ---- gnupg-2.3.0.orig/g10/plaintext.c -+++ gnupg-2.3.0/g10/plaintext.c +--- gnupg-2.1.20.orig/g10/plaintext.c 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.20/g10/plaintext.c 2017-04-04 09:53:31.541145727 +0200 @@ -24,6 +24,7 @@ #include <string.h> #include <errno.h> @@ -39,5 +39,5 @@ + } + umask(saved_umask); } - - leave: + #else /* __riscos__ */ + /* If no output filename was given, i.e. we constructed it, convert
