Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2023-10-11 23:54:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new.1807 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Wed Oct 11 23:54:10 2023 rev:169 rq:1116712 version:2.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2023-09-28 00:34:28.636125296 +0200 +++ /work/SRC/openSUSE:Factory/.gpg2.new.1807/gpg2.changes 2023-10-12 11:42:08.977118290 +0200 @@ -1,0 +2,15 @@ +Tue Oct 10 06:46:08 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Install the internal executables in the /usr/libexec dir instead + of /usr/lib64. These files are keyboxd, scdaemon, gpg-auth + gpg-check-pattern, gpg-pair-tool, gpg-preset-passphrase, + gpg-protect-tool, gpg-wks-client, dirmngr_ldap and tpm2daemon. + +------------------------------------------------------------------- +Mon Oct 9 12:33:12 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Provide the systemd-user files since they have been removed + upstream since version 2.4.1. [bsc#1201564] + * Add gpg2-systemd-user.tar.xz + +------------------------------------------------------------------- @@ -8,0 +24,86 @@ +Thu Aug 3 16:24:19 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Revert back to use the IBM TPM Software stack. + +------------------------------------------------------------------- +Wed Jul 5 09:10:55 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Update to 2.4.3: + * gpg: Set default expiration date to 3 years. [T2701] + * gpg: Add --list-filter properties "key_expires" and + "key_expires_d". [T6529] + * gpg: Emit status line and proper diagnostics for write errors. [T6528] + * gpg: Make progress work for large files on Windows. [T6534] + * gpg: New option --no-compress as alias for -z0. + * gpgsm: Print PROGRESS status lines. Add new --input-size-hint. [T6534] + * gpgsm: Support SENDCERT_SKI for --call-dirmngr. [rG701a8b30f0] + * gpgsm: Major rewrite of the PKCS#12 parser. [T6536] + * gpgtar: New option --no-compress. + * dirmngr: Extend the AD_QUERY command. [rG207c99567c] + * dirmngr: Disable the HTTP redirect rewriting. [T6477] + * dirmngr: New option --compatibility-flags. [rGbf04b07327] + * dirmngr: New option --ignore-crl-extensions. [T6545] + * wkd: Use export-clean for gpg-wks-client's --mirror and --create + commands. [rG2c7f7a5a27] + * wkd: Make --add-revocs the default in gpg-wks-client. New option + --no-add-revocs. [rG10c937ee68] + * scd: Make signing work for Nexus cards. [rGb83d86b988] + * scd: Fix authentication with Administration Key for PIV. [rG25b59cf6ce] + +------------------------------------------------------------------- +Tue May 30 19:37:39 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Update to 2.4.2: + * gpg: Print a warning if no more encryption subkeys are left over + after changing the expiration date. [rGef2c3d50fa] + * gpg: Fix searching for the ADSK key when adding an ADSK. [T6504] + * gpgsm: Speed up key listings on Windows. [rG08ff55bd44] + * gpgsm: Reduce the number of "failed to open policy file" + diagnostics. [rG68613a6a9d] + * agent: Make updating of private key files more robust and track + display S/N. [T6135] + * keyboxd: Avoid longish delays on Windows when listing keys. + [rG6944aefa3c] + * gpgtar: Emit extra status lines to help GPGME. [T6497] + * w32: Avoid using the VirtualStore. [T6403] + * Rebase gnupg-add_legacy_FIPS_mode_option.patch + +------------------------------------------------------------------- +Fri Apr 28 11:58:06 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Update to 2.4.1: + * If the ~/.gnupg directory does not exist, the keyboxd is now + automagically enabled. [rGd9e7488b17] + * gpg: New option --add-desig-revoker. [rG3d094e2bcf] + * gpg: New option --assert-signer. [rGc9e95b8dee] + * gpg: New command --quick-add-adsk and other ADSK features. + [T6395, https://gnupg.org/blog/20230321-adsk.html] + * gpg: New list-option "show-unusable-sigs". Also show "[self-signature]" + instead of the user-id in key signature listings. [rG103acfe9ca] + * gpg: For symmetric encryption the default S2K hash is now SHA256. [T6367] + * gpg: Detect already compressed data also when using a pipe. Also + detect JPEG and PNG file formats. [T6332] + * gpg: New subcommand "openpgp" for --card-edit. [T6462] + * gpgsm: Verification of detached signatures does now strip trailing + zeroes from the input if --assume-binary is used. [rG2a13f7f9dc] + * gpgsm: Non-armored detached signature are now created without + using indefinite form length octets. This improves compatibility + with some PDF signature verification software. [rG8996b0b655] + * gpgtar: Emit progress status lines in create mode. [T6363] + * dirmngr: The LDAP modifyTimestamp is now returned by some + keyserver commands. [rG56d309133f] + * ssh: Allow specification of the order keys are presented to ssh. + See the man page entry for --enable-ssh-support. [T5996, T6212] + * gpg: Make list-options "show-sig-subpackets" work again. + Fixes regression in 2.4.0. [rG5a223303d7] + * gpg: Fix the keytocard command for Yubikeys. [T6378] + * gpg: Do not continue an export after a cancel for the primary key. [T6093] + * gpg: Replace the --override-compliance-check hack by a real fix. [T5655] + * gpgtar: Fix decryption with input taken from stdin. [T6355] + * Rebase patches: + - gnupg-revert-rfc4880bis.patch + - gnupg-add_legacy_FIPS_mode_option.patch + * Remove patch fixed upstream: + - gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch + +------------------------------------------------------------------- @@ -24,0 +126,7 @@ + +------------------------------------------------------------------- +Tue Feb 7 08:58:03 UTC 2023 - Pedro Monreal <pmonr...@suse.com> + +- Fix the regression test suite fails with the IBM TPM Software + stack. Builds fine using the Intel TPM; use the swtpm and + tpm2-0-tss-devel packages instead of ibmswtpm2 and ibmtss-devel. Old: ---- gnupg-2.4.0.tar.bz2 gnupg-2.4.0.tar.bz2.sig gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch New: ---- gnupg-2.4.3.tar.bz2 gnupg-2.4.3.tar.bz2.sig gpg2-systemd-user.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.aDMJz4/_old 2023-10-12 11:42:09.785147166 +0200 +++ /var/tmp/diff_new_pack.aDMJz4/_new 2023-10-12 11:42:09.785147166 +0200 @@ -17,7 +17,7 @@ Name: gpg2 -Version: 2.4.0 +Version: 2.4.3 Release: 0 Summary: File encryption, decryption, signature creation and verification utility License: GPL-3.0-or-later @@ -28,6 +28,7 @@ # https://www.gnupg.org/signature_key.html Source3: https://gnupg.org/signature_key.asc#/%{name}.keyring Source4: scdaemon.udev +Source5: gpg2-systemd-user.tar.xz Source99: %{name}.changes Patch1: gnupg-gpg-agent-ulimit.patch Patch2: gnupg-2.0.9-langinfo.patch @@ -43,8 +44,6 @@ Patch11: gnupg-allow-large-rsa.patch #PATCH-FIX-SUSE Revert the rfc4880bis features default of key generation Patch12: gnupg-revert-rfc4880bis.patch -#PATCH-FIX-UPSTREAM Fix tests/gpgme for in-source-tree builds -Patch13: gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: ibmswtpm2 @@ -66,6 +65,7 @@ # runtime dependency to support devel repository users - boo#955982 Requires: libassuan0 >= 2.5.0 Requires: libgcrypt20 >= 1.9.1 +Requires: libgpg-error >= 1.46 Requires: libksba >= 1.3.4 Requires: pinentry Recommends: dirmngr = %{version} @@ -105,7 +105,7 @@ %lang_package %prep -%autosetup -p1 -n gnupg-%{version} +%autosetup -p1 -a5 -n gnupg-%{version} # In order to compensate for gnupg-add_legacy_FIPS_mode_option.patch # to not have man pages and info files have the build date (boo#1047218) @@ -114,19 +114,10 @@ %build date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %configure \ - --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \ - --with-agent-pgm=%{_bindir}/gpg-agent \ - --with-pinentry-pgm=%{_bindir}/pinentry \ - --with-dirmngr-pgm=%{_bindir}/dirmngr \ - --with-scdaemon-pgm=%{_bindir}/scdaemon \ - --with-tpm2daemon-pgm=%{_bindir}/tpm2daemon \ - --enable-ldap \ - --enable-gpgsm=yes \ - --enable-gpgtar \ + --disable-rpath \ --enable-g13 \ --enable-large-secmem \ - --enable-wks-tools \ --with-gnu-ld \ --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \ --enable-build-timestamp=$date \ @@ -137,6 +128,7 @@ %install %make_install mkdir -p %{buildroot}%{_sysconfdir}/gnupg/ + # install gpgconf.conf bnc#391347 install -m 644 doc/examples/gpgconf.conf %{buildroot}%{_sysconfdir}/gnupg # delete to prevent fdupes from creating cross-partition hardlink @@ -151,31 +143,20 @@ ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1 ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1 -# fix rpmlint invalid-lc-messages-dir: -rm -rf %{buildroot}/%{_datadir}/locale/en@{bold,}quot - -# install scdaemon to %%{_bindir} (bnc#863645) -mv %{buildroot}%{_libdir}/scdaemon %{buildroot}%{_bindir} -mv %{buildroot}%{_libdir}/dirmngr_ldap %{buildroot}%{_bindir} - -# install tpm2daemon -mv %{buildroot}%{_libdir}/tpm2daemon %{buildroot}%{_bindir} - # install udev rules for scdaemon install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules -# Move the systemd user units to appropriate directory +# Move the systemd user units to the appropriate directory install -d -m 755 %{buildroot}%{_userunitdir} -mv %{buildroot}%{_docdir}/%{name}/examples/systemd-user/*.s* %{buildroot}%{_userunitdir} +cp systemd-user/gpg-agent*.s* %{buildroot}%{_userunitdir} +cp systemd-user/dirmngr.s* %{buildroot}%{_userunitdir} +cp systemd-user/README.systemd %{buildroot}%{_docdir}/gpg2/ %find_lang gnupg2 %fdupes -s %{buildroot} %check -# Run only localy, fails in OBS -%if ! 0%{?qemu_user_space_build} -%make_build -j1 check || : -%endif +%make_build check || : %post %udev_rules_update @@ -184,13 +165,12 @@ %files %license COPYING* -%doc AUTHORS ChangeLog NEWS THANKS TODO doc/FAQ README +%doc AUTHORS NEWS THANKS TODO ChangeLog %{_infodir}/gnupg* %{_mandir}/*/[agsw]*%{ext_man} %doc %{_docdir}/%{name} -%{_bindir}/[gksw]* -%{_libdir}/g* -%{_libdir}/k* +%{_bindir}/[gkw]* +%{_libexecdir}/[gks]* %{_sbindir}/addgnupghome %{_sbindir}/applygnupgdefaults %{_sbindir}/g13-syshelp @@ -204,9 +184,10 @@ %license COPYING* %{_mandir}/*/dirmngr*%{ext_man} %{_bindir}/dirmngr* +%{_libexecdir}/dirmngr_ldap %{_userunitdir}/dirmngr.* %files tpm %license COPYING* -%{_bindir}/tpm2daemon* +%{_libexecdir}/tpm2daemon* ++++++ gnupg-2.4.0.tar.bz2 -> gnupg-2.4.3.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/gpg2/gnupg-2.4.0.tar.bz2 /work/SRC/openSUSE:Factory/.gpg2.new.1807/gnupg-2.4.3.tar.bz2 differ: char 11, line 1 ++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++ --- /var/tmp/diff_new_pack.aDMJz4/_old 2023-10-12 11:42:09.837149024 +0200 +++ /var/tmp/diff_new_pack.aDMJz4/_new 2023-10-12 11:42:09.841149167 +0200 @@ -3,11 +3,11 @@ g10/gpg.c | 9 +++++++++ 2 files changed, 27 insertions(+) -Index: gnupg-2.4.0/doc/gpg.texi +Index: gnupg-2.4.2/doc/gpg.texi =================================================================== ---- gnupg-2.4.0.orig/doc/gpg.texi -+++ gnupg-2.4.0/doc/gpg.texi -@@ -2218,6 +2218,24 @@ implies, this option is for experts only +--- gnupg-2.4.2.orig/doc/gpg.texi ++++ gnupg-2.4.2/doc/gpg.texi +@@ -2285,6 +2285,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. @@ -32,28 +32,28 @@ @end table -Index: gnupg-2.4.0/g10/gpg.c +Index: gnupg-2.4.2/g10/gpg.c =================================================================== ---- gnupg-2.4.0.orig/g10/gpg.c -+++ gnupg-2.4.0/g10/gpg.c -@@ -443,6 +443,7 @@ enum cmd_and_opt_values +--- gnupg-2.4.2.orig/g10/gpg.c ++++ gnupg-2.4.2/g10/gpg.c +@@ -446,6 +446,7 @@ enum cmd_and_opt_values oForceSignKey, oForbidGenKey, oRequireCompliance, + oSetLegacyFips, oCompatibilityFlags, - - oNoop -@@ -879,6 +880,7 @@ static gpgrt_opt_t opts[] = { + oAddDesigRevoker, + oAssertSigner, +@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), - ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), ARGPARSE_header (NULL, N_("Options for unattended use")), -@@ -3711,6 +3714,14 @@ main (int argc, char **argv) - opt.flags.require_compliance = 1; +@@ -3756,6 +3758,14 @@ main (int argc, char **argv) + keybox_set_buffersize (pargs.r.ret_ulong, 0); break; + case oSetLegacyFips: ++++++ gnupg-revert-rfc4880bis.patch ++++++ --- /var/tmp/diff_new_pack.aDMJz4/_old 2023-10-12 11:42:09.865150025 +0200 +++ /var/tmp/diff_new_pack.aDMJz4/_new 2023-10-12 11:42:09.869150168 +0200 @@ -13,11 +13,11 @@ (read_parameter_file): Activate the v4 and v5 keywords. -- -Index: gnupg-2.4.0/g10/gpg.c +Index: gnupg-2.4.1/g10/gpg.c =================================================================== ---- gnupg-2.4.0.orig/g10/gpg.c -+++ gnupg-2.4.0/g10/gpg.c -@@ -246,6 +246,7 @@ enum cmd_and_opt_values +--- gnupg-2.4.1.orig/g10/gpg.c ++++ gnupg-2.4.1/g10/gpg.c +@@ -247,6 +247,7 @@ enum cmd_and_opt_values oGnuPG, oRFC2440, oRFC4880, @@ -25,7 +25,7 @@ oOpenPGP, oPGP7, oPGP8, -@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = { +@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), @@ -33,15 +33,15 @@ ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), ARGPARSE_s_n (oPGP7, "pgp6", "@"), ARGPARSE_s_n (oPGP7, "pgp7", "@"), -@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = { +@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), ARGPARSE_s_s (oNoop, "aead-algo", "@"), ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), - ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), - ARGPARSE_group (302, N_( -@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co +@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co { { "gnupg", oGnuPG }, { "openpgp", oOpenPGP }, @@ -50,7 +50,7 @@ { "rfc4880", oRFC4880 }, { "rfc2440", oRFC2440 }, { "pgp6", oPGP7 }, -@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co +@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co static void set_compliance_option (enum cmd_and_opt_values option) { @@ -79,7 +79,7 @@ case oOpenPGP: case oRFC4880: /* This is effectively the same as RFC2440, but with -@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_ +@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_ case oPGP8: opt.compliance = CO_PGP8; break; case oGnuPG: opt.compliance = CO_GNUPG; @@ -87,7 +87,7 @@ break; case oDE_VS: -@@ -2470,6 +2492,7 @@ main (int argc, char **argv) +@@ -2490,6 +2512,7 @@ main (int argc, char **argv) opt.emit_version = 0; opt.weak_digests = NULL; opt.compliance = CO_GNUPG; @@ -95,7 +95,7 @@ /* Check special options given on the command line. */ orig_argc = argc; -@@ -3008,6 +3031,7 @@ main (int argc, char **argv) +@@ -3032,6 +3055,7 @@ main (int argc, char **argv) case oOpenPGP: case oRFC2440: case oRFC4880: @@ -103,7 +103,7 @@ case oPGP7: case oPGP8: case oGnuPG: -@@ -3832,6 +3856,11 @@ main (int argc, char **argv) +@@ -3868,6 +3892,11 @@ main (int argc, char **argv) if( may_coredump && !opt.quiet ) log_info(_("WARNING: program may create a core file!\n")); @@ -115,7 +115,7 @@ if (eyes_only) { if (opt.set_filename) log_info(_("WARNING: %s overrides %s\n"), -@@ -4057,7 +4086,7 @@ main (int argc, char **argv) +@@ -4084,7 +4113,7 @@ main (int argc, char **argv) /* Check our chosen algorithms against the list of legal algorithms. */ @@ -124,11 +124,11 @@ { const char *badalg=NULL; preftype_t badtype=PREFTYPE_NONE; -Index: gnupg-2.4.0/g10/keygen.c +Index: gnupg-2.4.1/g10/keygen.c =================================================================== ---- gnupg-2.4.0.orig/g10/keygen.c -+++ gnupg-2.4.0/g10/keygen.c -@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string +--- gnupg-2.4.1.orig/g10/keygen.c ++++ gnupg-2.4.1/g10/keygen.c +@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string strcat(dummy_string,"S7 "); strcat(dummy_string,"S2 "); /* 3DES */ @@ -137,7 +137,7 @@ strcat(dummy_string,"A2 "); if (personal) -@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig +@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig /* Make sure that the MDC feature flag is set if needed. */ add_feature_mdc (sig,mdc_available); add_feature_aead (sig, aead_available); @@ -146,7 +146,7 @@ add_keyserver_modify (sig,ks_modify); keygen_add_keyserver_url(sig,NULL); -@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl, +@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, } } else if (!ascii_strcasecmp (s, "v5")) @@ -158,7 +158,7 @@ else if (!ascii_strcasecmp (s, "v4")) keyversion = 4; else -@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl, +@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, * ecdsa := Use algorithm ECDSA. * eddsa := Use algorithm EdDSA. * ecdh := Use algorithm ECDH. @@ -167,7 +167,7 @@ * * There are several defaults and fallbacks depending on the * algorithm. PART can be used to select which part of STRING is -@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const +@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const } } @@ -180,7 +180,7 @@ else { r = xmalloc_clear( sizeof *r + strlen( value ) ); -@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p +@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p para = r; }
