Hello community,
here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2015-12-09 20:33:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
and /work/SRC/openSUSE:Factory/.gpg2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2015-12-01 09:16:52.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2015-12-09 22:18:33.000000000 +0100
@@ -1,0 +2,38 @@
+Fri Dec 4 13:35:40 UTC 2015 - astieger@suse.com
+
+- GnuPG 2.1.10 adds TOFU (Trust-On-First-USe) and anonymous key
+ retrival via Tor.
+ * gpg: New trust models "tofu" and "tofu+pgp".
+ * gpg: New command --tofu-policy. New options --tofu-default-policy
+ and --tofu-db-format.
+ * gpg: New option --weak-digest to specify hash algorithms which
+ should be considered weak.
+ * gpg: Allow the use of multiple --default-key options; take the last
+ available key.
+ * gpg: New option --encrypt-to-default-key.
+ * gpg: New option --unwrap to only strip the encryption layer.
+ * gpg: New option --only-sign-text-ids to exclude photo IDs from key
+ signing.
+ * gpg: Check for ambigious or non-matching key specification in the
+ config file or given to --encrypt-to.
+ * gpg: Show the used card reader with --card-status.
+ * gpg: Print export statistics and an EXPORTED status line.
+ * gpg: Allow selecting subkeys by keyid in --edit-key.
+ * gpg: Allow updating the expiration time of multiple subkeys at
+ once.
+ * dirmngr: New option --use-tor. For full support this requires
+ libassuan version 2.4.2 and a patched version of libadns
+ (e.g. adns-1.4-g10-7 as used by the standard Windows installer).
+ * dirmngr: New option --nameserver to specify the nameserver used in
+ Tor mode.
+ * dirmngr: Keyservers may again be specified by IP address.
+ * dirmngr: Fixed problems in resolving keyserver pools.
+ * dirmngr: Fixed handling of premature termination of TLS streams so
+ that large numbers of keys can be refreshed via hkps.
+ * gpg: Fixed a regression in --locate-key [since 2.1.9].
+ * gpg: Fixed another bug for keyrings with legacy keys.
+ * gpgsm: Allow combinations of usage flags in --gen-key.
+ * Make tilde expansion work with most options.
+ * Many other cleanups and bug fixes.
+
+-------------------------------------------------------------------
@@ -5,0 +44,6 @@
+
+-------------------------------------------------------------------
+Fri Nov 20 16:03:03 UTC 2015 - astieger@suse.com
+
+- Improve upgrade to gpg2 from security:privacy w.r.t. libassuan
+ run-time dependencies (boo#955982)
Old:
----
gnupg-2.1.9.tar.bz2
gnupg-2.1.9.tar.bz2.sig
New:
----
gnupg-2.1.10.tar.bz2
gnupg-2.1.10.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gpg2.spec ++++++
--- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:34.000000000 +0100
+++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:34.000000000 +0100
@@ -17,7 +17,7 @@
Name: gpg2
-Version: 2.1.9
+Version: 2.1.10
Release: 0
Summary: GnuPG 2
License: GPL-3.0+
@@ -38,7 +38,7 @@
BuildRequires: fdupes
BuildRequires: gnutls-devel >= 3.0
BuildRequires: libadns-devel
-BuildRequires: libassuan-devel >= 2.1.0
+BuildRequires: libassuan-devel >= 2.4.1
BuildRequires: libbz2-devel
BuildRequires: libcurl-devel >= 7.10
# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG
@@ -52,7 +52,10 @@
BuildRequires: openldap2-devel
BuildRequires: pkg-config
BuildRequires: readline-devel
+BuildRequires: sqlite3-devel >= 3.7
BuildRequires: zlib-devel
+# Add an explicit runtime dependency to match boo#955982
+Requires: libassuan0 >= 2.4.1
Requires: pinentry
# FIXME: use proper Requires(pre/post/preun/...)
PreReq: %{install_info_prereq}
++++++ gnupg-2.0.18-files-are-digests.patch ++++++
--- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:34.000000000 +0100
+++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:34.000000000 +0100
@@ -4,11 +4,11 @@
g10/sign.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
3 files changed, 67 insertions(+), 6 deletions(-)
-Index: gnupg-2.1.3/g10/gpg.c
+Index: gnupg-2.1.10/g10/gpg.c
===================================================================
---- gnupg-2.1.3.orig/g10/gpg.c 2015-04-06 14:03:32.000000000 +0200
-+++ gnupg-2.1.3/g10/gpg.c 2015-04-11 20:45:24.000000000 +0200
-@@ -352,6 +352,7 @@ enum cmd_and_opt_values
+--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:25:25.749577555 +0100
++++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:26:04.777192262 +0100
+@@ -355,6 +355,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
@@ -16,23 +16,23 @@
oXauthority,
oGroup,
oUnGroup,
-@@ -738,6 +739,7 @@ static ARGPARSE_OPTS opts[] = {
- ARGPARSE_s_s (oPersonalCompressPreferences,
- "personal-compress-preferences", "@"),
- ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
+@@ -757,6 +758,7 @@ static ARGPARSE_OPTS opts[] = {
+ ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
+ ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
+ ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
+ ARGPARSE_s_n (oFilesAreDigests, "files-are-digests", "@"),
/* Aliases. I constantly mistype these, and assume other people do
as well. */
-@@ -2148,6 +2150,7 @@ main (int argc, char **argv)
+@@ -2483,6 +2485,7 @@ main (int argc, char **argv)
opt.def_cert_expire = "0";
set_homedir (default_homedir ());
opt.passphrase_repeat = 1;
+ opt.files_are_digests=0;
opt.emit_version = 1; /* Limit to the major number. */
-
- /* Check whether we have a config file on the command line. */
-@@ -2661,6 +2664,7 @@ main (int argc, char **argv)
+ opt.weak_digests = NULL;
+ additional_weak_digest("MD5");
+@@ -3022,6 +3025,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
@@ -40,11 +40,11 @@
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
-Index: gnupg-2.1.3/g10/options.h
+Index: gnupg-2.1.10/g10/options.h
===================================================================
---- gnupg-2.1.3.orig/g10/options.h 2015-04-06 13:41:53.000000000 +0200
-+++ gnupg-2.1.3/g10/options.h 2015-04-11 20:45:24.000000000 +0200
-@@ -194,6 +194,7 @@ struct
+--- gnupg-2.1.10.orig/g10/options.h 2015-12-04 14:25:25.749577555 +0100
++++ gnupg-2.1.10/g10/options.h 2015-12-04 14:25:28.472550675 +0100
+@@ -205,6 +205,7 @@ struct
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
@@ -52,10 +52,10 @@
struct groupitem *grouplist;
int mangle_dos_filenames;
int enable_progress_filter;
-Index: gnupg-2.1.3/g10/sign.c
+Index: gnupg-2.1.10/g10/sign.c
===================================================================
---- gnupg-2.1.3.orig/g10/sign.c 2015-04-05 19:43:32.000000000 +0200
-+++ gnupg-2.1.3/g10/sign.c 2015-04-11 20:45:24.000000000 +0200
+--- gnupg-2.1.10.orig/g10/sign.c 2015-12-04 14:25:25.750577545 +0100
++++ gnupg-2.1.10/g10/sign.c 2015-12-04 14:25:28.473550666 +0100
@@ -41,7 +41,7 @@
#include "pkglue.h"
#include "sysutils.h"
@@ -65,7 +65,7 @@
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
-@@ -706,8 +706,12 @@ write_signature_packets (SK_LIST sk_list
+@@ -681,8 +681,12 @@ write_signature_packets (SK_LIST sk_list
mk_notation_policy_etc (sig, NULL, pk);
}
@@ -78,7 +78,7 @@
rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md);
-@@ -765,6 +769,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -740,6 +744,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
SK_LIST sk_rover = NULL;
int multifile = 0;
u32 duration=0;
@@ -87,7 +87,7 @@
pfx = new_progress_context ();
afx = new_armor_context ();
-@@ -781,7 +787,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -756,7 +762,16 @@ sign_file (ctrl_t ctrl, strlist_t filena
fname = NULL;
if( fname && filenames->next && (!detached || encryptflag) )
@@ -105,7 +105,7 @@
if(encryptflag==2
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
-@@ -802,7 +817,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -777,7 +792,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
goto leave;
/* prepare iobufs */
@@ -114,7 +114,7 @@
inp = NULL; /* we do it later */
else {
inp = iobuf_open(fname);
-@@ -940,7 +955,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -915,7 +930,7 @@ sign_file (ctrl_t ctrl, strlist_t filena
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@@ -123,7 +123,7 @@
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag)
-@@ -995,6 +1010,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -970,6 +985,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
write_status_begin_signing (mfx.md);
@@ -132,7 +132,7 @@
/* Setup the inner packet. */
if( detached ) {
if( multifile ) {
-@@ -1035,6 +1052,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1010,6 +1027,45 @@ sign_file (ctrl_t ctrl, strlist_t filena
if( opt.verbose )
log_printf ("\n");
}
@@ -178,7 +178,7 @@
else {
/* read, so that the filter can calculate the digest */
while( iobuf_get(inp) != -1 )
-@@ -1052,8 +1108,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
+@@ -1027,8 +1083,8 @@ sign_file (ctrl_t ctrl, strlist_t filena
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,
++++++ gnupg-2.1.9.tar.bz2 -> gnupg-2.1.10.tar.bz2 ++++++
++++ 227358 lines of diff (skipped)
++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++
--- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:38.000000000 +0100
+++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:38.000000000 +0100
@@ -3,11 +3,11 @@
g10/gpg.c | 9 +++++++++
2 files changed, 27 insertions(+)
-Index: gnupg-2.1.9/doc/gpg.texi
+Index: gnupg-2.1.10/doc/gpg.texi
===================================================================
---- gnupg-2.1.9.orig/doc/gpg.texi
-+++ gnupg-2.1.9/doc/gpg.texi
-@@ -1778,6 +1778,24 @@ implies, this option is for experts only
+--- gnupg-2.1.10.orig/doc/gpg.texi 2015-12-04 14:28:28.840769433 +0100
++++ gnupg-2.1.10/doc/gpg.texi 2015-12-04 14:28:33.784720588 +0100
+@@ -1875,6 +1875,24 @@ implies, this option is for experts only
understand the implications of what it allows you to do, leave this
off. @option{--no-expert} disables this option.
@@ -32,19 +32,19 @@
@end table
-Index: gnupg-2.1.9/g10/gpg.c
+Index: gnupg-2.1.10/g10/gpg.c
===================================================================
---- gnupg-2.1.9.orig/g10/gpg.c
-+++ gnupg-2.1.9/g10/gpg.c
-@@ -386,6 +386,7 @@ enum cmd_and_opt_values
- oNoAutostart,
- oPrintPKARecords,
- oPrintDANERecords,
+--- gnupg-2.1.10.orig/g10/gpg.c 2015-12-04 14:28:28.843769403 +0100
++++ gnupg-2.1.10/g10/gpg.c 2015-12-04 14:29:04.084421214 +0100
+@@ -394,6 +394,7 @@ enum cmd_and_opt_values
+ oWeakDigest,
+ oUnwrap,
+ oOnlySignTextIDs,
+ oSetLegacyFips,
oNoop
};
-@@ -780,6 +781,7 @@ static ARGPARSE_OPTS opts[] = {
+@@ -796,6 +797,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
@@ -52,7 +52,7 @@
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
-@@ -3188,6 +3190,13 @@ main (int argc, char **argv)
+@@ -3556,6 +3558,13 @@ main (int argc, char **argv)
case oNoAutostart: opt.autostart = 0; break;
++++++ gnupg-set_umask_before_open_outfile.patch ++++++
--- /var/tmp/diff_new_pack.Tk9sHs/_old 2015-12-09 22:18:38.000000000 +0100
+++ /var/tmp/diff_new_pack.Tk9sHs/_new 2015-12-09 22:18:38.000000000 +0100
@@ -1,7 +1,7 @@
-Index: gnupg-2.1.0/g10/plaintext.c
+Index: gnupg-2.1.10/g10/plaintext.c
===================================================================
---- gnupg-2.1.0.orig/g10/plaintext.c 2014-11-07 11:35:18.100563974 +0100
-+++ gnupg-2.1.0/g10/plaintext.c 2014-11-07 16:51:59.919347340 +0100
+--- gnupg-2.1.10.orig/g10/plaintext.c 2015-11-30 17:39:52.000000000 +0100
++++ gnupg-2.1.10/g10/plaintext.c 2015-12-04 14:26:56.876677813 +0100
@@ -25,6 +25,7 @@
#include