Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2014-05-02 19:21:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "gpg2" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2014-02-17 07:18:18.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2014-05-02 19:21:28.000000000 +0200 @@ -1,0 +2,10 @@ +Tue Apr 29 12:06:03 UTC 2014 - vcizek@suse.com + +- add patch by Stephan Mueller which adds an option to enable + legacy ciphers in FIPS mode + * added gnupg-add_legacy_FIPS_mode_option.patch + (part of bnc#856312) +- added BuildRequires: makeinfo (to build info pages from the + patched gnupg.texi) + +------------------------------------------------------------------- New: ---- gnupg-add_legacy_FIPS_mode_option.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.WbRPY0/_old 2014-05-02 19:21:28.000000000 +0200 +++ /var/tmp/diff_new_pack.WbRPY0/_new 2014-05-02 19:21:28.000000000 +0200 @@ -30,6 +30,7 @@ BuildRequires: libgpg-error-devel >= 1.11 BuildRequires: libksba-devel >= 1.0.7 BuildRequires: libusb-devel +BuildRequires: makeinfo BuildRequires: openldap2-devel BuildRequires: readline-devel BuildRequires: zlib-devel @@ -64,6 +65,7 @@ Patch9: gnupg-detect_FIPS_mode.patch # PATCH-FIX-OPENSUSE coolo@suse.de -- automake 1.13 already includes $SHELL Patch10: gnupg-2.0.20-automake113.diff +Patch11: gnupg-add_legacy_FIPS_mode_option.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -83,6 +85,7 @@ %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %build autoreconf -fi ++++++ gnupg-add_legacy_FIPS_mode_option.patch ++++++ Index: gnupg-2.0.22/doc/gpg.texi =================================================================== --- gnupg-2.0.22.orig/doc/gpg.texi 2013-10-04 19:08:32.000000000 +0200 +++ gnupg-2.0.22/doc/gpg.texi 2014-04-30 12:42:35.129468147 +0200 @@ -1795,6 +1795,24 @@ implies, this option is for experts only understand the implications of what it allows you to do, leave this off. @option{--no-expert} disables this option. +@item --set-legacy-fips +@itemx --set-legacy-fips +@opindex set-legacy-fips +Enable legacy support even when the libgcrypt library is in FIPS 140-2 +mode. The legacy mode of libgcrypt allows the use of all ciphers, +including non-approved ciphers. This mode is needed when for legacy +reasons a message must be encrypted or decrypted. Legacy reasons for +decryptions include the decryption of old messages created with a +public key that use cipher settings which do not meet FIPS 140-2 +requirements. Legacy reasons for encryption include the encryption +of messages with a recipients public key where the recipient is not +bound to FIPS 140-2 regulation and therefore provided a key using +non-approved ciphers. Although the legacy mode is a violation of strict +FIPS 140-2 rule interpretations, it is wise to use this mode or +either not being able to access old messages or not being able +to create encrypted messages to a recipient that is not adhering +to FIPS 140-2 rules. + @end table Index: gnupg-2.0.22/g10/gpg.c =================================================================== --- gnupg-2.0.22.orig/g10/gpg.c 2014-04-30 12:42:35.117468014 +0200 +++ gnupg-2.0.22/g10/gpg.c 2014-04-30 12:42:35.129468147 +0200 @@ -368,6 +368,7 @@ enum cmd_and_opt_values oDisableDSA2, oAllowMultipleMessages, oNoAllowMultipleMessages, + oSetLegacyFips, oNoop }; @@ -744,6 +745,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"), ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"), ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), + ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"), /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common @@ -2948,6 +2950,13 @@ main (int argc, char **argv) opt.flags.allow_multiple_messages=0; break; + case oSetLegacyFips: + if(gcry_fips_mode_active()) + gcry_control (GCRYCTL_INACTIVATE_FIPS_FLAG, "Enable legacy support in FIPS 140-2 mode"); + else + log_info ("Command set-legacy-fips ignored as libgcrypt is not in FIPS mode\n"); + break; + case oNoop: break; default: -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org