From: Daniel Kahn Gillmor Date: Thu, 22 Aug 2019 19:11:59 +0000 (+0100) Subject: gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium X-Git-Tag: archive/raspbian/2.2.12-1+rpi1+deb10u1^2~100 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=faf7e9dcc2e45653b6f9634d86dfbab86e1819df;p=gnupg2.git gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium * drop unneeded patch for printing revocation certificates * backport bugfix and stability patches from upstream 2.2.13 * backport bugfix and stability patches from upstream 2.2.14 * backport documentation, stability, ssh, and WKD patches from upstream 2.2.15 * backport documentation and bugfix patches from upstream 2.2.16 * import bugfixes and cleanup around secret key handling from 2.2.14 * backport bugfixes, documentation, WKD, and keyserver fixes from 2.2.17 * import efficiency and security fixes from upstream STABLE-BRANCH-2-2 * avoid using SKS pool CA unless the keyserver is hkps.pool.sks-keyservers.net * drop import-clean from default keyserver options, to avoid data loss * use keys.openpgp.org as the default keyserver * enable merging certificate updates even if update has no user ID * update Vcs-Git: to point to debian/buster branch * Adopt migrate-pubring-from-classic-gpg robustness fixes (Closes: #931385) * add new CI test: debian/tests/simple-tests * debian/tests/gpgv-win32: make arch-specific (Closes: #905563) [dgit import unpatched gnupg2 2.2.12-1+deb10u1] --- faf7e9dcc2e45653b6f9634d86dfbab86e1819df diff --cc debian/NEWS index 0000000,0000000..3005e93 new file mode 100644 --- /dev/null +++ b/debian/NEWS @@@ -1,0 -1,0 +1,30 @@@ ++gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium ++ ++ In this version we adopt GnuPG's upstream approach of making keyserver ++ access default to self-sigs-only. This defends against receiving ++ flooded OpenPGP certificates. To revert to the previous behavior (not ++ recommended!), add the following directive to ~/.gnupg/gpg.conf: ++ ++ keyserver-options no-self-sigs-only ++ ++ We also adopt keys.openpgp.org as the default keyserver, since it avoids ++ the associated bandwidth waste of fetching third-party certifications ++ that will not be used. To revert to the older SKS keyserver network (not ++ recommended!), add the following directive to ~/.gnupg/dirmngr.conf: ++ ++ keyserver hkps://hkps.pool.sks-keyservers.net ++ ++ Note: we do *not* adopt upstream's choice of import-clean for the ++ keyserver default, since it can lead to data loss, see ++ https://dev.gnupg.org/T4628 for more details. ++ ++ -- Daniel Kahn Gillmor Wed, 21 Aug 2019 14:53:47 -0400 ++ ++gnupg2 (2.1.11-7+exp1) experimental; urgency=medium ++ ++ The gnupg package now provides the "modern" version of GnuPG. ++ ++ Please read /usr/share/doc/gnupg/README.Debian for details about the ++ transition from "classic" to "modern" ++ ++ -- Daniel Kahn Gillmor Wed, 30 Mar 2016 09:59:35 -0400 diff --cc debian/Xsession.d/90gpg-agent index 0000000,0000000..8b45b05 new file mode 100644 --- /dev/null +++ b/debian/Xsession.d/90gpg-agent @@@ -1,0 -1,0 +1,22 @@@ ++# On systems with systemd running, we expect the agent to be launched ++# via systemd's user mode (see ++# /usr/lib/systemd/user/gpg-agent.{socket,service} and ++# systemd.unit(5)). This allows systemd to clean up the agent ++# automatically at logout. ++ ++# If systemd is absent from your system, or you do not permit it to ++# run in user mode, then you may need to manually launch gpg-agent ++# from your session initialization with something like "gpgconf ++# --launch gpg-agent" ++ ++# Nonetheless, ssh and older versions of gpg require environment ++# variables to be set in order to find the agent, so we will set those ++# here. ++ ++agent_sock=$(gpgconf --list-dirs agent-socket) ++export GPG_AGENT_INFO=${agent_sock}:0:1 ++if [ -n "$(gpgconf --list-options gpg-agent | \ ++ awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then ++ export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) ++fi ++ diff --cc debian/changelog index 0000000,0000000..dcb1008 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,2333 @@@ ++gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium ++ ++ * drop unneeded patch for printing revocation certificates ++ * backport bugfix and stability patches from upstream 2.2.13 ++ * backport bugfix and stability patches from upstream 2.2.14 ++ * backport documentation, stability, ssh, and WKD patches from upstream 2.2.15 ++ * backport documentation and bugfix patches from upstream 2.2.16 ++ * import bugfixes and cleanup around secret key handling from 2.2.14 ++ * backport bugfixes, documentation, WKD, and keyserver fixes from 2.2.17 ++ * import efficiency and security fixes from upstream STABLE-BRANCH-2-2 ++ * avoid using SKS pool CA unless the keyserver is hkps.pool.sks-keyservers.net ++ * drop import-clean from default keyserver options, to avoid data loss ++ * use keys.openpgp.org as the default keyserver ++ * enable merging certificate updates even if update has no user ID ++ * update Vcs-Git: to point to debian/buster branch ++ * Adopt migrate-pubring-from-classic-gpg robustness fixes (Closes: #931385) ++ * add new CI test: debian/tests/simple-tests ++ * debian/tests/gpgv-win32: make arch-specific (Closes: #905563) ++ ++ -- Daniel Kahn Gillmor Thu, 22 Aug 2019 15:11:59 -0400 ++ ++gnupg2 (2.2.12-1) unstable; urgency=medium ++ ++ * New upstream release ++ * refresh patches ++ ++ -- Daniel Kahn Gillmor Fri, 14 Dec 2018 20:17:16 -0500 ++ ++gnupg2 (2.2.11-1) unstable; urgency=medium ++ ++ * new upstream release ++ * refresh patches ++ * refresh upstream/signing-key.asc ++ * deprecate gpg-zip ++ * gnupg-utils: ship gpgtar, since gpg-zip is deprecated ++ * Make gpg-zip use tar from $PATH (Closes: #913582) ++ * fix spelling mistakes in tools documentation ++ ++ -- Daniel Kahn Gillmor Sun, 18 Nov 2018 17:38:30 -0500 ++ ++gnupg2 (2.2.10-3) unstable; urgency=medium ++ ++ [ Bjarni Ingi Gislason ] ++ * clean up nroff for gpg-check-pattern.1 (Closes: #900247) ++ ++ [ Daniel Kahn Gillmor ] ++ * backport fix for subkey binding sigs ++ ++ -- Daniel Kahn Gillmor Mon, 08 Oct 2018 11:36:01 -0400 ++ ++gnupg2 (2.2.10-2) unstable; urgency=medium ++ ++ * import upstream minor bugfixes ++ * wrap-and-sort -ast ++ * actually ship gpgcompose in gnupg-utils ++ * drop debian/source/options (thanks, Lintian!) ++ ++ -- Daniel Kahn Gillmor Sun, 30 Sep 2018 11:40:42 -0500 ++ ++gnupg2 (2.2.10-1) unstable; urgency=medium ++ ++ * new upstream maintenance release ++ * drop patches already upstream ++ * refresh patches ++ * Standards-Version: bump to 4.2.1 (no changes needed) ++ ++ -- Daniel Kahn Gillmor Thu, 30 Aug 2018 11:57:15 -0400 ++ ++gnupg2 (2.2.9-2) unstable; urgency=medium ++ ++ [ Daniel Kahn Gillmor ] ++ * spell Tor correctly (Closes: #895398) ++ * Standards-Version: bump to 4.2.0 (no changes needed) ++ * corrected license in AppStream file ++ * standardize udev rules for Yubikey USB devices and claim them in AppStream ++ * from upstream: s2k bugfix, support for Trustica Cryptoucan ++ * Claim Trustica Cryptoucan via AppStream ++ ++ [ Jiří Keresteš ] ++ * udev rule for Trustica Cryptoucan ++ ++ -- Daniel Kahn Gillmor Fri, 24 Aug 2018 09:48:15 -0400 ++ ++gnupg2 (2.2.9-1) unstable; urgency=medium ++ ++ * New upstream release ++ * Standards-Version: bump to 4.1.5 (no changes needed) ++ * drop patches already upstream ++ * refresh patches ++ ++ -- Daniel Kahn Gillmor Thu, 19 Jul 2018 14:02:31 -0400 ++ ++gnupg2 (2.2.8-3) unstable; urgency=medium ++ ++ * Ensure arch: all gnupg package supports binMNUs ++ ++ -- Daniel Kahn Gillmor Thu, 21 Jun 2018 12:18:14 -0400 ++ ++gnupg2 (2.2.8-2) unstable; urgency=medium ++ ++ [ Daniel Kahn Gillmor ] ++ * import bugfixes and improvements from upstream/STABLE-BRANCH-2-2 ++ * ensure that revocation certificates show up in --show-keys output ++ (see 7c79bf7f71aa594102cb684b0abd8331bdac4608) ++ * try passing not explicit paths to wine for the gpgv-win32 test ++ * d/copyright: clarify debian/* licensing ++ * convert gnupg metapackage to Architecture: all ++ ++ [ Giovanni Mascellani ] ++ * avoid parallel tests on riscv64 (Closes: #901646) ++ ++ -- Daniel Kahn Gillmor Wed, 20 Jun 2018 06:56:09 -0400 ++ ++gnupg2 (2.2.8-1) unstable; urgency=medium ++ ++ * New upstream release ++ * refresh patches ++ ++ -- Daniel Kahn Gillmor Fri, 08 Jun 2018 10:08:36 -0400 ++ ++gnupg2 (2.2.7-1) unstable; urgency=medium ++ ++ * new upstream release ++ * update/refresh patches, improve patch description ++ * bump standards-version to 4.1.4 (no changes needed) ++ ++ -- Daniel Kahn Gillmor Wed, 23 May 2018 11:50:27 -0400 ++ ++gnupg2 (2.2.5-1) unstable; urgency=medium ++ ++ * New upstream release ++ * d/gbp.conf: use DEP-14 branch naming ++ * d/control: declare Rules-Requires-Root: no ++ * drop patches already applied upstream ++ * refresh patches ++ ++ -- Daniel Kahn Gillmor Thu, 22 Feb 2018 14:20:18 -0800 ++ ++gnupg2 (2.2.4-3) unstable; urgency=medium ++ ++ * version build-deps on mingw library toolchain (Closes: #889921) ++ * drop misbehaving upstream scd patch (Closes: #889751) ++ ++ -- Daniel Kahn Gillmor Fri, 09 Feb 2018 13:51:35 -0500 ++ ++gnupg2 (2.2.4-2) unstable; urgency=medium ++ ++ [ Daniel Kahn Gillmor ] ++ * move to debhelper 11 ++ * d/control: move Vcs to salsa ++ * import more bugfixes and hardware from upstream ++ ++ [ Helge Deller ] ++ * Fix FTBFS on hppa (Closes: #887843) ++ ++ -- Daniel Kahn Gillmor Mon, 05 Feb 2018 23:07:21 -0500 ++ ++gnupg2 (2.2.4-1) unstable; urgency=medium ++ ++ * New upstream release ++ * do not use uupdate (we use gbp-import-orig) ++ * dirmngr: cannot avoid idling in current arrangement ++ * adjusting fixes to gpgsm defaults ++ * prefer SHA-512 specifically on personal-digest-preferences. ++ * refresh patches ++ * Standards-Version: bump to 4.1.3 (no changes needed) ++ * drop unnecessary lintian override ++ * reflect actual requirement for libassuan ++ * import bugfixes from upstream ++ ++ -- Daniel Kahn Gillmor Wed, 03 Jan 2018 12:43:40 -0500 ++ ++gnupg2 (2.2.3-1) unstable; urgency=medium ++ ++ * New upstream release ++ * refreshed patches ++ ++ -- Daniel Kahn Gillmor Thu, 30 Nov 2017 19:06:35 -0500 ++ ++gnupg2 (2.2.2-1) unstable; urgency=medium ++ ++ * new upstream release. ++ * avoid testsuite delays from excess socket waiting ++ * clean up trailing whitespace in debian/{rules,changelog} ++ * drop patches already upstream ++ * refresh remaining patches ++ ++ -- Daniel Kahn Gillmor Wed, 08 Nov 2017 20:09:33 +0100 ++ ++gnupg2 (2.2.1-5) unstable; urgency=medium ++ ++ * block ptrace on scdaemon as well as gpg-agent (Closes: #878952) ++ ++ -- Daniel Kahn Gillmor Fri, 27 Oct 2017 01:43:20 -0400 ++ ++gnupg2 (2.2.1-4) unstable; urgency=medium ++ ++ * restore lintian override, because ftp-master isn't yet running lintian ++ 2.5.55 (see #877999 for more details) ++ ++ -- Daniel Kahn Gillmor Thu, 19 Oct 2017 02:33:36 -0400 ++ ++gnupg2 (2.2.1-3) unstable; urgency=medium ++ ++ * bugfix for multiple keyrings (Closes: #878812) ++ * drop an unnecessary lintian override ++ ++ -- Daniel Kahn Gillmor Thu, 19 Oct 2017 00:23:41 -0400 ++ ++gnupg2 (2.2.1-2) unstable; urgency=medium ++ ++ * adopt bugfixes and documentation improvements from upstream ++ * reorganize debian/patches for simpler maintenance ++ * move gnupg-l10n to Section: localization ++ * Standards-Version: bump to 4.1.1 (no changes needed) ++ ++ -- Daniel Kahn Gillmor Tue, 10 Oct 2017 10:05:45 -0400 ++ ++gnupg2 (2.2.1-1) unstable; urgency=medium ++ ++ * New upstream release ++ * drop patches already applied upstream ++ ++ -- Daniel Kahn Gillmor Tue, 19 Sep 2017 08:26:26 -0400 ++ ++gnupg2 (2.2.0-3) unstable; urgency=medium ++ ++ * avoid FTBFS when TZ=UTC-12 (Closes: #874617) ++ ++ -- Daniel Kahn Gillmor Fri, 08 Sep 2017 02:10:02 -0400 ++ ++gnupg2 (2.2.0-2) unstable; urgency=medium ++ ++ * dirmngr and gpgv-static are Multi-arch: foreign (Closes: #874111) ++ * update to stronger cryptographic defaults. ++ * use upstream gpg-agent-browser.socket systemd user service ++ * publish SSH_AUTH_SOCK for wayland users (Closes: #855868) ++ ++ -- Daniel Kahn Gillmor Thu, 07 Sep 2017 19:20:35 -0400 ++ ++gnupg2 (2.2.0-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * drop patches already upstream ++ * scdaemon: bugfix from upstream for large ECC keys ++ * Standards-Version: bump to 4.1.0 (no changes needed) ++ ++ -- Daniel Kahn Gillmor Wed, 06 Sep 2017 13:10:28 -0400 ++ ++gnupg2 (2.1.23-2) unstable; urgency=medium ++ ++ * add openssh-client to build-deps for testing ++ ++ -- Daniel Kahn Gillmor Sun, 13 Aug 2017 22:48:23 -0400 ++ ++gnupg2 (2.1.23-1) unstable; urgency=medium ++ ++ * New upstream release ++ * move to unstable ++ * refresh patches ++ * keep default --no-auto-key-retrieve ++ * Standards-Version: 4.0.1 (Priority: extra -> optional) ++ * run tests in parallel ++ ++ -- Daniel Kahn Gillmor Fri, 11 Aug 2017 09:56:05 -0400 ++ ++gnupg2 (2.1.22-1) experimental; urgency=medium ++ ++ * New upstream release ++ * refreshed patches ++ * pulled a few bugfix patches from upstream ++ * simplify systemd user units ++ ++ -- Daniel Kahn Gillmor Mon, 07 Aug 2017 01:17:19 -0400 ++ ++gnupg2 (2.1.21-4) experimental; urgency=medium ++ ++ * package reorganization: ++ - new package 'gpg' is just for public key operations ++ - 'gnupg' package is the full suite ++ - 'gnupg-agent' package is renamed to 'gpg-agent' ++ - 'gpgconf' is a base package, other packages depend on it ++ - 'gnupg-utils' are a grab-bag of helper tools that may be useful ++ * scdaemon: add AppStream metainfo about supported smartcards ++ ++ -- Daniel Kahn Gillmor Wed, 26 Jul 2017 12:50:55 -0400 ++ ++gnupg2 (2.1.21-3) experimental; urgency=medium ++ ++ * include upstream bugfixes and improvements (Closes: #863221) ++ * build gpgcompose, ship new gpgcompose binary package ++ * upgrade to debhelper 10 ++ * upgrade to Standards-Version 4.0.0 (no changes needed) ++ ++ -- Daniel Kahn Gillmor Sun, 11 Jun 2017 01:50:30 +0200 ++ ++gnupg2 (2.1.21-2) experimental; urgency=medium ++ ++ [ Stefan Bühler ] ++ * Create WKS server and client packages ++ ++ [ Daniel Kahn Gillmor ] ++ * minor packaging cleanups ++ * more upstream bugfix and cleanup patches ++ * rename WKS packages to match the tool names ++ ++ -- Daniel Kahn Gillmor Thu, 18 May 2017 18:02:46 -0400 ++ ++gnupg2 (2.1.21-1) experimental; urgency=medium ++ ++ * new upstream release ++ * drop patches alread yupstream, refresh patches ++ * import post-release bugfixes from upstream ++ ++ -- Daniel Kahn Gillmor Tue, 16 May 2017 22:42:20 -0400 ++ ++gnupg2 (2.1.20-4) experimental; urgency=medium ++ ++ * avoid shipping or trying to use .skel files ++ * more bugfixes from upstream ++ * skip missing signing keys (Closes: #834922) ++ * prefer available smartcard ++ ++ -- Daniel Kahn Gillmor Wed, 10 May 2017 14:59:02 -0400 ++ ++gnupg2 (2.1.20-3) experimental; urgency=medium ++ ++ * more upstream bugfixes (Closes: #858400) ++ ++ -- Daniel Kahn Gillmor Fri, 07 Apr 2017 11:36:51 -0400 ++ ++gnupg2 (2.1.20-2) experimental; urgency=medium ++ ++ * more bugfix patches from upstream ++ ++ -- Daniel Kahn Gillmor Thu, 06 Apr 2017 11:21:24 -0400 ++ ++gnupg2 (2.1.20-1) experimental; urgency=medium ++ ++ * new upstream release ++ * drop patches already upstream, refresh patches ++ * import post-release bugfixes from upstream ++ ++ -- Daniel Kahn Gillmor Wed, 05 Apr 2017 11:43:09 -0400 ++ ++gnupg2 (2.1.19-3) experimental; urgency=medium ++ ++ * more patches from usptream ++ - test suite should now use /tmp and not require /run/user/ ++ ++ -- Daniel Kahn Gillmor Tue, 21 Mar 2017 12:34:47 -0400 ++ ++gnupg2 (2.1.19-2) experimental; urgency=medium ++ ++ * more patches from upstream (Closes: #854829) ++ * add verbose=3 to the test suite as requested by upstream ++ ++ -- Daniel Kahn Gillmor Mon, 20 Mar 2017 14:05:46 -0400 ++ ++gnupg2 (2.1.19-1) experimental; urgency=medium ++ ++ * New upstream release (Closes: #854359) ++ * many post-release bugfixes from upstream ++ * add logcheck filters for gpg-agent (Closes: #856438) ++ * Upload to experimental due to the freeze ++ ++ -- Daniel Kahn Gillmor Thu, 16 Mar 2017 12:47:40 -0400 ++ ++gnupg2 (2.1.18-6) unstable; urgency=medium ++ ++ [ NIIBE Yutaka ] ++ * scdaemon: Fix duplicated entries (Closes: #855056). ++ ++ -- Daniel Kahn Gillmor Mon, 13 Feb 2017 19:29:34 -0500 ++ ++gnupg2 (2.1.18-5) unstable; urgency=medium ++ ++ [ Daniel Kahn Gillmor ] ++ * Xsession.d/90gpg-agent: use simpler and more direct gpgconf ++ invocations for socket names. ++ ++ [ NIIBE Yutaka ] ++ * scdaemon.udev: Add Yubikey and Nitrokey (Closes: #648331, 734889). ++ * scdaemon fix for PC/SC (Closes: #852702, #854005, #854595, #854616). ++ ++ -- Daniel Kahn Gillmor Mon, 13 Feb 2017 09:15:07 -0500 ++ ++gnupg2 (2.1.18-4) unstable; urgency=medium ++ ++ [ Daniel Kahn Gillmor ] ++ * document that debian disables --allow-version-check ++ * docs, debugging, and bugfix patches from upstream (Closes: #852979) ++ ++ [ NIIBE Yutaka ] ++ * scdaemon bugfixes ++ ++ -- Daniel Kahn Gillmor Sat, 04 Feb 2017 22:03:26 -0500 ++ ++gnupg2 (2.1.18-3) unstable; urgency=medium ++ ++ * fix searches for keys with raw addr-spec ++ ++ -- Daniel Kahn Gillmor Wed, 25 Jan 2017 16:58:56 -0500 ++ ++gnupg2 (2.1.18-2) unstable; urgency=medium ++ ++ * pull fixes from upstream (including a double-free in gpg-agent) ++ ++ -- Daniel Kahn Gillmor Wed, 25 Jan 2017 09:29:25 -0500 ++ ++gnupg2 (2.1.18-1) unstable; urgency=medium ++ ++ * New upstream release. ++ ++ -- Daniel Kahn Gillmor Mon, 23 Jan 2017 23:12:35 -0500 ++ ++gnupg2 (2.1.17-6) unstable; urgency=medium ++ ++ * Upstream patches, fixing unnecessary delay in gpg-agent (Closes: #851298) ++ * gpg-agent: avoid race in shutdown (Closes: #841143) ++ * improve dirmngr, gpg-agent README.Debian (Closes: #850982) ++ * clean up gpg-agent-idling patch ++ ++ -- Daniel Kahn Gillmor Wed, 18 Jan 2017 14:40:41 -0500 ++ ++gnupg2 (2.1.17-5) unstable; urgency=medium ++ ++ * more fixes from upstream (improving but not yet closing: #849845) ++ * gpg-agent: actively poll when shutdown is pending. Thanks, NIIBE ++ Yutaka! (addresses but does not close #841143) ++ ++ -- Daniel Kahn Gillmor Wed, 11 Jan 2017 15:44:57 -0500 ++ ++gnupg2 (2.1.17-4) unstable; urgency=medium ++ ++ * more patches from upstream, including dirmngr debugging ++ improvements ++ * resolve ambiguity in aliased options and commands (Closes: #850475) ++ * auto-enable gpg-agent and dirmngr for systemd user sessions ++ * enable easy reloads from systemd ++ ++ -- Daniel Kahn Gillmor Tue, 10 Jan 2017 17:30:08 -0500 ++ ++gnupg2 (2.1.17-3) unstable; urgency=medium ++ ++ * more bugfixes from upstream (improving but not yet closing: #849845) ++ ++ -- Daniel Kahn Gillmor Tue, 03 Jan 2017 15:39:52 -0500 ++ ++gnupg2 (2.1.17-2) unstable; urgency=medium ++ ++ * include patches from upstream to avoid build failures on 32-bit ++ arches. ++ ++ -- Daniel Kahn Gillmor Sat, 24 Dec 2016 18:11:51 -0500 ++ ++gnupg2 (2.1.17-1) unstable; urgency=medium ++ ++ * new upstream release. ++ ++ -- Daniel Kahn Gillmor Sat, 24 Dec 2016 15:39:04 -0500 ++ ++gnupg2 (2.1.16-3) unstable; urgency=medium ++ ++ * remove -pie from hppa, kfreebsd-amd64, and x32 builds of ++ gpgv-static (Closes: #846889) ++ * import several upstream bugfix patches (Closes: #846834, #846168) ++ * link gnupg-agent and scdaemon with Enhances/Suggests (Closes: #833518) ++ ++ -- Daniel Kahn Gillmor Mon, 05 Dec 2016 15:34:49 -0500 ++ ++gnupg2 (2.1.16-2) unstable; urgency=medium ++ ++ * avoid using adns, due to lack of security support (Closes: #845078) ++ ++ -- Daniel Kahn Gillmor Mon, 21 Nov 2016 09:57:26 -0500 ++ ++gnupg2 (2.1.16-1) unstable; urgency=medium ++ ++ * New upstream version ++ * dropped many patches already incorporated upstream ++ ++ -- Daniel Kahn Gillmor Sun, 20 Nov 2016 23:22:49 -0500 ++ ++gnupg2 (2.1.15-9) unstable; urgency=medium ++ ++ * Introduce gpgv-static package (Closes: #806940) ++ * more patches from upstream ++ * use adns for better DNS resolution in dirmngr ++ * add some import-options to ++ migrate-pubring-from-classic-gpg for better migration ++ * reorganize patches to distinguish debian variations from upstream ++ * set simple and easy defaults for keyservers ++ * help dirmngr and gpg-agent idle better in the default case ++ ++ -- Daniel Kahn Gillmor Thu, 10 Nov 2016 07:28:16 -0800 ++ ++gnupg2 (2.1.15-8) unstable; urgency=medium ++ ++ * rename gpg-agent-restricted.socket to gpg-agent-extra.socket ++ (for symmetry with option names and actual sockets created) ++ ++ -- Daniel Kahn Gillmor Thu, 27 Oct 2016 13:54:53 -0400 ++ ++gnupg2 (2.1.15-7) unstable; urgency=medium ++ ++ * more upstream patches ++ * dirmngr systemd user service is now socket-activated. ++ ++ -- Daniel Kahn Gillmor Thu, 27 Oct 2016 12:48:15 -0400 ++ ++gnupg2 (2.1.15-6) unstable; urgency=medium ++ ++ * more upstream patches (Closes: #841437, #840680) ++ ++ -- Daniel Kahn Gillmor Wed, 26 Oct 2016 17:44:20 -0400 ++ ++gnupg2 (2.1.15-5) unstable; urgency=medium ++ ++ * added udev rules for Fujitsu Siemens cardreader (Closes: #840312) ++ * mark transitional packages Multi-Arch: Foreign (closes: #840258) ++ * make gnupg2 binNMU-safe ++ * more patches from upstream ++ * track upstream decision-making about gpg-agent socket names ++ ++ -- Daniel Kahn Gillmor Tue, 25 Oct 2016 21:30:06 -0400 ++ ++gnupg2 (2.1.15-4) unstable; urgency=medium ++ ++ * update debian/tests/gpgv-win32 ++ * more patches from upstream (Closes: #838153) ++ * tighten dependencies between gnupg and dirmngr (Closes: #834602) ++ * updated systemd user gpg-agent units for socket activation ++ ++ -- Daniel Kahn Gillmor Tue, 04 Oct 2016 17:22:30 -0400 ++ ++gnupg2 (2.1.15-3) unstable; urgency=medium ++ ++ * Use upstream fix to avoid touching homedir during test suite ++ * backward compatibility for preset-passphrase and protect-tool ++ * add Breaks: for python3-apt too (thanks, Harald Jenny!) ++ * Avoid network access during tests (Closes: #836259) ++ * more patches from upstream ++ - gpgv --output now works ++ - fingerprint display doesn't vary with --keyid-format ++ - minor cleanup to scdaemon dealing with removed cards ++ ++ -- Daniel Kahn Gillmor Wed, 14 Sep 2016 17:08:58 -0400 ++ ++gnupg2 (2.1.15-2) unstable; urgency=medium ++ ++ * restore keyid output in gpgv (Closes: #836144) ++ * avoid test suite failures when HOME does not exist ++ ++ -- Daniel Kahn Gillmor Wed, 31 Aug 2016 12:37:48 -0400 ++ ++gnupg2 (2.1.15-1) unstable; urgency=medium ++ ++ * new upstream release ++ - blocks signals during keyring updates (Closes: #293556) ++ * avoid libusb on hurd. Thanks, Pino Toscano! (Closes: #834533) ++ * permissions on test suite are already fixed ++ * drop patches applied upstream and refresh remaining patches ++ * make gnupg2 reproducible by not regenerating documentation date ++ * make autopkgtest work with modern wine (Closes: #835976) ++ * wrap-and-sort -ast for cleaner diffs ++ * add versioned Breaks: for affected packages (Closes: #835349) ++ - gpgv Breaks: python-debian << 0.1.29 (addresses: #782904) ++ - gnupg Breaks: php-crypt-gpg <= 1.4.1-1 (addresses #835592) ++ - gnupg Breaks: python-apt <= 1.1.0~beta4 (addresses: #835465) ++ - gnupg Breaks: python-gnupg << 0.3.8-3 (addresses: #834514, #834600) ++ - gnupg Breaks: libgnupg-interface-perl << 0.52-3 (addresses: #834281) ++ - gnupg Breaks: libmail-gnupg-perl <= 0.22-1 (addresses: #835075) ++ - gnupg Breaks: libgnupg-perl << 0.19-1 (addresses: #834522) ++ ++ -- Daniel Kahn Gillmor Tue, 30 Aug 2016 13:19:23 -0400 ++ ++gnupg2 (2.1.14-5) unstable; urgency=medium ++ ++ * actually ship /usr/share/doc/gnupg/README.Debian ++ * Release to unstable. ++ ++ -- Daniel Kahn Gillmor Fri, 12 Aug 2016 16:27:22 -0400 ++ ++gnupg2 (2.1.14-4) experimental; urgency=medium ++ ++ * add ZeitControl card (Closes: #814584) ++ * three more fixes from upstream ++ ++ -- Daniel Kahn Gillmor Mon, 08 Aug 2016 12:54:21 -0400 ++ ++gnupg2 (2.1.14-3) experimental; urgency=medium ++ ++ * cleanup debian/copyright ++ * update debian/watch ++ ++ -- Daniel Kahn Gillmor Wed, 03 Aug 2016 11:09:05 -0400 ++ ++gnupg2 (2.1.14-2) experimental; urgency=medium ++ ++ * mark the gpgv binary as Priority: important, since apt depends on it ++ * import a bunch of fixes from upstream ++ * include permissioning on patched-in tests ++ * Breaks: some packages that expect old gpg behavior (Closes: #831500) ++ * remove scdaemon.service; it will be managed by gpg-agent.service ++ * avoid bulleted items in debian/NEWS (thanks, Lintian!) ++ * debian/copyright: cleanup, fix URLs ++ * debian/control: use standard URL for Vcs-Browser ++ * fix spelling and grammar noticed by lintian ++ * avoid lintian notes about a misspelled "written" ++ * clean up gpgv2 Description ++ * break out arch-indep localization files into new gnupg-l10n package ++ ++ -- Daniel Kahn Gillmor Mon, 01 Aug 2016 17:54:59 -0400 ++ ++gnupg2 (2.1.14-1) experimental; urgency=medium ++ ++ * New upstream release ++ ++ -- Daniel Kahn Gillmor Fri, 15 Jul 2016 01:39:25 +0200 ++ ++gnupg2 (2.1.13-5) experimental; urgency=medium ++ ++ * dependency cleanup! ++ - make Recommends: strictly versioned between gnupg and {gpg-agent,dirmngr} ++ - make gnupg Provide: gpg and mention it in the package description ++ - drop mention of newpg, which has not been in debian for many releases ++ - gnupg2 2.0.18 predates debian wheezy, which is oldstable; drop mention ++ in debian/control ++ - drop Suggests: gnupg-doc, which does not appear to be maintained ++ - drop all references to gpg-idea, which has not been in debian for ++ several releases ++ - removed dependency on "dpkg (>= 1.15.4) | install-info", since that ++ dpkg version predates oldstable (wheezy) ++ ++ -- Daniel Kahn Gillmor Mon, 04 Jul 2016 10:13:42 -0400 ++ ++gnupg2 (2.1.13-4) experimental; urgency=medium ++ ++ * add binutils-multiarch [!amd64 !i386] to Build-Depends-Indep: so that ++ we can generate win32 packages on non-x86 platforms. ++ ++ -- Daniel Kahn Gillmor Fri, 01 Jul 2016 11:30:28 -0400 ++ ++gnupg2 (2.1.13-3) experimental; urgency=medium ++ ++ * pull bugfixes from upstream (Closes: #828109, #814584) ++ * should also allow for reproducible builds, with fix to ++ timestamps in tofu.test ++ * provide supervised dirmngr, gpg-agent, and scdaemon services from ++ systemd's user sessioniif the user wants to enable them. These ++ services should terminate at logout (Closes: #825911) ++ * avoid launching gpg-agent from Xsession.d since we have more robust ++ session management available (added NEWS entry about this change) ++ * gnupg-agent now Provides: gpg-agent to mitigate common confusion. ++ * updated dirmngr package description. ++ ++ -- Daniel Kahn Gillmor Tue, 28 Jun 2016 13:46:36 -0400 ++ ++gnupg2 (2.1.13-2) experimental; urgency=medium ++ ++ * brown paper bag time: fix build-dep from libusb-1.0.0-dev to ++ libusb-1.0-0-dev ++ ++ -- Daniel Kahn Gillmor Fri, 17 Jun 2016 23:07:43 -0400 ++ ++gnupg2 (2.1.13-1) experimental; urgency=medium ++ ++ * New upstream release ++ - new keyid-format "none", used by default (Closes: #826273) ++ * Build-depend on libusb-1.0.0-dev to ensure smartcards work (Thanks, ++ gniibe!) ++ ++ -- Daniel Kahn Gillmor Thu, 16 Jun 2016 18:30:36 -0400 ++ ++gnupg2 (2.1.12-1) experimental; urgency=medium ++ ++ * New upstream release ++ ++ -- Daniel Kahn Gillmor Tue, 10 May 2016 20:58:06 -0400 ++ ++gnupg2 (2.1.11-7+exp1) experimental; urgency=medium ++ ++ * switching over binary package names in experimental -- gnupg2 source ++ package now provides gnupg and gpgv ++ ++ -- Daniel Kahn Gillmor Mon, 18 Apr 2016 19:17:19 -0400 ++ ++gnupg2 (2.1.11-7) unstable; urgency=medium ++ ++ * move to unstable ++ * re-enable test suites on mips and mipsel since #730846 is resolved ++ ++ -- Daniel Kahn Gillmor Mon, 18 Apr 2016 07:45:16 -0400 ++ ++gnupg2 (2.1.11-6+exp4) experimental; urgency=medium ++ ++ * stop using help2man to fix cross-building ++ * ensure gpgv-win32 is properly stripped ++ * enable autopkgtest to run without root on systems that already have ++ wine32 installed ++ ++ -- Daniel Kahn Gillmor Fri, 01 Apr 2016 13:08:07 -0300 ++ ++gnupg2 (2.1.11-6+exp3) experimental; urgency=medium ++ ++ * more cleanup on arch-dependent packages. ++ ++ -- Daniel Kahn Gillmor Wed, 30 Mar 2016 03:36:18 -0400 ++ ++gnupg2 (2.1.11-6+exp2) experimental; urgency=medium ++ ++ * avoid build failures when building only arch-dependent or only ++ arch-independent packages. ++ ++ -- Daniel Kahn Gillmor Wed, 30 Mar 2016 02:59:18 -0400 ++ ++gnupg2 (2.1.11-6+exp1) experimental; urgency=medium ++ ++ * take over gpgv-win32 from gnupg 1.4 packaging ++ ++ -- Daniel Kahn Gillmor Mon, 28 Mar 2016 23:27:43 -0400 ++ ++gnupg2 (2.1.11-6) unstable; urgency=medium ++ ++ * avoid FTBFS with patch from upstream (Closes: #814842) ++ * bumped standards-version to 3.9.7 (no changes needed) ++ ++ -- Daniel Kahn Gillmor Tue, 01 Mar 2016 09:36:41 +0100 ++ ++gnupg2 (2.1.11-5) unstable; urgency=medium ++ ++ * taking over gpgv-udeb from gnupg 1.4 packaging ++ * debian/control: use secure transport for Vcs-* and Homepage ++ ++ -- Daniel Kahn Gillmor Thu, 04 Feb 2016 17:17:47 -0500 ++ ++gnupg2 (2.1.11-4) unstable; urgency=medium ++ ++ * disable gpgtar, since it is causing unpredictable testsuite failures ++ and we don't ship it anyway. ++ ++ -- Daniel Kahn Gillmor Wed, 03 Feb 2016 11:57:57 -0500 ++ ++gnupg2 (2.1.11-3) unstable; urgency=medium ++ ++ * trying again to get a proper dump of the gpgtar.test.log. sigh. ++ ++ -- Daniel Kahn Gillmor Thu, 28 Jan 2016 08:34:22 -0500 ++ ++gnupg2 (2.1.11-2) unstable; urgency=medium ++ ++ * added temporary hook to view failing gpgtar test output on build ++ daemons since i can't replicate the failures on my own build systems. ++ ++ -- Daniel Kahn Gillmor Thu, 28 Jan 2016 00:53:29 -0500 ++ ++gnupg2 (2.1.11-1) unstable; urgency=medium ++ ++ * new upstream release ++ - drops buggy attempt to detect duplicate keys (Closes: #807819) ++ * removed -dbg package, since we have automatic -dbgsym packages now ++ * removed undocumented gpgkey2ssh; use gpg --export-ssh-key instead ++ ++ -- Daniel Kahn Gillmor Mon, 25 Jan 2016 15:29:25 -0500 ++ ++gnupg2 (2.1.10-3) unstable; urgency=medium ++ ++ * avoid infinite loop when doing --gen-revoke by fingerprint ++ ++ -- Daniel Kahn Gillmor Sat, 12 Dec 2015 16:53:40 -0500 ++ ++gnupg2 (2.1.10-2) unstable; urgency=medium ++ ++ * actually use sks-keyservers CA by default if the user asks for ++ hkps://hkps.pool.sks-keyservers.net ++ * move ownership of some files in /usr/share/gnupg2/ to more appropriate ++ owners like gpgsm and dirmngr. ++ ++ -- Daniel Kahn Gillmor Fri, 11 Dec 2015 17:06:10 -0500 ++ ++gnupg2 (2.1.10-1) unstable; urgency=medium ++ ++ * new upstream release ++ * ship sks-keyservers.netCA.pem in dirmngr to make it easier to use hkps. ++ * avoid shipping Changelog-2011, use upstream ChangeLog (Closes: ++ #803225) ++ ++ -- Daniel Kahn Gillmor Wed, 09 Dec 2015 12:05:42 -0500 ++ ++gnupg2 (2.1.9-1) unstable; urgency=medium ++ ++ * New upstream release ++ ++ -- Daniel Kahn Gillmor Tue, 13 Oct 2015 10:04:33 -0400 ++ ++gnupg2 (2.1.8-2) UNRELEASED; urgency=medium ++ ++ [ NIIBE Yutaka ] ++ * update scdaemon dependencies ++ ++ [ Daniel Kahn Gillmor ] ++ * correct ssh fingerprint for ECDSA nistp384 (Closes: #795636) ++ ++ -- Daniel Kahn Gillmor Thu, 17 Sep 2015 00:00:28 -0400 ++ ++gnupg2 (2.1.8-1) unstable; urgency=medium ++ ++ * New upstream release ++ ++ -- Daniel Kahn Gillmor Thu, 10 Sep 2015 17:00:06 -0400 ++ ++gnupg2 (2.1.7-2) unstable; urgency=medium ++ ++ * upload to unstable ++ ++ -- Daniel Kahn Gillmor Tue, 11 Aug 2015 21:24:18 -0400 ++ ++gnupg2 (2.1.7-1) experimental; urgency=medium ++ ++ * new upstream release ++ * block ptrace connections to gpg-agent ++ ++ -- Daniel Kahn Gillmor Tue, 11 Aug 2015 20:05:38 -0400 ++ ++gnupg2 (2.1.6-1) experimental; urgency=medium ++ ++ * new upstream release ++ * drop deprecated gpgsm-gencert.sh ++ ++ -- Daniel Kahn Gillmor Tue, 07 Jul 2015 14:27:23 -0400 ++ ++gnupg2 (2.1.5-2) experimental; urgency=medium ++ ++ [ Daniel Kahn Gillmor ] ++ * pass DBUS_SESSION_BUS_ADDRESS through to the agent so that ++ pinentry-gnome3 can work across sessions. ++ * ensure that l10n files are rebuilt. ++ ++ [ Eric Dorland ] ++ * debian/patches/0003-Include-defs.inc-in-BUILT_SOURCES.patch: Fix for ++ build failure when rebuilding info docs. ++ ++ -- Daniel Kahn Gillmor Tue, 30 Jun 2015 18:13:58 -0400 ++ ++gnupg2 (2.1.5-1) experimental; urgency=medium ++ ++ * New upstream release ++ ++ -- Daniel Kahn Gillmor Thu, 11 Jun 2015 13:18:56 -0400 ++ ++gnupg2 (2.1.4-2) experimental; urgency=medium ++ ++ * avoid excess dependencies on headless servers (Closes: #753163) ++ ++ -- Daniel Kahn Gillmor Wed, 03 Jun 2015 14:12:49 -0400 ++ ++gnupg2 (2.1.4-1) experimental; urgency=medium ++ ++ * New upstream release. ++ ++ -- Daniel Kahn Gillmor Thu, 28 May 2015 00:25:55 -0400 ++ ++gnupg2 (2.1.3-1) experimental; urgency=medium ++ ++ * New upstream version. ++ * Add gnupg2-dbg (Closes: #781631) ++ ++ -- Daniel Kahn Gillmor Wed, 01 Apr 2015 12:10:38 -0400 ++ ++gnupg2 (2.1.2-2) experimental; urgency=medium ++ ++ * Fix segv due to NULL value stored as opaque MPI. ++ ++ -- Daniel Kahn Gillmor Sat, 21 Feb 2015 10:26:50 -0500 ++ ++gnupg2 (2.1.2-1) experimental; urgency=medium ++ ++ * New upstream version ++ * move from automake1.11 to plain automake (upstream uses 1.14 now) ++ ++ -- Daniel Kahn Gillmor Thu, 12 Feb 2015 20:10:43 -0500 ++ ++gnupg2 (2.1.1-1) experimental; urgency=medium ++ ++ * New upstream version (closes: #772654) ++ * gnupg2 now Breaks: older versions of dirmngr (closes: #769460) ++ ++ -- Daniel Kahn Gillmor Tue, 16 Dec 2014 14:58:06 -0500 ++ ++gnupg2 (2.1.0-1) experimental; urgency=medium ++ ++ * import upstream 2.1.0 release. ++ * drop debian/patches/speed-up-test-suite.patch -- included upstream. ++ * avoid self-reporting as a beta now that this is a release ++ ++ -- Daniel Kahn Gillmor Thu, 06 Nov 2014 12:31:06 -0500 ++ ++gnupg2 (2.1.0~beta895-3) experimental; urgency=medium ++ ++ * update gnupg-agent.xsession to export ssh-agent where ++ configured. (Closes: #767341) ++ * use cheap/fast entropy for the test suite so that builds on ++ low-entropy machines go faster. ++ ++ -- Daniel Kahn Gillmor Thu, 30 Oct 2014 13:37:08 -0400 ++ ++gnupg2 (2.1.0~beta895-2) experimental; urgency=medium ++ ++ * added pkg-config to Build-Depends. ++ ++ -- Daniel Kahn Gillmor Wed, 29 Oct 2014 18:36:27 -0400 ++ ++gnupg2 (2.1.0~beta895-1) experimental; urgency=medium ++ ++ * new upstream version in experimental (Closes: #762844, #751266, #762844) ++ * ship /usr/bin/gpgparsemail (Closes: #760575) ++ * document that doc/OpenPGP is not actually an RFC, but just refers to ++ one (closes: #745410) ++ * Bump Standards-Version to 3.9.6 (no changes needed) ++ * --enable-large-secmem to ensure that gpg2 works with pre-generated ++ oversized RSA keys ++ * updated /etc/X11/Xsession.d/90gpg-agent to export $GPG_AGENT_INFO ++ about the standard socket. ++ ++ -- Daniel Kahn Gillmor Wed, 29 Oct 2014 17:53:06 -0400 ++ ++gnupg2 (2.0.28-3) unstable; urgency=medium ++ ++ * pass DBUS_SESION_BUS_ADDRESS to the agent for gnome3. ++ ++ -- Daniel Kahn Gillmor Sat, 04 Jul 2015 14:21:41 -0400 ++ ++gnupg2 (2.0.28-2) unstable; urgency=medium ++ ++ * d/clean: drop stamp-po to rebuild l10n (Closes: #788989) ++ ++ -- Daniel Kahn Gillmor Tue, 30 Jun 2015 17:17:11 -0400 ++ ++gnupg2 (2.0.28-1) unstable; urgency=medium ++ ++ * new upstream release ++ * really address excess dependencies on headless server (thanks Raphaël ++ Halimi for noticing) (Closes: #753163) ++ ++ -- Daniel Kahn Gillmor Tue, 02 Jun 2015 12:16:57 -0400 ++ ++gnupg2 (2.0.27-2) unstable; urgency=medium ++ ++ * import upstream fix to avoid replicating unknown subkey ++ packets. (Closes: #787045) (Thanks, NIIBE Yutaka) ++ ++ -- Daniel Kahn Gillmor Thu, 28 May 2015 00:55:51 -0400 ++ ++gnupg2 (2.0.27-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Provide a simple way for users to avoid gpg-agent hijacking, ++ working around: #760102 (Closes: #753163) ++ ++ -- Daniel Kahn Gillmor Fri, 08 May 2015 18:15:15 -0400 ++ ++gnupg2 (2.0.26-6) unstable; urgency=medium ++ ++ * Avoid NULL dereference with opaque MPI. ++ ++ -- Daniel Kahn Gillmor Sat, 21 Feb 2015 18:01:40 -0500 ++ ++gnupg2 (2.0.26-5) unstable; urgency=medium ++ ++ * import bug-fixes from upstream ++ (Closes: #773415, #773469, #773471, #773472, #773423) ++ * Fixes CVE-2015-1606 "Use after free, resulting from failure to skip ++ invalid packets", CVE-2015-1607 "memcpy with overlapping ranges, ++ resulting from incorrect bitwise left shifts" (Closes: #778577) ++ ++ -- Daniel Kahn Gillmor Mon, 16 Feb 2015 17:45:06 -0500 ++ ++gnupg2 (2.0.26-4) unstable; urgency=medium ++ ++ [ David Prévot ] ++ * Update POT and PO files, and ensure the translations get rebuild ++ * Update French translation (Closes: #769574) ++ * Update Ukrainian translation, thanks to Yuri Chornoivan ++ * Update German translation, thanks to Werner Koch ++ * Update Danish translation, thanks to Joe Hansen ++ * Update Japanese translation, thanks to NIIBE Yutaka ++ * Update Chinese (traditional) translation, thanks to Jedi Lin ++ * Update Russian translation, thanks to Ineiev ++ * Update Polish translation, thanks to Jakub Bogusz ++ * Update Spanish translation, thanks to Manuel "Venturi" Porras Peralta ++ (Closes: #770727) ++ * New Dutch translation, thanks to Frans Spiesschaert (Closes: #770981) ++ ++ [ Daniel Kahn Gillmor ] ++ * bugfix and cryptographic safety changes imported from upstream: ++ - Avoid regression when adding subkeys with strong s2k algorithms ++ (Closes: #772780) Thanks, NIIBE Yutaka ++ - Allow french translation to work when prompting for passphrase. ++ - add build and runtime support for larger RSA keys (Closes: #739424) ++ - fix runtime errors on bad input (Closes: #771987) ++ - deprecate insecure one-argument variant for gpg --verify of detached ++ signatures (Closes: #771992) ++ - initialize trustdb before trying to clear it (Closes: #735363) ++ - default to issuing SHA256 signatures for RSA ++ - avoid relying on MD5 signatures ++ - show v3 key fingerprints as all zero (OpenPGPv3 is deprecated) ++ ++ -- Daniel Kahn Gillmor Sun, 04 Jan 2015 17:17:00 -0500 ++ ++gnupg2 (2.0.26-3) unstable; urgency=medium ++ ++ * fix typo in gpg.info (closes: #760273) ++ * drop versioned Build-Conflicts on automake by setting environment ++ variables in debian/rules ++ * ship /usr/bin/gpgparsemail (closes: #760575) ++ * warn but don't fail when scdaemon options are in ~/.gnupg/gpg.conf ++ (closes: #762844) ++ * do not break on --trust-model=always (closes: #751266) ++ * document that doc/OpenPGP is not actually an RFC, but just refers to ++ one (closes: #745410) ++ * Bump Standards-Version to 3.9.6 (no changes needed) ++ ++ -- Daniel Kahn Gillmor Tue, 30 Sep 2014 23:39:15 -0400 ++ ++gnupg2 (2.0.26-2) unstable; urgency=medium ++ ++ * ignore emacs turds in debian/ ++ * update Vcs fields ++ * move package to group maintenance ++ * wrap-and-sort cleanup of debian/* ++ ++ -- Daniel Kahn Gillmor Thu, 28 Aug 2014 11:42:18 -0700 ++ ++gnupg2 (2.0.26-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * debian/control: Suggest parcimonie. Thanks ilf. (Closes: #752261) ++ ++ -- Eric Dorland Tue, 19 Aug 2014 18:09:08 -0400 ++ ++gnupg2 (2.0.25-2) unstable; urgency=medium ++ ++ * debian/control: Switch to libgcrypt20-dev (aka 1.6 release). ++ ++ -- Eric Dorland Fri, 08 Aug 2014 14:12:05 -0400 ++ ++gnupg2 (2.0.25-1) unstable; urgency=medium ++ ++ * New upstream release. ++ ++ -- Eric Dorland Mon, 30 Jun 2014 13:10:04 -0400 ++ ++gnupg2 (2.0.24-1) unstable; urgency=high ++ ++ * New upstream release. Fixes CVE-2014-4617 "infinite loop when ++ decompressing data packets". (Closes: #752498) ++ * debian/patches/02-gpgv2-dont-link-libassuan.diff: Drop, now ++ upstreamed. ++ ++ -- Eric Dorland Wed, 25 Jun 2014 00:11:19 -0400 ++ ++gnupg2 (2.0.23-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * debian/upstream/signing-key.asc: Rename upstream-signing-key.pgp to ++ the new, supported name. ++ * debian/control: Restore versioned conflict against gpg-idea. (Closes: ++ #733984) ++ * debian/control: Add Recommends on dirmngr for gpgsm. (Closes: #683579) ++ ++ -- Eric Dorland Sun, 08 Jun 2014 19:20:17 -0400 ++ ++gnupg2 (2.0.22-3) unstable; urgency=low ++ ++ * debian/watch, debian/upstream-signing-key.pgp: Add upstream signing ++ key for uscan verification. ++ * debian/kbxutil.1, debian/rules: Add better description and regenerate ++ the manpage. ++ * debian/control: Remove version on gpg-idea conflict, add missing ++ Breaks for gpgsm and convert Conflicts to Breaks for gpgv2. ++ * debian/control: Move gnupg-agent to Depends for gpgsm instead of ++ Replaces (which in turn should have been Recommends). ++ * debian/control: Standards-Version to 3.9.5. ++ * debian/copyright: Switch to a shiny DEP-5 copyright file. ++ ++ -- Eric Dorland Wed, 01 Jan 2014 22:56:56 -0500 ++ ++gnupg2 (2.0.22-2) unstable; urgency=low ++ ++ * debian/control: Fix Build-Conflicts on newer automakes. Thanks Chris ++ Boot. (Closes: #726015) ++ * debian/control: IDEA is no longer patented, drop its metion from the ++ description. Thanks brian m. carlson. (Closes: #726139) ++ * debian/rules: Disable the test suite on mips and mipsel to work around ++ Bug:#730846. ++ ++ -- Eric Dorland Sat, 30 Nov 2013 23:47:56 -0500 ++ ++gnupg2 (2.0.22-1) unstable; urgency=low ++ ++ * New upstream version. Fixes CVE-2013-4402 and CVE-2013-4351. (Closes: ++ #725433, #722724) ++ * debian/gnupg2.install: Install gnupg-card-architecture.png for the ++ info file. ++ ++ -- Eric Dorland Sat, 05 Oct 2013 17:45:28 -0400 ++ ++gnupg2 (2.0.21-2) unstable; urgency=low ++ ++ * debian/rules, debian/gnupg2.install: Switch libexecdir to ++ /usr/lib/gnupg2 to install helper binaries to a non-multiarch specific ++ location. (Closes: #717303) ++ * debian/control, debian/gpgv2.install: Split out gpgv2 into its own ++ package. ++ * debian/control, debian/gnupg2.install, debian/kbxutil.1: Add rule and ++ manpage for kbxutil using help2man. (Closes: #323494) ++ * debian/patches/02-gpgv2-dont-link-libassuan.diff: Don't link gpgv2 ++ against libassuan as it's not used. ++ * debian/rules: Install changelog for gpgv2. ++ ++ -- Eric Dorland Sun, 01 Sep 2013 00:42:16 -0400 ++ ++gnupg2 (2.0.21-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #613465, #720369) ++ * debian/patches/01-gnupg2-rename.diff: Refresh patch. ++ * debian/control: Fix Vcs-Git path. ++ * debian/control: Now depends on libgpg-error >= 1.11. ++ * debian/control: Build-Depends on automake1.11 since the test suite ++ fails on newer versions. (Closes: #713287) ++ * debian/control: Also need a Build-Conflicts on automake (<= 1.12). ++ ++ -- Eric Dorland Sat, 24 Aug 2013 20:33:19 -0400 ++ ++gnupg2 (2.0.20-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #691237, #583893) ++ * debian/patches/02-cve-2012-6085.diff: Remove, merged upstream. ++ * debian/control: Upgrade Standards-Version to 3.9.4. ++ * debian/compat, debian/control: Upgrade to debhelper v9. ++ * debian/control, debian/rules: Drop hardening-wrapper, now that we use ++ debhelper v9. ++ * debian/scdaemon.install: scdaemon has moved under $libexecdir. ++ * debian/control: Tighten dependency on scdaemon. ++ * debian/rules: Turn on all hardening options. ++ * debian/patches/01-gnupg2-rename.diff: Refresh patch. ++ * debian/gnupg-agent.install, debian/gnupg2.install, ++ debian/scdaemon.install: Fix /usr/lib paths for multi-arch. ++ * debian/rules: Pass ${pkglibdir} to --libexecdir since dh v9 passes ++ ${libdir} by default. ++ ++ -- Eric Dorland Sat, 11 May 2013 18:28:57 -0400 ++ ++gnupg2 (2.0.19-2) unstable; urgency=high ++ ++ * debian/patches/02-cve-2012-6085.diff: Patch from upstream to fix ++ CVE-2012-6085, "gnupg key import memory corruption". (Closes: #697251) ++ * debian/control: Use canonical addresses for VCS. ++ * debian/control: Fix scdaemon short description. ++ ++ -- Eric Dorland Fri, 04 Jan 2013 00:56:52 -0500 ++ ++gnupg2 (2.0.19-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #666092) ++ * debian/control: Add Multi-Arch: foreign to all packages. ++ * debian/rules: Update ChangeLog locations. ++ ++ -- Eric Dorland Sat, 31 Mar 2012 01:06:02 -0400 ++ ++gnupg2 (2.0.18-2) unstable; urgency=low ++ ++ * debian/control, debian/gpgsm.install, debian/scdaemon.install: Add a ++ separate package for the scdaemon. (Closes: #416129) ++ * debian/control, debian/gpgsm.install, debian/gnupg2.install, ++ gnupg-agent.install: Move gpg-preset-passphrase and gpg-protect-tool ++ into the gnupg-agent. ++ * debian/control: Upgrade Standards-Version to 3.9.2. ++ * debian/rules: Install ChangeLog for new scdaemon package. ++ ++ -- Eric Dorland Sat, 15 Oct 2011 20:21:35 -0400 ++ ++gnupg2 (2.0.18-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #635206) ++ * debian/copyright: Update ftp location. (Closes: #624404) ++ * debian/patches/01-gnupg2-rename.diff: Refresh patch. ++ ++ -- Eric Dorland Tue, 30 Aug 2011 03:43:20 -0400 ++ ++gnupg2 (2.0.17-3) unstable; urgency=low ++ ++ * debian/rules: Convert the rules file to use the lovely dh format. ++ * debian/gnupg2.dirs, debian/gnupg-agent.dirs, debian/gpgsm.dirs: Remove ++ unless dirs files. ++ * debian/gnupg-agent.lintian-overrides, debian/gnupg2.lintian-overrides, ++ debian/gpgsm.lintian-overrides: Remove unneeded lintian-overrides files. ++ ++ -- Eric Dorland Mon, 14 Feb 2011 03:17:39 -0500 ++ ++gnupg2 (2.0.17-2) unstable; urgency=low ++ ++ * debian/control: Add dependency on dpkg (>= 1.15.4) | install-info for ++ info install trigger. ++ * debian/control, debian/rules: Use debian build hardening. ++ ++ -- Eric Dorland Sun, 13 Feb 2011 16:33:17 -0500 ++ ++gnupg2 (2.0.17-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #584316, #603985, #603983, #603984) ++ * debian/patches/02-encode-s2k.diff, ++ debian/patches/03-gpgsm-realloc.diff, debian/patches/series: Drop now ++ unneeded security patches. ++ * debian/rules, debian/patches/01-gnupg2-rename.diff, ++ debian/gnupg2.info, debian/gnupg2.install: No need to rename the info ++ file anymore. ++ * debian/patches/01-gnupg2-rename.diff: Rename the autoconf package for ++ better renaming of pkg directories. (Closes: #579006) ++ * debian/control, debian/compat: Upgrade to debhelper level 8. ++ * debian/control: ++ - Upgrade Standards-Version to 3.9.1. ++ - Update Build-Depends versions for the latest release. ++ * debian/gnupg2.install: Add the applygnupgdefaults command. (Closes: ++ #567537) ++ * debian/gnupg2.docs: doc/faq.html no longer exists. ++ ++ -- Eric Dorland Sun, 13 Feb 2011 16:06:41 -0500 ++ ++gnupg2 (2.0.14-2) unstable; urgency=low ++ ++ * debian/*.lintian, debian/*.lintian-overrides, debian/rules: Rename ++ lintian files and use dh_lintian instead of shell snippets. ++ * debian/source/patch-header, debian/source/options: Delete patch header ++ and remove single-debian-patch option. ++ * debian/patches/01-gnupg2-rename.diff: Move patch to do the necessary ++ renaming of gnupg -> gnupg2 in a quilt patch. ++ * debian/patches/02-encode-s2k.diff: Added patch to fix passphrase ++ problem in gpgsm. Thanks Martijn van Brummelen for the NMU to fix this ++ problem in 2.0.14-1.1. ++ * debian/patches/03-gpgsm-realloc.diff: Fix for "Realloc Bug with X.509 ++ certificates" for gpgsm. (Closes: #590122) ++ * debian/rules, debian/control: Use dh-autoreconf and autopoint to ++ regenerate autotools files at build time. ++ ++ -- Eric Dorland Sun, 25 Jul 2010 02:16:42 -0400 ++ ++gnupg2 (2.0.14-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/control: Build depend on libreadline-dev instead of ++ libreadline5-dev, since libreadline6-dev is out. (Closes: #548922) ++ * debian/source/format, debian/source/options, ++ debian/source/patch-header: Convert to v3 quilt format, with ++ single-debian-patch. ++ * debian/control: Tighten dependency on gnupg-agent. (Closes: #551792) ++ ++ -- Eric Dorland Sat, 09 Jan 2010 21:15:18 -0500 ++ ++gnupg2 (2.0.13-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/control: Depend instead of Recommend gnupg-agent. (Closes: ++ #538947) ++ ++ -- Eric Dorland Mon, 07 Sep 2009 20:38:23 -0400 ++ ++gnupg2 (2.0.12-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #499569, #463270, #446494, #314068, ++ #519375, #514587) ++ * debian/control: Change build dependency on gs to ghoscript, since ++ ghoscript has been replaced. ++ * debian/compat: Use debhelper v7. ++ * debian/control: Update Standards-Version to 3.8.2. ++ * debian/control: Use ${misc:Depends}. ++ * configure.ac: Override pkgdatadir so that it points to ++ /usr/share/gnupg2. (Closes: #528734) ++ * debian/rules: No longer need to specify pkgdatadir at make install ++ time. ++ ++ -- Eric Dorland Sun, 23 Aug 2009 20:48:11 -0400 ++ ++gnupg2 (2.0.11-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #496663) ++ * debian/control: Make the description a little more distinctive than ++ gnupg v1's. Thanks Jari Aalto. (Closes: #496323) ++ ++ -- Eric Dorland Sun, 08 Mar 2009 22:46:47 -0400 ++ ++gnupg2 (2.0.9-3) unstable; urgency=medium ++ ++ * Urgency medium to try to beat the release. ++ * tools/gpgkey2ssh.c: Patch from Daniel Kahn Gillmor to fix broken ssh ++ key generation. (Closes: #473841) ++ ++ -- Eric Dorland Mon, 21 Jul 2008 03:48:11 -0400 ++ ++gnupg2 (2.0.9-2) unstable; urgency=low ++ ++ * The "I've neglected you too long" release. ++ ++ * debian/control: ++ - Add recommends on gnupg-agent for gpgsm and gnupg2, since they need ++ it under most circumstances. (Closes: #459462, #477691) ++ - Depend on pinentry instead of recommend, and move pinentry-gtk2 to the ++ front of the alternatives list. (Closes: #462951) ++ * keyserver/gpgkeys_curl.c, keyserver/gpgkeys_hkp.c: Fix FTBFS with gcc ++ 4.3 strictness on bitfields combined with curl. (Closes: #476999) ++ ++ -- Eric Dorland Mon, 28 Apr 2008 03:22:20 -0400 ++ ++gnupg2 (2.0.9-1) unstable; urgency=low ++ ++ * New upstream release. Fixes CVE-2008-1530, Key import memory corruption. ++ (Closes: #472928) ++ * debian/rules: Don't ignore status of make distclean, just check for ++ the existance of the Makefile. ++ ++ -- Eric Dorland Sat, 29 Mar 2008 03:21:21 -0400 ++ ++gnupg2 (2.0.8-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #428635) ++ * debian/watch: Use passive ftp, ftp.gnupg.org doesn't seem happy ++ otherwise. (Closes: #456467) ++ * debian/control: ++ - Requires libassuan >= 1.0.4 now. ++ - Remove the XS- prefix from the Vcs-* headers. ++ - Add Homepage header. ++ - Upgrade Standards-Version to 3.7.3.0. ++ - Make gnupg2 optional rather than extra. ++ - Remove unnecessary conflict on suidmanager. ++ ++ -- Eric Dorland Sat, 22 Dec 2007 02:06:42 -0500 ++ ++gnupg2 (2.0.7-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/rules: ++ - Remove unnecessary deletion of the .gmo files. (Closes: #442583) ++ - Clean out some old comments ++ * gnupg-agent.xsession: Remove the quotes around --write-env-file ++ argument. Not ideal, but fine for now. Thanks Luis Rodrigo Gallardo ++ Cruz. (Closes: #443580) ++ ++ -- Eric Dorland Sun, 30 Sep 2007 02:50:40 -0400 ++ ++gnupg2 (2.0.6-1) unstable; urgency=low ++ ++ * New upstream release. (Closes: #437289) ++ * debian/gnupg-agent.xsession: Run the Xsession under the gpg-agent, so ++ it exits properly when the session dies. (Closes: #401843) ++ * debian/control: Add XS-Vcs headers for its new git home. ++ ++ -- Eric Dorland Mon, 03 Sep 2007 23:29:11 -0400 ++ ++gnupg2 (2.0.5-2) unstable; urgency=low ++ ++ * The "Ubuntu, I would have done it had you only asked" release. ++ ++ * debian/copyright: Fix download location. Thanks Ubuntu. ++ * debian/README.Debian: Remove, doesn't contain any relevant info. ++ * debian/rules: ++ - Build with --sysconfdir=/etc, thanks Bernhard Herzog. (Closes: #434790) ++ - Run dh_installexamples. ++ - Don't list the docs to install in here. ++ * debian/gnupg2.examples: New file, install gpgconf.conf as an example ++ into /usr/share/doc. Hope this is a good compromise Bernhard. (Closes: ++ #434878) ++ * debian/control: ++ - Remove opensc and pcsc-lite build dependencies, they're not used anymore. ++ - Add libcurl4-gnutls-dev build dep, to use the real curl. ++ * g10/call-agent.c: set DBG_ASSUAN to 0 to suppress a debug ++ message. Thanks Ubuntu. ++ * debian/gnupg2.docs, debian/gpgsm.docs: Move installed docs in here, ++ add some new docs. Thanks Ubuntu. ++ * debian/rules, debian/gnupg-agent.install: Build symcryptrun and install it ++ in the gnupg-agent package. Thanks Bernhard Herzog. (Closes: #434787) ++ * debian/rules, debian/control: Only recommend libldap, don't depend on ++ it.Thanks Riku. (Closes: #435138) ++ ++ -- Eric Dorland Thu, 16 Aug 2007 22:24:16 -0400 ++ ++gnupg2 (2.0.5-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/watch: Add watch file. ++ * debian/control: ++ - Require libassuan 1.0.2 or greater. ++ - Require libksba 1.0.2 or greater. ++ - Don't recommend plain gpg anymore. ++ * debian/copyright: Update copyright text for GPL v3 relicensing. ++ * docs/scdaemon.texi: Remove old --print-atr documentation. Thanks ++ Ludovic Rousseau. (Closes: #404128) ++ ++ -- Eric Dorland Sun, 22 Jul 2007 16:03:32 -0400 ++ ++gnupg2 (2.0.4-1) unstable; urgency=low ++ ++ * New upstream release. ++ ++ -- Eric Dorland Fri, 11 May 2007 00:41:01 -0400 ++ ++gnupg2 (2.0.3-1) unstable; urgency=high ++ ++ * New upstream release. ++ - Fixes multoiple messages problem aka CVE-2007-1263. ++ ++ -- Eric Dorland Fri, 9 Mar 2007 03:28:53 -0500 ++ ++gnupg2 (2.0.2-1) unstable; urgency=high ++ ++ * New upstream release. (Closes: #409559) ++ * Thanks Andreas Barth for NMUs. (Closes: #400777, #401895, #401913) ++ * debian/gpgsm.install: pcsc-wrapper renamed to gnupg-pcsc-wrapper. ++ ++ -- Eric Dorland Mon, 19 Feb 2007 20:34:52 -0500 ++ ++gnupg2 (2.0.0-5) unstable; urgency=high ++ ++ * debian/control: Remove unnecessary dependencies on makedev and ++ udev. Thanks Marco d'Itri. ++ * doc/gnupg.texi, debian/gnupg2.info, debian/rules: Set the output file ++ to gnupg2.info, and use that for the index. (Closes: #398493) ++ ++ -- Eric Dorland Fri, 24 Nov 2006 02:23:35 -0500 ++ ++gnupg2 (2.0.0-4) unstable; urgency=medium ++ ++ * debian/control: Update forgotten replaces for pcsc-wrapper move. ++ ++ -- Eric Dorland Mon, 20 Nov 2006 23:02:25 -0500 ++ ++gnupg2 (2.0.0-3) unstable; urgency=medium ++ ++ * debian/control: Remove warning about development, thanks Gonzalo ++ HIGUERA DIAZ. (Closes: #399551) ++ ++ -- Eric Dorland Mon, 20 Nov 2006 14:32:33 -0500 ++ ++gnupg2 (2.0.0-2) unstable; urgency=medium ++ ++ * All packaging fixes, so urgency medium to beat the freeze. ++ * debian/distfiles, debian/lintian.override, debian/point-to-info.1: ++ Remove unused files. ++ * debian/gnupg2.info, debian/rules, gnupg2.files: Install all the info ++ files properly. (Closes: #398493) ++ * debian/rules: ++ - Remove some unnecessary autotools build rules. ++ - Move some of make install targets more correctly to the ++ configure line. ++ * debian/*.files, debian/rules: Rename *.files to .install and use ++ dh_install nstead of dh_movefiles. ++ * debian/gnupg-agent.xsession: Account for spaces in the configuration ++ file, thanks Artem Zolochevskiy. (Closes: #352326) ++ * debian/control: ++ - Adjust build-dependency versions slightly to match what the ++ configure scipt requires. ++ - Update Standards-Version to 3.7.2.2. ++ * debian/gpgsm.install, debian/gnupg2.install: Install the pcsc-wrapper ++ in gpgsm. (Closes: #353232) ++ * debian/gpgsm.install, debian/rules: Install gpg-protect-tool into ++ /usr/libb/gnupg2. ++ ++ -- Eric Dorland Sun, 19 Nov 2006 18:03:39 -0500 ++ ++gnupg2 (2.0.0-1) unstable; urgency=medium ++ ++ * New upstream release. (Closes: #398215) ++ * common/estream.c: #define PTH_SYSCALL_SOFT 0 as suggested by Daniel Hess. ++ ++ -- Eric Dorland Sun, 12 Nov 2006 23:52:59 -0500 ++ ++gnupg2 (1.9.94-1) unstable; urgency=low ++ ++ * New upstream release. ++ ++ -- Eric Dorland Thu, 2 Nov 2006 16:06:30 -0500 ++ ++gnupg2 (1.9.93-1) unstable; urgency=medium ++ ++ * New upstream release. Urgency medium to try to beat the freeze. Thanks ++ to Andreas Metzler for getting this package into shape. ++ ++ -- Eric Dorland Wed, 25 Oct 2006 00:41:15 -0400 ++ ++gnupg2 (1.9.91-0.1) unstable; urgency=low ++ ++ * New upstream version, built against clean upstream tarball. ++ (Closes: #378489,#388257) ++ * bump Build-Depends: ++ - libgpg-error-dev 0.6 -> 1.4 ++ - libassuan-dev 0.6.10 -> 0.9.1 ++ - libksba-dev 0.9.13 -> 1.0.0 (closes: #368552) ++ * Add libreadline5-dev to Build-Depends. ++ * Pass proper --build and --host args to ./configure. ++ * configure with --mandir='$${prefix}/share/man'. ++ * Add $(LIBINTL) to gpgsplit_LDADD in tools/Makefile.am. ++ * New upstream includes a lot more manpages, ship them. ++ (Closes: #300129,#300677) ++ gpg-agent(1) documents ~/gpg-agent.conf. (Closes: #300676) ++ * Update debian/copyright. ++ * Drop gnupg2.postinst gnupg2.postrm postinst postrm. They all only consited ++ of calls to suidregister for /usr/bin/gpg" or "chmod 4755 /usr/bin/gpg". ++ suidregister has been obsolete for a long time and /usr/bin/gpg is not ++ part of these packages. - If /usr/bin/gpg(v)2 was supposed to be installed ++ suid it should be shipped with these permissions in the deb instead ++ using chmod in postinst anyway. ++ * Drop preinst (ending up as gnupg-agent's preinst), which only showed ++ a warning on upgrades from <<0.3.2-1. - There never was a gnupg-agent ++ 0.3.2-1. ++ * Add (noop) binary-indep target as required by policy 4.9. ++ ++ -- Andreas Metzler Sun, 8 Oct 2006 07:51:44 +0000 ++ ++gnupg2 (1.9.20-2) unstable; urgency=high ++ ++ * debian/control: Make myself the maintainer with Matthias' permission. ++ * Acknowledge NMU. (Closes: #375053, #376755) ++ * g10/parse-packet.c: Patch from Martin Schulze to backport security fix ++ for CVE-2006-3746, crash when receiving overly long comments. ++ ++ -- Eric Dorland Fri, 4 Aug 2006 18:11:43 -0400 ++ ++gnupg2 (1.9.20-1.1) unstable; urgency=high ++ ++ * Non-maintainer upload. ++ * Adapt patch from upstream CVS, fixing buffer overflow leading to remote ++ DoS/crash (CVE-2006-3082). (Closes: #375053) ++ ++ -- Steinar H. Gunderson Tue, 4 Jul 2006 20:37:43 +0200 ++ ++gnupg2 (1.9.20-1) unstable; urgency=low ++ ++ * New Upstream version. Closes:#306890,#344530 ++ * Closes:#320490: gpg-protect-tool fails to decrypt PKCS-12 files ++ * Depend on libopensc2-dev, not -1-. Closes:#348106 ++ ++ -- Matthias Urlichs Tue, 24 Jan 2006 04:31:42 +0100 ++ ++gnupg2 (1.9.19-2) unstable; urgency=low ++ ++ * Convert debian/changelog to UTF-8. ++ * Put gnupg-agent and gpgsm lintian overrides in the respectively ++ right package. Closes: #335066 ++ * Added debhelper tokens to maintainer scripts. ++ * xsession fixes: ++ o Added host name to gpg-agent PID file name. Closes: #312717 ++ o Fixed xsession script to be able to run under zsh. Closes: #308516 ++ o Don't run gpg-agent if one is already running. Closes: #336480 ++ * debian/control: ++ o Fixed package description of gpgsm package. Closes: #299842 ++ o Added mention of gpg-agent to description of gnupg-agent package. ++ Closes: #304355 ++ * Thanks to Peter Eisentraut for all of the above. ++ ++ -- Matthias Urlichs Thu, 8 Dec 2005 22:13:21 +0100 ++ ++gnupg2 (1.9.19-1) unstable; urgency=low ++ ++ * Merged with 1.9.19. ++ * Re-enable gpgv2 package. ++ ++ -- Matthias Urlichs Sat, 22 Oct 2005 14:33:33 +0200 ++ ++gnupg2 (1.9.17-1) unstable; urgency=low ++ ++ * Merged with Upstream 1.9.17. ++ ++ -- Matthias Urlichs Mon, 4 Jul 2005 01:56:43 +0200 ++ ++gnupg2 (1.9.15-6) unstable; urgency=high ++ ++ * Move gpg-protect-tool to the gpgsm package. ++ Closes: #303492. ++ High urgency because this renders gpgsm unuseable for some people. ++ * gpg-agent: Override max-cache-ttl if a higher default is set. ++ Closes: #302692. ++ ++ -- Matthias Urlichs Thu, 7 Apr 2005 10:13:19 +0200 ++ ++gnupg2 (1.9.15-5) unstable; urgency=low ++ ++ * Add /etc/X11/Xsession.d/90gpg-agent script. Closes: #300128. ++ * Emphasize that gnupg2 is NOT useful at the moment. ++ * Conflict+replace gpg-agent with newpg. ++ ++ -- Matthias Urlichs Thu, 10 Mar 2005 22:46:10 +0100 ++ ++gnupg2 (1.9.15-4) unstable; urgency=low ++ ++ * Incorporated Ubuntu changes from Andreas Mueller. ++ ++ -- Matthias Urlichs Thu, 10 Mar 2005 21:41:59 +0100 ++ ++gnupg2 (1.9.15-3ubuntu3) hoary; urgency=low ++ ++ * removed info file ++ ++ -- Andreas Mueller Tue, 8 Mar 2005 01:58:39 +0100 ++ ++gnupg2 (1.9.15-3ubuntu2) hoary; urgency=low ++ ++ * changed rules file, part cp gnupg.info to mv ++ and added dh_installinfo. ++ * changed Standards Version to 3.6.1 ++ ++ -- Andreas Mueller Tue, 8 Mar 2005 00:53:31 +0100 ++ ++gnupg2 (1.9.15-3ubuntu1) hoary; urgency=low ++ ++ * added missing build depends texinfo ++ ++ -- Andreas Mueller Mon, 7 Mar 2005 22:47:56 +0100 ++ ++gnupg2 (1.9.15-2) hoary; urgency=low ++ ++ * Initial checkin ++ ++ -- Andreas Mueller Mon, 7 Mar 2005 21:13:32 +0100 ++ ++gnupg2 (1.9.15-1) experimental; urgency=low ++ ++ * New Upstream release. ++ * Removed -doc package: ++ - The package itself is too smal to merit being packaged separately. ++ - Interim solution: Documentation is included in the gnupg2 package. ++ - Goal: ask Upstream to split the .info file. ++ * Removed suidness. ++ * Update debian/copyright. ++ * Require libassuan >= 0.6.9. ++ ++ -- Matthias Urlichs Tue, 25 Jan 2005 08:19:15 +0100 ++ ++gnupg2 (1.9.11+cvs20040924-5) experimental; urgency=low ++ ++ * Rebuild to depend on opensc1. ++ * Split -doc into its own package. ++ ++ -- Matthias Urlichs Thu, 16 Dec 2004 10:30:44 +0100 ++ ++gnupg2 (1.9.11+cvs20040924-4) experimental; urgency=low ++ ++ * Turn on setuid-ness. ++ - Added Lintian overrides. ++ * Install all "standard" message files. ++ - Makefile.in: The package name for gettext is in the macro PACKAGE_GT, ++ not PACKAGE. ++ * Fix shebang line of addgnupghome script. ++ * Install info file in the correct place. ++ * Build cleanups. ++ ++ -- Matthias Urlichs Tue, 5 Oct 2004 10:59:56 +0200 ++ ++gnupg2 (1.9.11+cvs20040924-3) experimental; urgency=low ++ ++ * rename gnupg-agent's changelog file ++ * Fix gnupg-agent's dependencies ++ ++ -- Matthias Urlichs Sun, 3 Oct 2004 20:14:30 +0200 ++ ++gnupg2 (1.9.11+cvs20040924-2) experimental; urgency=low ++ ++ * Shipped a /usr/share/locale.alias file. Ouch. ++ * Split off gpgsm. ++ ++ -- Matthias Urlichs Wed, 29 Sep 2004 10:25:51 +0200 ++ ++gnupg2 (1.9.11+cvs20040924-1) experimental; urgency=low ++ ++ * New Upstream. ++ ++ -- Matthias Urlichs Sat, 25 Sep 2004 11:05:44 +0200 ++ ++gnupg2 (1.9.10+cvs-1) experimental; urgency=low ++ ++ * Packaged latest Upstream version. ++ * Split gpg-agent into its own .deb. ++ * Bit the bullet and started using debhelper. ++ ++ -- Matthias Urlichs Thu, 19 Aug 2004 11:43:34 +0200 ++ ++gnupg2 (1.9.9-1) experimental; urgency=low ++ ++ * Packaged latest Upstream version. ++ ++ -- Matthias Urlichs Mon, 14 Jun 2004 17:18:18 +0200 ++ ++gnupg2 (1.9.5-1) experimental; urgency=low ++ ++ * Packaged Upstream development version. ++ Closes:#187548 ++ ++ -- Matthias Urlichs Mon, 8 Mar 2004 05:30:35 +0100 ++ ++gnupg (1.2.4-4) unstable; urgency=low ++ ++ * 12_zero_length_header.dpatch: update patch from David Shaw ++ to fix the fix of crashing on certain ++ keys. Closes: #234289 ++ ++ -- James Troup Mon, 23 Feb 2004 18:02:20 +0000 ++ ++gnupg (1.2.4-3) unstable; urgency=low ++ ++ * Move to dpatch; existing non-debian/ change split into ++ 10_hppa_unaligned_constant.dpatch. ++ ++ * debian/rules: include /usr/share/dpatch/dpatch.make. ++ * debian/rules (build): depend on patch-stamp. ++ * debian/rules (clean): depend on unpatch. Remove debian/patched. ++ * debian/control (Build-Depends): add dpatch. ++ ++ * debian/rules: update version number and use install_foo convenience ++ variables. ++ * debian/rules (clean): remove emacs backup files from any directory. ++ ++ * 11_fi_po_update.dpatch: new patch from Tommi Vainikainen ++ to update Finnish translation as the current one ++ renders gnupg unusable. Closes: #232030, #222951, #192582 ++ * debian/rules (clean): remove po/fi.gmo to avoid dpkg-source errors ++ over unrepresentable changes to source. ++ ++ * 12_zero_length_header.dpatch: new patch from David Shaw ++ to fix cases where importing certain keys ++ makes the keyring unuseable. Closes: #232714 ++ ++ * 13_revoked_keys.dpatch: new patch from David Shaw ++ to list revoked keys as revoked. Closes: #231814 ++ ++ * 14_getkey_not_found_fix.dpatch: new patch from David Shaw ++ to fix --list-sigs incorrectly claiming "User ++ id not found". Closes: #229549 ++ ++ -- James Troup Fri, 20 Feb 2004 16:38:12 +0000 ++ ++gnupg (1.2.4-2) unstable; urgency=low ++ ++ * mpi/hppa1.1/udiv-qrnnd.S: patch from LaMont Jones ++ to fix unaligned constant. Closes: #228456 ++ * debian/copyright: update year and version number. ++ ++ -- James Troup Tue, 20 Jan 2004 17:19:58 +0000 ++ ++gnupg (1.2.4-1) unstable; urgency=medium ++ ++ * New upstream release. ++ * Most support for ElGamal Sign+Encrypt keys has been removed. Closes: #222293 ++ * No longer miss-identifies GNU/KFreeBSD as GNU/Hurd. Closes: #216957 ++ * Fixes build error on GNU/KFreeBSD (and Glibc-based GNU/KNetBSD). Closes: #221079 ++ * Fixes segmentation fault in prime generator. Closes: #213989 ++ * Fixes trustdb not updating without ultimately trusted keys. Closes: #222368 ++ ++ * debian/control (Build-Depends): add libbz2-dev. ++ ++ -- James Troup Wed, 31 Dec 2003 17:57:52 +0000 ++ ++gnupg (1.2.3-1) unstable; urgency=low ++ ++ * New upstream release (Closes: #207340). ++ * gpg no longer kills keyrings by importing broken keys. Closes: #196505 ++ * options.skel uses subkeys.pgp.net instead of pgp.mit.edu. Closes: #206092 ++ * --import now closes files when it's done. Closes: #196643 ++ * A key listing speed regression has been fixed. Closes: #192083 ++ * debian/copyright: update URL and date. ++ * debian/rules: update dates and version. ++ ++ * debian/control (Standards-Version): bump to 3.6.0. ++ ++ * debian/Upgrading_From_PGP.txt: new file from to Richard Braakman ++ . Closes: #173233 ++ * debian/rules (binary-arch): install it. ++ ++ * debian/rules (build): correct libexecdir passed to configure; patch ++ from Matthias Cramer . Fixes invocation of ++ gpgkeys_ldap. Closes: #168486 ++ ++ -- James Troup Thu, 28 Aug 2003 14:08:50 +0100 ++ ++gnupg (1.2.2-1) unstable; urgency=low ++ ++ * New upstream release. ++ * debian/control (Standards-Version): bump to 3.5.9.0. ++ * debian/rules (binary-arch): install convert-from-106 as ++ gpg-convert-from-106 and fix the path to gpg. ++ * debian/control: remove trailing full stop from short description. ++ * debian/control: remove out-dated and contradictory information about ++ RSA. ++ ++ -- James Troup Mon, 5 May 2003 03:08:58 +0100 ++ ++gnupg (1.2.1-2) unstable; urgency=low ++ ++ * Update config.guess (to 2002-10-21) and config.sub (to 2002-09-05). ++ Thanks to Ryan Murray. Closes: #166696 ++ ++ -- James Troup Mon, 28 Oct 2002 01:47:26 +0000 ++ ++gnupg (1.2.1-1) unstable; urgency=low ++ ++ * New upstream version. ++ * An inifinte loop in --update-trustdb has been fixed. Closes: #162039 ++ * The polish translation is now correctly specified as UTF-8. Closes: #162885 ++ * --refresh-keys is now documented in the manpage. Closes: #165566 ++ * debian/control (Conflicts): add gpg-idea <= 2.2 since gnupg >= 1.2 is ++ incompatible with that version of gpg-idea. Closes: #162314 ++ ++ -- James Troup Fri, 25 Oct 2002 18:18:43 +0100 ++ ++gnupg (1.2.0-1) unstable; urgency=low ++ ++ * New upstream version. Closes: #161817. ++ * --options no longer mis-handles a directory as an argument. Closes: #151973 ++ * gpg now prompts before sending all keys to the keyserver. Closes: #64607 ++ * There is now a gnupg(7) manpage. Closes: #157750 ++ * The permission checking has been sanitized and handles non-home-dir ++ keyrings better. Closes: #147760 ++ * notation data longer than 5 characters is now handled. Closes: #156871 ++ * an abort when setting trust levels in a czech locale has been fixed. ++ Closes: #149212 ++ * debian/rules (binary-arch): there are no more modules, adjust ++ accordingly. ++ * debian/postinst, debian/prerm: remove; no longer do /usr/doc symlinks. ++ * debian/rules (binary-arch): don't install obsolete postinst or prerm. ++ * debian/rules (binary-arch): gzip gnupg.7 too. ++ * debian/rules (build): pass --libexecdir=/usr/lib/gnupg to configure. ++ * debian/rules (binary-arch): likewise, pass suitable libexcedir ++ argument to make install. ++ * debian/control (Standards-Version): update to 3.5.7.0. ++ * debian/copyright: update URL and date. ++ * debian/rules: update dates and version. ++ ++ -- James Troup Sun, 22 Sep 2002 22:26:25 +0100 ++ ++gnupg (1.0.7-2) unstable; urgency=low ++ ++ * debian/control (Suggests): add xloadimage since that's what gpg uses ++ by default to view photo IDs. Thanks to Julien Danjou ++ for the suggestion. Closes: #156245 ++ * debian/control (Depends): add "hurd" to the alternatives to ++ makedev. Thanks to Michal Suchanek for ++ noticing. Closes: #158492 ++ * po/it.po: patch to fix typos from Marco Bodrato ++ Thu, 29 Aug 2002 01:42:58 +0100 ++ ++gnupg (1.0.7-1) unstable; urgency=low ++ ++ * New upstream version. Closes: #145477. ++ * GDBM support has been removed. Closes: #33009. ++ * Now adds the default keyring when a keyring is specified. ++ Closes: #50616, #65260. ++ * Now does the Right Thing when receiving a key from the keyserver and ++ the key in question is in both a read-only and writable keyring. ++ Closes: #63297. ++ * Automatic key retrieval is now configurable. Closes: #64940. ++ * --no-options supresses ~/.gnupg creation again. Closes: #95486. ++ * duplicate trust entries are no longer treated as an error. Closes: #96480. ++ * There's now no comment line in ascii armours. Closes: #100088. ++ * Handle secret keyring given as keyring better. Closes: #100581, #106670. ++ * It's now documented that --with-colons unconditionally uses UTF8. ++ Closes: #101446, 101454. ++ * s/now/knows/ typo in manpage fixed. Closes: #107471. ++ * There's now support for a primary UID. Closes: #106567, #108155. ++ * Handles errors in uncompression layer beter. Closes: #112392. ++ * Key selection has been entirely revamped. Closes: #136170. ++ * Handles empty encrypt-to. Closes: #138378 ++ ++ * debian/rules (binary-arch): remove empty /usr/info directory, thanks ++ to Joey Hess . Closes: #121864. ++ * debian/control: remove duplicated word from long description, thanks ++ to Nicolas Boulenguez . Closes: #144786. ++ * README: correct URL to GPH and other docs, thanks to Mark Brown ++ . Closes: #100277. ++ * debian/control (Standards-Version): updated to 3.5.6.1. ++ * debian/rules (binary-arch): only strip ELF binaries. es_ES -> es hack ++ no longer needed as fixed upstream. ++ * debian/control (Build-Depends): remove libgdbmg1-dev; no longer used. ++ * debian/README.Debian: remove note about gdbm support which was finally ++ removed. Update note on old versions of gnupg to reflect the ++ pre-historic nature of those versions. ++ * debian/control (Build-Depends): add libldap2-dev. ++ * debian/rules (binary-arch): call dpkg-shlibdeps for all ELF binaries. ++ * debian/control (Build-Depends): add file. ++ * debian/control (Priority): increase to standard to match overrides. ++ ++ -- James Troup Sat, 11 May 2002 15:08:02 +0100 ++ ++gnupg (1.0.6-3) unstable; urgency=low ++ ++ * moved into main. ++ ++ -- James Troup Tue, 19 Mar 2002 16:17:09 +0000 ++ ++gnupg (1.0.6-2) unstable; urgency=high ++ ++ * debian/rules (binary-arch): remove the erroneous ++ /usr/share/locale/locale.alias that 'make install' adds; closes: ++ #99293. ++ ++ -- James Troup Wed, 30 May 2001 20:40:59 +0100 ++ ++gnupg (1.0.6-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Tue, 29 May 2001 20:59:49 +0100 ++ ++gnupg (1.0.5-4) unstable; urgency=low ++ ++ * Patch from Werner. ++ ++ -- James Troup Sun, 27 May 2001 09:34:50 +0100 ++ ++gnupg (1.0.5-3) unstable; urgency=low ++ ++ * Apply patch from Matthew Wilcox to fix assembly on ++ hppa. ++ ++ -- James Troup Sun, 13 May 2001 02:36:45 +0100 ++ ++gnupg (1.0.5-2) unstable; urgency=medium ++ ++ * util/http.c: patch from Werner that fixes --send-key, closes: #96277. ++ * debian/control (Depends): accept devfsd in place of makedev, closes: ++ #96307. ++ ++ -- James Troup Mon, 7 May 2001 00:13:51 +0100 ++ ++gnupg (1.0.5-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/README.Debian: fix spelling and update URL. ++ * debian/rules (binary): remove the new info files. ++ * scripts/config.{guess,sub}: sync with subversions, closes: #95729. ++ ++ -- James Troup Mon, 30 Apr 2001 02:12:38 +0100 ++ ++gnupg (1.0.4-4) unstable; urgency=low ++ ++ * po/ru.po: patch by Ilya Martynov to replace German ++ entries and add missing translations, closes: #93987. ++ * g10/revoke.c (ask_revocation_reason): typo fix (s/non longer/no ++ longer/g); noticed by Colin Watson , closes: ++ #93664. ++ ++ * Deprecated depreciated; noticed by Vincent Broman ++ . ++ ++ * Following two patches are from Vincent Broman. ++ * g10/mainproc.c (proc_tree): use iobuf_get_real_fname() in preference ++ to iobuf_get_fname(). ++ * g10/openfile.c (open_sigfile): handle .sign prefixed files correctly. ++ ++ -- James Troup Fri, 20 Apr 2001 23:32:44 +0100 ++ ++gnupg (1.0.4-3) unstable; urgency=medium ++ ++ * debian/rules (binary): make gpg binary suid, closes: #86433. ++ * debian/postinst: don't use suidregister. ++ * debian/postrm: removed (only called suidunregister). ++ * debian/control: conflict with suidmanager << 0.50. ++ * mpi/longlong.h: apply fix for ARM long long artimetic from Philip ++ Blundell , closes: #87487. ++ * debian/preinst: the old GnuPG debs have moved to people.debian.org. ++ * cipher/random.c: #include as well as ++ * g10/misc.c: likewise. ++ * debian/rules: define a strip alias which removes the .comment and ++ .note sections. ++ * debian/rules (binary-arch): use it. ++ * debian/lintian.override: new file; override the SUID warning from ++ lintian. ++ * debian/rules (binary-arch): install it. ++ ++ -- James Troup Sun, 25 Feb 2001 05:24:58 +0000 ++ ++gnupg (1.0.4-2) stable unstable; urgency=high ++ ++ * Apply security fix patch from Werner. ++ * Apply another patch from Werner to fix bogus warning on Rijndael ++ usage. ++ * Change section to 'non-US'. ++ ++ -- James Troup Mon, 12 Feb 2001 07:47:02 +0000 ++ ++gnupg (1.0.4-1) stable unstable; urgency=high ++ ++ * New upstream version. ++ * Fixes a serious bug which could lead to false signature verification ++ results when more than one signature is fed to gpg. ++ ++ -- James Troup Tue, 17 Oct 2000 17:26:17 +0100 ++ ++gnupg (1.0.3b-1) unstable; urgency=low ++ ++ * New upstream snapshot version. ++ ++ -- James Troup Fri, 13 Oct 2000 18:08:14 +0100 ++ ++gnupg (1.0.3-2) unstable; urgency=low ++ ++ * debian/control: Conflict, Replace and Provide gpg-rsa & gpg-rsaref. ++ Fix long description to reflect the fact that RSA is no longer ++ patented and now included. [#72177] ++ * debian/rules: move faq.html to /usr/share/doc/gnupg/ and remove FAQ ++ from /usr/share/gnupg/. Thanks to Robert Luberda ++ for noticing. [#72151] ++ * debian/control: Suggest new package gnupg-doc. [#64323, #65560] ++ * utils/secmem.c (lock_pool): don't bomb out if mlock() returns ENOMEM, ++ as Linux will do this if resource limits (or other reasons) prevent ++ memory from being locked, instead treat it like permission was denied ++ and warn but continue. Thanks to Topi Miettinen ++ . [#70446] ++ * g10/hkp.c (not_implemented): s/ist/is/ in error message. ++ * debian/README.Debian: add a note about GDBM support and why it is ++ disabled. Upstream already fixed the manpage. [#65913] ++ * debian/rules (binary-arch): fix the Spanish translation to be 'es' not ++ 'es_ES' at Nicolás Lichtmaier 's request. [#57314] ++ ++ -- James Troup Sun, 1 Oct 2000 14:55:03 +0100 ++ ++gnupg (1.0.3-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Mon, 18 Sep 2000 15:56:54 +0100 ++ ++gnupg (1.0.2-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Thu, 13 Jul 2000 20:26:50 +0100 ++ ++gnupg (1.0.1-2) unstable; urgency=low ++ ++ * debian/control (Build-Depends): added. ++ * debian/copyright: corrected location of copyright file. Removed ++ references to Linux. Removed warnings about beta nature of GnuPG. ++ * debian/rules (binary-arch): install documentation into ++ /usr/share/doc/gnupg/ and pass mandir to make install to ensure the ++ manpages go to /usr/share/man/. ++ * debian/postinst: create /usr/doc/gnupg symlink. ++ * debian/prerm: new file; remove /usr/doc/gnupg symlink. ++ * debian/rules (binary-arch): install prerm. ++ * debian/control (Standards-Version): updated to 3.1.1.1. ++ ++ -- James Troup Thu, 30 Dec 1999 16:16:49 +0000 ++ ++gnupg (1.0.1-1) unstable; urgency=low ++ ++ * New upstream version. ++ * doc/gpg.1: updated to something usable from ++ ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gpg.1.gz. ++ ++ -- James Troup Sun, 19 Dec 1999 23:47:10 +0000 ++ ++gnupg (1.0.0-3) unstable; urgency=low ++ ++ * debian/rules (build): remove the stunningly ill-advised --host option ++ to configure. [#44698, #48212, #48281] ++ ++ -- James Troup Tue, 26 Oct 1999 01:12:59 +0100 ++ ++gnupg (1.0.0-2) unstable; urgency=low ++ ++ * debian/rules (binary-arch): fix the permissions on the ++ modules. [#47280] ++ * debian/postinst, debian/postrm: fix the package name passed to ++ suidregister. [#45013] ++ * debian/control: update long description. [#44636] ++ * debian/rules (build): pass the host explicitly to configure to avoid ++ problems on sparc64. [(Should fix) #44698]. ++ ++ -- James Troup Wed, 20 Oct 1999 23:39:05 +0100 ++ ++gnupg (1.0.0-1) unstable; urgency=low ++ ++ * New upstream release. [#44545] ++ ++ -- James Troup Wed, 8 Sep 1999 00:53:02 +0100 ++ ++gnupg (0.9.10-2) unstable; urgency=low ++ ++ * debian/rules (binary-arch): install lspgpot. Requested by Kai ++ Henningsen . [#42288] ++ * debian/rules (binary-arch): correct the path where modules are looked ++ for. Reported by Karl M. Hegbloom . [#40881] ++ * debian/postinst, debian/postrm: under protest, register gpg the ++ package with suidmanager and make it suid by default. ++ [#29780,#32590,#40391] ++ ++ -- James Troup Tue, 10 Aug 1999 00:12:40 +0100 ++ ++gnupg (0.9.10-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Fri, 6 Aug 1999 01:16:21 +0100 ++ ++gnupg (0.9.9-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Sun, 25 Jul 1999 01:06:31 +0100 ++ ++gnupg (0.9.8-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/rules (binary-arch): don't create a gpgm manpage as the binary ++ no longer exists. Noticed by Wichert Akkerman ++ . [#38864] ++ ++ -- James Troup Sun, 27 Jun 1999 01:07:58 +0100 ++ ++gnupg (0.9.7-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Tue, 25 May 1999 13:23:24 +0100 ++ ++gnupg (0.9.6-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/copyright: update version number, noticed by Lazarus Long ++ . ++ * debian/control (Depends): depend on makedev (>= 2.3.1-13) to ensure ++ that /dev/urandom exists; reported by Steffen Markert ++ . [#32076] ++ ++ -- James Troup Tue, 11 May 1999 21:06:27 +0100 ++ ++gnupg (0.9.5-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/control (Description): no tabs. [Lintian] ++ ++ -- James Troup Wed, 24 Mar 1999 22:37:40 +0000 ++ ++gnupg (0.9.4-1) unstable; urgency=low ++ ++ * New version. ++ * debian/control: s/GNUPG/GnuPG/ ++ ++ -- Werner Koch Mon, 8 Mar 1999 19:58:28 +0100 ++ ++gnupg (0.9.3-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Mon, 22 Feb 1999 22:55:04 +0000 ++ ++gnupg (0.9.2-1) unstable; urgency=low ++ ++ * New version. ++ * debian/rules (build): Removed CFLAGS as the default is now sufficient. ++ * debian/rules (clean): remove special handling cleanup in intl. ++ ++ -- Werner Koch Wed, 20 Jan 1999 21:23:11 +0100 ++ ++gnupg (0.9.1-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Sat, 9 Jan 1999 22:29:11 +0000 ++ ++gnupg (0.9.0-1) unstable; urgency=low ++ ++ * New upstream version. ++ * g10/armor.c (armor_filter): add missing new line in comment string; as ++ noticed by Stainless Steel Rat . ++ ++ -- James Troup Tue, 29 Dec 1998 20:22:43 +0000 ++ ++gnupg (0.4.5-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/rules (clean): force removal of intl/libintl.h which the ++ Makefiles fail to remove properly. ++ ++ -- James Troup Tue, 8 Dec 1998 22:40:23 +0000 ++ ++gnupg (0.4.4-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Sat, 21 Nov 1998 01:34:29 +0000 ++ ++gnupg (0.4.3-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/README.Debian: new file; contains same information as is in the ++ preinst. Suggested by Wichert Akkerman . ++ * debian/rules (binary-arch): install `README.Debian' ++ * debian/control (Standards-Version): updated to 2.5.0.0. ++ ++ -- James Troup Sun, 8 Nov 1998 19:08:12 +0000 ++ ++gnupg (0.4.2-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/preinst: improve message about the NEWS file which isn't ++ actually installed when it's referred to, thanks to Martin Mitchell ++ . ++ * debian/rules (binary-arch): don't install the now non-existent `rfcs', ++ but do install `OpenPGP'. ++ ++ -- James Troup Sun, 18 Oct 1998 22:48:34 +0100 ++ ++gnupg (0.4.1-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/rules (binary-arch): fix the gpgm manpage symlink now installed ++ by `make install'. ++ ++ -- James Troup Sun, 11 Oct 1998 17:01:21 +0100 ++ ++gnupg (0.4.0-1) unstable; urgency=high ++ ++ * New upstream version. [#26717] ++ * debian/copyright: tone down warning about alpha nature of gnupg. ++ * debian/copyright: new maintainer address. ++ * debian/control: update extended description. ++ * debian/rules (binary-arch): install FAQ and all ChangeLogs. ++ * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about ++ incompatibilities in keyring format and offer to move old copy out of ++ gpg out of the way for transition strategy and inform the user about ++ the old copies of gnupg available on my web page. ++ * debian/rules (binary-arch) install preinst. ++ * debian/rules (binary-arch): don't depend on the test target as it is ++ now partially interactive (tries to generate a key, which requires ++ someone else to be using the computer). ++ ++ -- James Troup Thu, 8 Oct 1998 00:47:07 +0100 ++ ++gnupg (0.3.2-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/control (Maintainer): new address. ++ * debian/copyright: updated list of changes. ++ ++ -- James Troup Thu, 9 Jul 1998 21:06:07 +0200 ++ ++gnupg (0.3.1-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Tue, 7 Jul 1998 00:26:21 +0200 ++ ++gnupg (0.3.0-2) unstable; urgency=low ++ ++ * Applied bug-fix patch from Werner. ++ ++ -- James Troup Fri, 26 Jun 1998 12:18:29 +0200 ++ ++gnupg (0.3.0-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/control: rewrote short and long description. ++ * cipher/Makefile.am: link tiger with -lc. ++ * debian/rules (binary-arch): strip loadable modules. ++ * util/secmem.c (lock_pool): get rid of errant test code; fix from ++ Werner Koch . ++ * debian/rules (test): new target which runs gnupg's test suite. ++ binary-arch depends on it, to ensure it's run whenever the package is ++ built. ++ ++ -- James Troup Thu, 25 Jun 1998 16:04:57 +0200 ++ ++gnupg (0.2.19-1) unstable; urgency=low ++ ++ * New upstream version. ++ * debian/control: Updated long description. ++ ++ -- James Troup Sat, 30 May 1998 12:12:35 +0200 ++ ++gnupg (0.2.18-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Sat, 16 May 1998 11:52:47 +0200 ++ ++gnupg (0.2.17-1) unstable; urgency=high ++ ++ * New upstream version. ++ * debian/control (Standards-Version): updated to 2.4.1.0. ++ * debian/control: tone down warning about alpha nature of gnupg, as per ++ README. ++ * debian/copyright: ditto. ++ ++ -- James Troup Mon, 4 May 1998 22:36:51 +0200 ++ ++gnupg (0.2.15-1) unstable; urgency=high ++ ++ * New upstream version. ++ ++ -- James Troup Fri, 10 Apr 1998 01:12:20 +0100 ++ ++gnupg (0.2.13-1) unstable; urgency=high ++ ++ * New upstream version. ++ ++ -- James Troup Wed, 11 Mar 1998 01:52:51 +0000 ++ ++gnupg (0.2.12-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Sat, 7 Mar 1998 13:52:40 +0000 ++ ++gnupg (0.2.11-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- James Troup Wed, 4 Mar 1998 01:32:12 +0000 ++ ++gnupg (0.2.10-1) unstable; urgency=low ++ ++ * New upstream version. ++ * Name changed upstream. ++ ++ -- James Troup Mon, 2 Mar 1998 07:32:05 +0000 ++ ++g10 (0.2.7-1) unstable; urgency=low ++ ++ * Initial release. ++ ++ -- James Troup Fri, 20 Feb 1998 02:05:34 +0000 diff --cc debian/clean index 0000000,0000000..4b27f09 new file mode 100644 --- /dev/null +++ b/debian/clean @@@ -1,0 -1,0 +1,9 @@@ ++po/*.gmo ++po/stamp-po ++build-gpgv-static/ ++build-gpgv-udeb/ ++build-gpgv-win32/ ++build-maintainer/ ++doc/gnupg.info ++doc/gnupg.info-1 ++doc/gnupg.info-2 diff --cc debian/compat index 0000000,0000000..b4de394 new file mode 100644 --- /dev/null +++ b/debian/compat @@@ -1,0 -1,0 +1,1 @@@ ++11 diff --cc debian/control index 0000000,0000000..552834d new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,502 @@@ ++Source: gnupg2 ++Section: utils ++Priority: optional ++Maintainer: Debian GnuPG Maintainers ++Uploaders: ++ Eric Dorland , ++ Daniel Kahn Gillmor , ++Standards-Version: 4.2.1 ++Build-Depends: ++ automake, ++ autopoint, ++ debhelper (>= 11~), ++ file, ++ gettext, ++ ghostscript, ++ imagemagick, ++ libassuan-dev (>= 2.5.0), ++ libbz2-dev, ++ libcurl4-gnutls-dev, ++ libgcrypt20-dev (>= 1.7.0), ++ libgnutls28-dev (>= 3.0), ++ libgpg-error-dev (>= 1.26-2~), ++ libksba-dev (>= 1.3.4), ++ libldap2-dev, ++ libnpth0-dev (>= 1.2), ++ libreadline-dev, ++ librsvg2-bin, ++ libsqlite3-dev, ++ libusb-1.0-0-dev [!hurd-any], ++ openssh-client , ++ pkg-config, ++ texinfo, ++ transfig, ++ zlib1g-dev | libz-dev, ++Build-Depends-Indep: ++ binutils-multiarch [!amd64 !i386], ++ libassuan-mingw-w64-dev (>= 2.5.0), ++ libgcrypt-mingw-w64-dev (>= 1.7.0), ++ libgpg-error-mingw-w64-dev (>= 1.26-2~), ++ libksba-mingw-w64-dev (>= 1.3.4), ++ libnpth-mingw-w64-dev (>= 1.2), ++ libz-mingw-w64-dev, ++ mingw-w64, ++Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/buster ++Vcs-Browser: https://salsa.debian.org/debian/gnupg2 ++Homepage: https://www.gnupg.org/ ++Rules-Requires-Root: no ++ ++Package: gpgconf ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Replaces: ++ gnupg (<< 2.1.21-4), ++ gnupg-agent (<< 2.1.21-4), ++Breaks: ++ gnupg (<< 2.1.21-4), ++ gnupg-agent (<< 2.1.21-4), ++Description: GNU privacy guard - core configuration utilities ++ GnuPG is GNU's tool for secure communication and data storage. ++ . ++ This package contains core utilities used by different tools in the ++ suite offered by GnuPG. It can be used to programmatically edit ++ config files for tools in the GnuPG suite, to launch or terminate ++ per-user daemons (if installed), etc. ++ ++Package: gnupg-agent ++Architecture: all ++Section: oldlibs ++Multi-Arch: foreign ++Depends: ++ gpg-agent (>= ${source:Version}), ++ ${misc:Depends}, ++Description: GNU privacy guard - cryptographic agent (dummy transitional package) ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This is a dummy transitional package; please use gpg-agent instead. ++ ++Package: gpg-agent ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ gpgconf (= ${binary:Version}), ++ pinentry-curses | pinentry, ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ gnupg (= ${binary:Version}), ++ ${shlibs:Recommends}, ++Suggests: ++ dbus-user-session, ++ libpam-systemd, ++ pinentry-gnome3, ++ scdaemon, ++Replaces: ++ gnupg-agent (<< 2.1.21-4), ++Breaks: ++ gnupg-agent (<< 2.1.21-4), ++Provides: ++ gnupg-agent, ++Description: GNU privacy guard - cryptographic agent ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This package contains the agent program gpg-agent which handles all ++ secret key material for OpenPGP and S/MIME use. The agent also ++ provides a passphrase cache, which is used by pre-2.1 versions of ++ GnuPG for OpenPGP operations. Without this package, trying to do ++ secret-key operations with any part of the modern GnuPG suite will ++ fail. ++ ++Package: gpg-wks-server ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ gpg (= ${binary:Version}), ++ gpg-agent (= ${binary:Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ gnupg (= ${binary:Version}), ++ ${shlibs:Recommends}, ++Description: GNU privacy guard - Web Key Service server ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This package provides the GnuPG server for the Web Key Service ++ protocol. ++ . ++ A Web Key Service is a service that allows users to upload keys per ++ mail to be verified over https as described in ++ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service ++ . ++ For more information see: https://wiki.gnupg.org/WKS ++ ++Package: gpg-wks-client ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ dirmngr (= ${binary:Version}), ++ gpg (= ${binary:Version}), ++ gpg-agent (= ${binary:Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ gnupg (= ${binary:Version}), ++ ${shlibs:Recommends}, ++Description: GNU privacy guard - Web Key Service client ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This package provides the GnuPG client for the Web Key Service ++ protocol. ++ . ++ A Web Key Service is a service that allows users to upload keys per ++ mail to be verified over https as described in ++ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service ++ . ++ For more information see: https://wiki.gnupg.org/WKS ++ ++Package: scdaemon ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ gpg-agent (= ${binary:Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Enhances: ++ gpg-agent, ++Description: GNU privacy guard - smart card support ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This package contains the smart card program scdaemon, which is used ++ by gpg-agent to access OpenPGP smart cards. ++ ++Package: gpgsm ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ gpgconf (= ${binary:Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ gnupg (= ${binary:Version}), ++ ${shlibs:Recommends}, ++Breaks: ++ gnupg2 (<< 2.1.10-2), ++Replaces: ++ gnupg2 (<< 2.1.10-2), ++Description: GNU privacy guard - S/MIME version ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This package contains the gpgsm program. gpgsm is a tool to provide ++ digital encryption and signing services on X.509 certificates and the ++ CMS protocol. gpgsm includes complete certificate management. ++ ++Package: gpg ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ gpgconf (= ${binary:Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ gnupg (= ${binary:Version}), ++ ${shlibs:Recommends}, ++Breaks: ++ gnupg (<< 2.1.21-4), ++Replaces: ++ gnupg (<< 2.1.21-4), ++Description: GNU Privacy Guard -- minimalist public key operations ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This package contains /usr/bin/gpg itself, and is useful on its own ++ only for public key operations (encryption, signature verification, ++ listing OpenPGP certificates, etc). If you want full capabilities ++ (including secret key operations, network access, etc), please ++ install the "gnupg" package, which pulls in the full suite of tools. ++ ++Package: gnupg ++Architecture: all ++Multi-Arch: foreign ++Depends: ++ dirmngr (<< ${source:Version}.1~), ++ dirmngr (>= ${source:Version}), ++ gnupg-l10n (= ${source:Version}), ++ gnupg-utils (<< ${source:Version}.1~), ++ gnupg-utils (>= ${source:Version}), ++ gpg (<< ${source:Version}.1~), ++ gpg (>= ${source:Version}), ++ gpg-agent (<< ${source:Version}.1~), ++ gpg-agent (>= ${source:Version}), ++ gpg-wks-client (<< ${source:Version}.1~), ++ gpg-wks-client (>= ${source:Version}), ++ gpg-wks-server (<< ${source:Version}.1~), ++ gpg-wks-server (>= ${source:Version}), ++ gpgsm (<< ${source:Version}.1~), ++ gpgsm (>= ${source:Version}), ++ gpgv (<< ${source:Version}.1~), ++ gpgv (>= ${source:Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ ${shlibs:Recommends}, ++Suggests: ++ parcimonie, ++ xloadimage, ++Breaks: ++ debsig-verify (<< 0.15), ++ dirmngr (<< ${binary:Version}), ++ gnupg2 (<< 2.1.11-7+exp1), ++ libgnupg-interface-perl (<< 0.52-3), ++ libgnupg-perl (<= 0.19-1), ++ libmail-gnupg-perl (<= 0.22-1), ++ monkeysphere (<< 0.38~), ++ php-crypt-gpg (<= 1.4.1-1), ++ python-apt (<= 1.1.0~beta4), ++ python-gnupg (<< 0.3.8-3), ++ python3-apt (<= 1.1.0~beta4), ++Replaces: ++ gnupg2 (<< 2.1.11-7+exp1), ++Description: GNU privacy guard - a free PGP replacement ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This package contains the full suite of GnuPG tools for cryptographic ++ communications and data storage. ++ ++Package: gnupg2 ++Architecture: all ++Section: oldlibs ++Multi-Arch: foreign ++Depends: ++ gnupg (>= ${source:Version}), ++ ${misc:Depends}, ++Description: GNU privacy guard - a free PGP replacement (dummy transitional package) ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC4880. ++ . ++ This is a dummy transitional package that provides symlinks from gpg2 ++ to gpg. ++ ++Package: gpgv ++Architecture: any ++Priority: important ++Multi-Arch: foreign ++Depends: ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Breaks: ++ gnupg2 (<< 2.0.21-2), ++ gpgv2 (<< 2.1.11-7+exp1), ++ python-debian (<< 0.1.29), ++Replaces: ++ gnupg2 (<< 2.0.21-2), ++ gpgv2 (<< 2.1.11-7+exp1), ++Suggests: ++ gnupg, ++Description: GNU privacy guard - signature verification tool ++ GnuPG is GNU's tool for secure communication and data storage. ++ . ++ gpgv is actually a stripped-down version of gpg which is only able ++ to check signatures. It is somewhat smaller than the fully-blown gpg ++ and uses a different (and simpler) way to check that the public keys ++ used to make the signature are valid. There are no configuration ++ files and only a few options are implemented. ++ ++Package: gpgv2 ++Section: oldlibs ++Architecture: all ++Multi-Arch: foreign ++Depends: ++ gpgv (>= ${source:Version}), ++ ${misc:Depends}, ++Description: GNU privacy guard - signature verification tool (dummy transitional package) ++ GnuPG is GNU's tool for secure communication and data storage. gpgv ++ is a stripped-down version of gpg which is only able to check ++ signatures. ++ . ++ This is a dummy transitional package that provides symlinks from gpgv2 ++ to gpgv. ++ ++Package: dirmngr ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ adduser, ++ gpgconf (= ${binary:Version}), ++ lsb-base (>= 3.2-13), ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ gnupg (= ${binary:Version}), ++ ${shlibs:Recommends}, ++Enhances: ++ gpg, ++ gpgsm, ++ squid, ++Breaks: ++ gnupg2 (<< 2.1.10-2), ++Replaces: ++ gnupg2 (<< 2.1.10-2), ++Suggests: ++ dbus-user-session, ++ libpam-systemd, ++ pinentry-gnome3, ++ tor, ++Description: GNU privacy guard - network certificate management service ++ dirmngr is a server for managing and downloading OpenPGP and X.509 ++ certificates, as well as updates and status signals related to those ++ certificates. For OpenPGP, this means pulling from the public ++ HKP/HKPS keyservers, or from LDAP servers. For X.509 this includes ++ Certificate Revocation Lists (CRLs) and Online Certificate Status ++ Protocol updates (OCSP). It is capable of using Tor for network ++ access. ++ . ++ dirmngr is used for network access by gpg, gpgsm, and dirmngr-client, ++ among other tools. Unless this package is installed, the parts of ++ the GnuPG suite that try to interact with the network will fail. ++ ++Package: gpgv-udeb ++Package-Type: udeb ++Section: debian-installer ++Architecture: any ++Depends: ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Description: minimal signature verification tool ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC 4880. ++ . ++ This is GnuPG's signature verification tool, gpgv, packaged in minimal ++ form for use in debian-installer. ++ ++Package: gpgv-static ++Architecture: any ++Multi-Arch: foreign ++Depends: ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ debian-archive-keyring, ++ debootstrap, ++Description: minimal signature verification tool (static build) ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC 4880. ++ . ++ This is GnuPG's signature verification tool, gpgv, built statically ++ so that it can be directly used on any platform that is running on ++ the Linux kernel. Android and ChromeOS are two well known examples, ++ but there are many other platforms that this will work for, like ++ embedded Linux OSes. This gpgv in combination with debootstrap and ++ the Debian archive keyring allows the secure creation of chroot ++ installs on these platforms by using the full Debian signature ++ verification that is present in all official Debian mirrors. ++ ++Package: gpgv-win32 ++Architecture: all ++Multi-Arch: foreign ++Depends: ++ ${misc:Depends}, ++Suggests: ++ wine, ++Description: GNU privacy guard - signature verification tool (win32 build) ++ GnuPG is GNU's tool for secure communication and data storage. ++ . ++ gpgv is a stripped-down version of gnupg which is only able to check ++ signatures. It is smaller than the full-blown gnupg and uses a ++ different (and simpler) way to check that the public keys used to ++ make the signature are trustworthy. ++ . ++ This is a win32 version of gpgv. It's meant to be used by the win32-loader ++ component of Debian-Installer. ++ ++Package: gnupg-l10n ++Section: localization ++Architecture: all ++Multi-Arch: foreign ++Depends: ++ ${misc:Depends}, ++Enhances: ++ dirmngr, ++ gpg, ++ gpg-agent, ++Breaks: ++ gnupg (<< 2.1.14-2~), ++ gnupg2 (<< 2.1.14-2~), ++Replaces: ++ gnupg (<< 2.1.14-2~), ++ gnupg2 (<< 2.1.14-2~), ++Description: GNU privacy guard - localization files ++ GnuPG is GNU's tool for secure communication and data storage. ++ It can be used to encrypt data and to create digital signatures. ++ It includes an advanced key management facility and is compliant ++ with the proposed OpenPGP Internet standard as described in RFC 4880. ++ . ++ This package contains the translation files for the use of GnuPG in ++ non-English locales. ++ ++Package: gnupg-utils ++Architecture: any ++Multi-Arch: foreign ++Replaces: ++ gnupg (<< 2.1.21-4), ++ gnupg-agent (<< 2.1.21-4), ++Breaks: ++ gnupg (<< 2.1.21-4), ++ gnupg-agent (<< 2.1.21-4), ++Depends: ++ ${misc:Depends}, ++ ${shlibs:Depends}, ++Recommends: ++ gpg, ++ gpg-agent, ++ gpgconf, ++ gpgsm, ++Description: GNU privacy guard - utility programs ++ GnuPG is GNU's tool for secure communication and data storage. ++ . ++ This package contains several useful utilities for manipulating ++ OpenPGP data and other related cryptographic elements. It includes: ++ . ++ * addgnupghome -- create .gnupg home directories ++ * applygnupgdefaults -- run gpgconf --apply-defaults for all users ++ * gpgcompose -- an experimental tool for constructing arbitrary ++ sequences of OpenPGP packets (e.g. for testing) ++ * gpgparsemail -- parse an e-mail message into annotated format ++ * gpgsplit -- split a sequence of OpenPGP packets into files ++ * gpgtar -- encrypt or sign files in an archive ++ * kbxutil -- list, export, import Keybox data ++ * lspgpot -- convert PGP ownertrust values to GnuPG ++ * migrate-pubring-from-classic-gpg -- use only "modern" formats ++ * symcryptrun -- use simple symmetric encryption tool in GnuPG framework ++ * watchgnupg -- watch socket-based logs diff --cc debian/copyright index 0000000,0000000..521924e new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,253 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: GnuPG - The GNU Privacy Guard (modern version) ++Upstream-Contact: GnuPG development mailing list ++Source: https://gnupg.org/download/ ++ ++Files: * ++Copyright: 1992, 1995-2016, Free Software Foundation, Inc ++License: GPL-3+ ++ ++Files: agent/command.c ++ agent/command-ssh.c ++ agent/gpg-agent.c ++ common/homedir.c ++ common/sysutils.c ++ g10/mainproc.c ++Copyright: 1998-2007, 2009, 2012, Free Software Foundation, Inc ++ 2013, Werner Koch ++License: GPL-3+ ++ ++Files: autogen.sh ++Copyright: 2003, g10 Code GmbH ++License: permissive ++ ++Files: common/gc-opt-flags.h ++ common/i18n.h ++ tools/clean-sat.c ++ tools/no-libgcrypt.c ++Copyright: 1998-2001, 2003, 2004, 2006, 2007 Free Software Foundation, Inc ++License: permissive ++ ++Files: common/localename.c ++Copyright: 1985, 1989-1993, 1995-2003, 2007, 2008 Free Software Foundation, Inc. ++License: LGPL-2.1+ ++ ++Files: dirmngr/dns.c ++ dirmngr/dns.h ++Copyright: 2008-2010, 2012-2016 William Ahern ++License: Expat ++ ++Files: doc/yat2m.c ++ scd/app-geldkarte.c ++Copyright: 2004, 2005, g10 Code GmbH ++ 2006, 2008, 2009, 2011, Free Software Foundation, Inc ++License: GPL-3+ ++ ++Files: scd/ccid-driver.h ++ scd/ccid-driver.c ++Copyright: 2003-2007, Free Software Foundation, Inc ++License: GPL-3+ or BSD-3-clause ++ ++Files: tools/rfc822parse.c ++ tools/rfc822parse.h ++Copyright: 1999-2000, Werner Koch, Duesseldorf ++ 2003-2004, g10 Code GmbH ++License: LGPL-3+ ++ ++Files: tools/sockprox.c ++Copyright: 2007, g10 Code GmbH ++License: GPL-3+ ++ ++Files: doc/OpenPGP ++Copyright: 1998-2013 Free Software Foundation, Inc. ++ 1997, 1998, 2013 Werner Koch ++ 1998 The Internet Society ++License: RFC-Reference ++ ++Files: tests/gpgscm/* ++Copyright: 2000, Dimitrios Souflis ++ 2016, Justus Winter, Werner Koch ++License: TinySCHEME ++ ++Files: debian/* ++Copyright: 1998-2018 Debian GnuPG packagers, including ++ Eric Dorland ++ Daniel Kahn Gillmor ++ NIIBE Yutaka ++License: GPL-3+ ++ ++Files: debian/org.gnupg.scdaemon.metainfo.xml ++Copyright: 2017 Daniel Kahn Gillmor ++Comment: This file is licensed permissively for the sake of AppStream ++License: CC0-1.0 ++ ++License: TinySCHEME ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions are ++ met: ++ . ++ Redistributions of source code must retain the above copyright notice, ++ this list of conditions and the following disclaimer. ++ . ++ Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ . ++ Neither the name of Dimitrios Souflis nor the names of the ++ contributors may be used to endorse or promote products derived from ++ this software without specific prior written permission. ++ . ++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR ++ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, ++ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, ++ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR ++ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF ++ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING ++ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS ++ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++ ++License: permissive ++ This file is free software; as a special exception the author gives ++ unlimited permission to copy and/or distribute it, with or without ++ modifications, as long as this notice is preserved. ++ . ++ This file is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY, to the extent permitted by law; without even ++ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR ++ PURPOSE. ++ ++License: RFC-Reference ++ doc/OpenPGP merely cites and references IETF Draft ++ draft-ietf-openpgp-formats-07.txt. This is believed to be fair use; ++ but if not, it's covered by the source document's license under ++ the 'comment on' clause. The license statement follows. ++ . ++ This document and translations of it may be copied and furnished to ++ others, and derivative works that comment on or otherwise explain it ++ or assist in its implementation may be prepared, copied, published ++ and distributed, in whole or in part, without restriction of any ++ kind, provided that the above copyright notice and this paragraph ++ are included on all such copies and derivative works. However, this ++ document itself may not be modified in any way, such as by removing ++ the copyright notice or references to the Internet Society or other ++ Internet organizations, except as needed for the purpose of ++ developing Internet standards in which case the procedures for ++ copyrights defined in the Internet Standards process must be ++ followed, or as required to translate it into languages other than ++ English. ++ . ++ The limited permissions granted above are perpetual and will not be ++ revoked by the Internet Society or its successors or assigns. ++ ++ ++License: GPL-3+ ++ GnuPG is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 3 of the License, or ++ (at your option) any later version. ++ . ++ GnuPG is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ . ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, see . ++ . ++ On Debian systems, the full text of the GNU General Public ++ License version 3 can be found in the file ++ `/usr/share/common-licenses/GPL-3'. ++ ++License: LGPL-3+ ++ This program is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as ++ published by the Free Software Foundation; either version 3 of ++ the License, or (at your option) any later version. ++ . ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ . ++ You should have received a copy of the GNU Lesser General Public ++ License along with this program; if not, see . ++ . ++ On Debian systems, the full text of the GNU Lesser General Public ++ License version 3 can be found in the file ++ `/usr/share/common-licenses/LGPL-3'. ++ ++License: LGPL-2.1+ ++ This program is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as ++ published by the Free Software Foundation; either version 2.1 of ++ the License, or (at your option) any later version. ++ . ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ . ++ You should have received a copy of the GNU Lesser General Public ++ License along with this program; if not, see . ++ . ++ On Debian systems, the full text of the GNU Lesser General Public ++ License version 2.1 can be found in the file ++ `/usr/share/common-licenses/LGPL-2.1'. ++ ++License: BSD-3-clause ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ 1. Redistributions of source code must retain the above copyright ++ notice, and the entire permission notice in its entirety, ++ including the disclaimer of warranties. ++ 2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ 3. The name of the author may not be used to endorse or promote ++ products derived from this software without specific prior ++ written permission. ++ . ++ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ OF THE POSSIBILITY OF SUCH DAMAGE. ++ ++License: Expat ++ Permission is hereby granted, free of charge, to any person obtaining a ++ copy of this software and associated documentation files (the ++ "Software"), to deal in the Software without restriction, including ++ without limitation the rights to use, copy, modify, merge, publish, ++ distribute, sublicense, and/or sell copies of the Software, and to permit ++ persons to whom the Software is furnished to do so, subject to the ++ following conditions: ++ . ++ The above copyright notice and this permission notice shall be included ++ in all copies or substantial portions of the Software. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ++ OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN ++ NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, ++ DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR ++ OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE ++ USE OR OTHER DEALINGS IN THE SOFTWARE. ++ ++License: CC0-1.0 ++ To the extent possible under law, the author(s) have dedicated all ++ copyright and related and neighboring rights to this software to the public ++ domain worldwide. This software is distributed without any warranty. ++ . ++ On Debian systems, the complete text of the CC0 license, version 1.0, ++ can be found in /usr/share/common-licenses/CC0-1.0. diff --cc debian/dirmngr.NEWS index 0000000,0000000..b0c550f new file mode 100644 --- /dev/null +++ b/debian/dirmngr.NEWS @@@ -1,0 -1,0 +1,49 @@@ ++dirmngr (2.1.18-1) unstable; urgency=medium ++ ++ If your machine is configured with system user session management, ++ dirmngr will be managed automatically by systemd's user sessions on ++ machines configured with use systemd. Please consider installing the ++ packages that the dirmngr package Suggests:, and see ++ /usr/share/doc/dirmngr/README.Debian for more details. ++ ++ -- Daniel Kahn Gillmor Mon, 23 Jan 2017 22:50:34 -0500 ++ ++dirmngr (2.1.13-3) experimental; urgency=medium ++ ++ gpg and most related processes will auto-launch dirmngr if needed. ++ ++ Any user who wants to launch dirmngr manually should do so with: ++ ++ gpgconf --launch dirmngr ++ ++ and may want to terminate dirmngr when their session ends with: ++ ++ gpgconf --kill dirmngr ++ ++ Users on machines with systemd can ensure that dirmngr is always ++ running for their session (and that it gets terminated at logout) ++ with: ++ ++ gpgconf --kill dirmngr ++ systemctl --user enable dirmngr ++ systemctl --user start dirmngr ++ ++ -- Daniel Kahn Gillmor Tue, 28 Jun 2016 17:55:15 -0400 ++ ++dirmngr (2.1.0~beta895-1) experimental; urgency=medium ++ ++ No more dirmngr system service! ++ =============================== ++ ++ As of the 2.1.0 beta series, dirmngr is a local daemon that works ++ closely with gnupg2. It is launched on its own, per-user, and ++ listens on a standard socket (usually ~/.gnupg/S.dirmngr). There is ++ no more system-wide dirmngr process. ++ ++ If there is a special case where a dirmngr system process is ++ actually needed, please report a bug in dirmngr, and we can sort out ++ a way to set one up for that case so that everyone with dirmngr ++ installed doesn't need to have it running. ++ ++ -- Daniel Kahn Gillmor Tue, 07 Oct 2014 10:33:52 -0400 ++ diff --cc debian/dirmngr.README.Debian index 0000000,0000000..099240a new file mode 100644 --- /dev/null +++ b/debian/dirmngr.README.Debian @@@ -1,0 -1,0 +1,47 @@@ ++dirmngr system integration ++========================== ++ ++Since 2.1.x, gpg and most related processes will auto-launch dirmngr ++if needed. These auto-launched processes will inherit whatever ++environment they started from, and they will not terminate ++automatically. ++ ++systemd ++======= ++ ++Since 2.1.17, users on machines with systemd will have a dirmngr ++process launched automatically by systemd's user session, upon first ++access of the standard socket. systemd will also cleanly tear this ++process down at session logout. ++ ++Users who don't want systemd to manage their dirmngr in this way for ++all future sessions should do: ++ ++ systemctl --user mask --now dirmngr.socket ++ ++Doing this means that dirmngr will fall back to its manual mode of ++operation. (This decision can be reversed by the user with "unmask" ++instead of "mask") ++ ++See systemctl(1) for more details about managing the dirmngr.socket ++unit. ++ ++Manual dirmngr startup and teardown ++=================================== ++ ++Any user who wants to launch dirmngr manually (e.g., to talk to it ++with a tool from outside the GnuPG suite) and is *not* using systemd ++should first ensure that it is launched with: ++ ++ gpgconf --launch dirmngr ++ ++If dirmngr is launched manually or automatically (but not supervised ++by systemd), you also probably want to ensure that it terminates when ++your session ends with: ++ ++ gpgconf --kill dirmngr ++ ++If you're not using systemd, you may wish to add this command to your ++session logout scripts. ++ ++ -- Daniel Kahn Gillmor , Mon, 23 Jan 2017 22:49:45 -0500 diff --cc debian/dirmngr.docs index 0000000,0000000..61e3257 new file mode 100644 --- /dev/null +++ b/debian/dirmngr.docs @@@ -1,0 -1,0 +1,5 @@@ ++AUTHORS ++NEWS ++THANKS ++TODO ++doc/KEYSERVER diff --cc debian/dirmngr.install index 0000000,0000000..4bd9ed2 new file mode 100644 --- /dev/null +++ b/debian/dirmngr.install @@@ -1,0 -1,0 +1,6 @@@ ++debian/tmp/usr/bin/dirmngr ++debian/tmp/usr/bin/dirmngr-client ++debian/tmp/usr/lib/gnupg/dirmngr_ldap ++debian/tmp/usr/share/gnupg/sks-keyservers.netCA.pem ++doc/examples/systemd-user/dirmngr.service usr/lib/systemd/user ++doc/examples/systemd-user/dirmngr.socket usr/lib/systemd/user diff --cc debian/dirmngr.links index 0000000,0000000..ca801e7 new file mode 100644 --- /dev/null +++ b/debian/dirmngr.links @@@ -1,0 -1,0 +1,1 @@@ ++usr/lib/systemd/user/dirmngr.socket /usr/lib/systemd/user/sockets.target.wants/dirmngr.socket diff --cc debian/dirmngr.maintscript index 0000000,0000000..aa11aa5 new file mode 100644 --- /dev/null +++ b/debian/dirmngr.maintscript @@@ -1,0 -1,0 +1,5 @@@ ++rm_conffile /etc/default/dirmngr ++rm_conffile /etc/dirmngr/dirmngr.conf ++rm_conffile /etc/dirmngr/ldapservers.conf ++rm_conffile /etc/init.d/dirmngr ++rm_conffile /etc/logrotate.d/dirmngr diff --cc debian/dirmngr.manpages index 0000000,0000000..93702d9 new file mode 100644 --- /dev/null +++ b/debian/dirmngr.manpages @@@ -1,0 -1,0 +1,2 @@@ ++debian/tmp/usr/share/man/man1/dirmngr-client.1 ++debian/tmp/usr/share/man/man8/dirmngr.8 diff --cc debian/gbp.conf index 0000000,0000000..346cf5c new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@ -1,0 -1,0 +1,37 @@@ ++[DEFAULT] ++debian-branch = debian/buster ++pristine-tar = True ++upstream-vcs-tag = gnupg-%(version)s ++ ++[import-orig] ++filter = [ ++ 'aclocal.m4', ++ 'build-aux/compile', ++ 'build-aux/config.rpath', ++ 'build-aux/depcomp', ++ 'build-aux/install-sh', ++ 'build-aux/missing', ++ 'build-aux/mkinstalldirs', ++ 'build-aux/texinfo.tex', ++ 'config.h.in', ++ 'configure', ++ 'doc/gnupg.info*', ++ 'INSTALL', ++ 'm4/intdiv0.m4', ++ 'm4/intl.m4', ++ 'm4/lock.m4', ++ 'm4/printf-posix.m4', ++ 'm4/size_max.m4', ++ 'm4/uintmax_t.m4', ++ 'm4/wint_t.m4', ++ '*/*/Makefile.in', ++ '*/Makefile.in', ++ 'Makefile.in', ++ 'po/*.gmo', ++ 'po/Makefile.in.in', ++ 'po/stamp-po', ++ ] ++filter-pristine-tar = False ++ ++[pq] ++patch-numbers = False diff --cc debian/gnupg-l10n.install index 0000000,0000000..9aaad82 new file mode 100644 --- /dev/null +++ b/debian/gnupg-l10n.install @@@ -1,0 -1,0 +1,2 @@@ ++debian/tmp/usr/share/gnupg/help.*.txt ++debian/tmp/usr/share/locale diff --cc debian/gnupg-utils.install index 0000000,0000000..2bdddcf new file mode 100644 --- /dev/null +++ b/debian/gnupg-utils.install @@@ -1,0 -1,0 +1,12 @@@ ++build-maintainer/g10/gpgcompose usr/bin ++build/tools/gpg-zip usr/bin ++build/tools/gpgsplit usr/bin ++build/tools/gpgtar usr/bin ++debian/migrate-pubring-from-classic-gpg usr/bin ++debian/tmp/usr/bin/gpgparsemail ++debian/tmp/usr/bin/kbxutil ++debian/tmp/usr/bin/symcryptrun ++debian/tmp/usr/bin/watchgnupg ++debian/tmp/usr/sbin/addgnupghome ++debian/tmp/usr/sbin/applygnupgdefaults ++tools/lspgpot usr/bin diff --cc debian/gnupg-utils.manpages index 0000000,0000000..9ef0abb new file mode 100644 --- /dev/null +++ b/debian/gnupg-utils.manpages @@@ -1,0 -1,0 +1,12 @@@ ++debian/gpg-zip.1 ++debian/gpgcompose.1 ++debian/gpgsplit.1 ++debian/kbxutil.1 ++debian/lspgpot.1 ++debian/migrate-pubring-from-classic-gpg.1 ++debian/tmp/usr/share/man/man1/gpgparsemail.1 ++debian/tmp/usr/share/man/man1/gpgtar.1 ++debian/tmp/usr/share/man/man1/symcryptrun.1 ++debian/tmp/usr/share/man/man1/watchgnupg.1 ++debian/tmp/usr/share/man/man8/addgnupghome.8 ++debian/tmp/usr/share/man/man8/applygnupgdefaults.8 diff --cc debian/gnupg.README.Debian index 0000000,0000000..24944d3 new file mode 100644 --- /dev/null +++ b/debian/gnupg.README.Debian @@@ -1,0 -1,0 +1,44 @@@ ++Using "Modern" GnuPG ++==================== ++ ++As of version 2.1.11-7+exp1, the gnupg package is provided by the "modern" ++version of GnuPG. ++ ++This means: ++ ++ * supporting daemons are auto-launched as needed ++ ++ * all access to secret key material is handled by gpg-agent ++ ++ * all smartcard access is handled by scdaemon ++ ++ * all network access is handled by dirmngr ++ ++ * PGPv3 keys are no longer supported ++ ++ * secret keys are no longer stored in $GNUPGHOME/secring.gpg, but ++ instead in $GNUPGHOME/private-keys-v1.d/ ++ ++ * public keyrings are stored in keybox format (~/.gnupg/pubring.kbx) by ++ default for new users. Upgrading users will continue to use ++ pubring.gpg until they decide to explicitly convert. ++ ++Converting an existing installation ++----------------------------------- ++ ++If you have an existing GnuPG homedir from "classic" GnuPG, secret ++keys should be migrated automatically upon the first run of the ++"modern" version. ++ ++If you have any secret keys that are stored only in a smartcard, after ++your first use of "modern" gpg you should insert the card and run: ++ ++ gpg --card-status ++ ++ (see https://bugs.debian.org/795881) ++ ++Public keys will not be automatically migrated from pubring.gpg to ++pubring.kbx, however. If you want to migrate your public keyring, you ++can use a script like /usr/bin/migrate-pubring-from-classic-gpg ++ ++ -- Daniel Kahn Gillmor , Mon, 18 Apr 2016 19:08:36 -0400 diff --cc debian/gnupg.docs index 0000000,0000000..2b55964 new file mode 100644 --- /dev/null +++ b/debian/gnupg.docs @@@ -1,0 -1,0 +1,8 @@@ ++NEWS ++README ++THANKS ++TODO ++doc/DETAILS ++doc/FAQ ++doc/HACKING ++doc/OpenPGP diff --cc debian/gnupg.info index 0000000,0000000..e4baa0f new file mode 100644 --- /dev/null +++ b/debian/gnupg.info @@@ -1,0 -1,0 +1,3 @@@ ++debian/tmp/usr/share/info/gnupg.info* ++doc/gnupg-card-architecture.png ++doc/gnupg-module-overview.png diff --cc debian/gnupg2.links index 0000000,0000000..96fde98 new file mode 100644 --- /dev/null +++ b/debian/gnupg2.links @@@ -1,0 -1,0 +1,2 @@@ ++usr/bin/gpg usr/bin/gpg2 ++usr/share/man/man1/gpg.1.gz usr/share/man/man1/gpg2.1.gz diff --cc debian/gpg-agent.NEWS index 0000000,0000000..69b4e49 new file mode 100644 --- /dev/null +++ b/debian/gpg-agent.NEWS @@@ -1,0 -1,0 +1,19 @@@ ++gnupg-agent (2.1.18-1) unstable; urgency=medium ++ ++ If your machine is configured with system user session management, ++ gpg-agent will be managed automatically by systemd's user sessions on ++ machines configured with use systemd. Please consider installing the ++ packages that the gnupg-agent package Suggests:, and see ++ /usr/share/doc/gnupg-agent/README.Debian for more details. ++ ++ -- Daniel Kahn Gillmor Mon, 23 Jan 2017 22:54:48 -0500 ++ ++gnupg-agent (2.1.13-3) experimental; urgency=medium ++ ++ gpg-agent is no longer auto-launched by ++ /etc/X11/Xsession.d/90gpg-agent. Please read ++ /usr/share/doc/gnupg-agent/README.Debian for details about system ++ integration. ++ ++ -- Daniel Kahn Gillmor Tue, 28 Jun 2016 17:29:46 -0400 ++ diff --cc debian/gpg-agent.README.Debian index 0000000,0000000..f57d278 new file mode 100644 --- /dev/null +++ b/debian/gpg-agent.README.Debian @@@ -1,0 -1,0 +1,82 @@@ ++gpg-agent system integration ++============================ ++ ++Since 2.1.x, gpg and most related processes will auto-launch gpg-agent ++if needed. These auto-launched processes will inherit whatever ++environment they started from, and they will not terminate ++automatically. ++ ++systemd ++======= ++ ++Since 2.1.17, users on machines with systemd will have their gpg-agent ++process launched automatically by systemd's user session, upon first ++access of any of the expected gpg-agent sockets (including the ssh ++socket). systemd will also cleanly tear this process down at session ++logout. ++ ++If dbus-user-session and pinentry-gnome3 packages are installed, then ++all user interaction with this systemd-managed gpg-agent process ++(e.g. prompting for passwords or confirmations, etc) will take place ++over the d-bus session, for better integration with graphical ++environments like GNOME. ++ ++Users who don't want systemd to manage their gpg-agent in this way for ++all future sessions should do: ++ ++ systemctl --user mask --now gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket ++ ++Doing this means that gpg-agent will fall back to its manual mode of ++operation. (This decision can be reversed by the user with "unmask" ++instead of "mask") ++ ++See systemctl(1) for more details about managing the gpg-agent*.socket ++units. ++ ++ssh-agent emulation ++=================== ++ ++gpg-agent offers an ssh-agent emulation which can be achieved by ++setting the environment variable SSH_AUTH_SOCK to: ++ ++ /run/user/$(id -u)/gnupg/S.gpg-agent.ssh ++ ++(replace $(id -u) with the user's numeric user ID, of course). ++ ++But ssh doesn't have a way to tell ssh-agent how to prompt the user ++when necessary; the systemd-managed gpg-agent process will only know ++how to prompt the user if you have dbus-user-session and ++pinentry-gnome3 installed. This is the recommended configuration for ++gpg-agent's ssh-agent emulation on desktop machines running systemd, ++and doesn't need any additional configuration. ++ ++However, if dbus-user-session and pinentry-gnome3 are not in use, by ++default the systemd-managed gpg-agent will not know how to get ++feedback from the user when a request is first received by ssh. You ++can give it a hint for all future ssh connections by running: ++ ++ gpg-connect-agent updatestartuptty /bye ++ ++You may wish to do this in the login scripts for your user session if ++you run systemd without dbus-user-session and pinentry-gnome3, and you ++plan to use gpg-agent's ssh-agent emulation. ++ ++Manual gpg-agent startup and teardown ++===================================== ++ ++Any user who wants to launch gpg-agent manually (e.g., to talk to it ++with a tool from outside the GnuPG suite) and is *not* using systemd ++should first ensure that it is launched with: ++ ++ gpgconf --launch gpg-agent ++ ++If gpg-agent is launched manually or automatically (but not supervised ++by systemd), you probably want to ensure that it terminates when your ++session ends with: ++ ++ gpgconf --kill gpg-agent ++ ++If you're not using systemd, you may wish to add this to your session ++logout scripts. ++ ++ -- Daniel Kahn Gillmor , Mon, 23 Jan 2017 22:56:08 -0500 diff --cc debian/gpg-agent.examples index 0000000,0000000..34213be new file mode 100644 --- /dev/null +++ b/debian/gpg-agent.examples @@@ -1,0 -1,0 +1,2 @@@ ++doc/examples/pwpattern.list ++doc/examples/trustlist.txt diff --cc debian/gpg-agent.install index 0000000,0000000..ae93fb5 new file mode 100644 --- /dev/null +++ b/debian/gpg-agent.install @@@ -1,0 -1,0 +1,11 @@@ ++debian/Xsession.d/90gpg-agent etc/X11/Xsession.d ++debian/systemd-environment-generator/90gpg-agent usr/lib/systemd/user-environment-generators ++debian/tmp/usr/bin/gpg-agent ++debian/tmp/usr/lib/gnupg/gpg-check-pattern ++debian/tmp/usr/lib/gnupg/gpg-preset-passphrase ++debian/tmp/usr/lib/gnupg/gpg-protect-tool ++doc/examples/systemd-user/gpg-agent-browser.socket usr/lib/systemd/user ++doc/examples/systemd-user/gpg-agent-extra.socket usr/lib/systemd/user ++doc/examples/systemd-user/gpg-agent-ssh.socket usr/lib/systemd/user ++doc/examples/systemd-user/gpg-agent.service usr/lib/systemd/user ++doc/examples/systemd-user/gpg-agent.socket usr/lib/systemd/user diff --cc debian/gpg-agent.links index 0000000,0000000..90f6ce1 new file mode 100644 --- /dev/null +++ b/debian/gpg-agent.links @@@ -1,0 -1,0 +1,6 @@@ ++usr/lib/gnupg/gpg-preset-passphrase usr/lib/gnupg2/gpg-preset-passphrase ++usr/lib/gnupg/gpg-protect-tool usr/lib/gnupg2/gpg-protect-tool ++usr/lib/systemd/user/gpg-agent-browser.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-browser.socket ++usr/lib/systemd/user/gpg-agent-extra.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-extra.socket ++usr/lib/systemd/user/gpg-agent-ssh.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-ssh.socket ++usr/lib/systemd/user/gpg-agent.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent.socket diff --cc debian/gpg-agent.logcheck.ignore.server index 0000000,0000000..a2f2130 new file mode 100644 --- /dev/null +++ b/debian/gpg-agent.logcheck.ignore.server @@@ -1,0 -1,0 +1,11 @@@ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG network certificate management daemon\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(access for web browsers\)\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(ssh-agent emulation\)\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG network certificate management daemon\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(ssh-agent emulation\)\.$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(access for web browsers\)\.$ ++ diff --cc debian/gpg-agent.manpages index 0000000,0000000..ca2e72f new file mode 100644 --- /dev/null +++ b/debian/gpg-agent.manpages @@@ -1,0 -1,0 +1,3 @@@ ++debian/gpg-check-pattern.1 ++debian/tmp/usr/share/man/man1/gpg-agent.1 ++debian/tmp/usr/share/man/man1/gpg-preset-passphrase.1 diff --cc debian/gpg-check-pattern.1 index 0000000,0000000..0714faf new file mode 100644 --- /dev/null +++ b/debian/gpg-check-pattern.1 @@@ -1,0 -1,0 +1,36 @@@ ++.TH GPG-CHECK-PATTERN "1" "March 2016" "gpg-check-pattern (GnuPG) 2.1.11" "User Commands" ++ ++.SH NAME ++gpg-check-pattern \- Check a passphrase on stdin against the patternfile ++ ++.SH SYNOPSIS ++.B gpg\-check\-pattern ++.RI [ options ] ++.I patternfile ++ ++.SH DESCRIPTION ++.B gpg\-check\-pattern ++checks a passphrase given on stdin against a specified patternfile. ++ ++.SH OPTIONS ++.TP ++.BR \-v ", " \-\-verbose ++Produce verbose output ++.TP ++.B \-\-check ++run only a syntax check on the patternfile ++.TP ++.BR \-0 ", " \-\-null ++input is expected to be null delimited ++.PP ++Please report bugs to . ++ ++.SH COPYRIGHT ++Copyright \(co 2016 Free Software Foundation, Inc. ++License GPLv3+: GNU GPL version 3 or later ++ ++This is free software: you are free to change and redistribute it. ++There is NO WARRANTY, to the extent permitted by law. ++ ++This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian ++distribution (but may be used by others). diff --cc debian/gpg-wks-client.1 index 0000000,0000000..9cd70d5 new file mode 100644 --- /dev/null +++ b/debian/gpg-wks-client.1 @@@ -1,0 -1,0 +1,178 @@@ ++.TH GPG\-WKS\-CLIENT "1" "May 2017" "gpg-wks-client (GnuPG) 2.1.20" "User Commands" ++ ++.SH NAME ++gpg\-wks\-client \- Client for the Web Key Service ++ ++.SH SYNOPSIS ++.B gpg\-wks\-client ++.RB [ COMMAND ] ++.RB [ OPTIONS ] ++.RB [ ARGS ] ++ ++.SH DESCRIPTION ++.B gpg\-wks\-client ++is a simple command line client for the Web Key Service. The executable ++is usually located in /usr/lib/gnupg. ++. ++It allows a user to create a publication request and to respond to a ++received confirmation request. Communication with the Web Key Service ++is done via email. ++. ++It also can lookup the fingerprint of a USER\-ID in the Web Key ++Directory. ++ ++.SH COMMANDS ++.TP ++.B \-\-supported USER\-ID ++Check whether provider of the given USER\-ID supports the Web Key ++Service protocol, i.e. whether it has a Web Key Directory providing a ++submission address. ++.IP ++Similar to: ++.IP ++.nf ++.RS 12 ++gpg\-connect\-agent \-\-dirmngr 'WKD_GET \-\-submission\-address \-\- USER\-ID' /bye ++.RE ++.fi ++.TP ++.B \-\-check USER\-ID ++Check whether a key is available, and whether the listed key is valid ++for the requested USER\-ID. ++. ++You might want to use ++.IP ++.nf ++.RS 12 ++gpg \-v \-\-auto\-key\-locate=clear,wkd,nodefault \-\-locate\-key USER\-ID ++.RE ++.fi ++.IP ++instead. ++.TP ++.B \-\-create FINGERPRINT USER\-ID ++Create a publication request for the USER\-ID in the key with the given ++FINGERPRINT. List all possible keys (including the fingerprint) for a ++USER\-ID with: ++.IP ++.nf ++.RS 12 ++gpg --list-key USER\-ID ++.RE ++.fi ++.IP ++By default the publication request will be printed to STDOUT. You can ++also write it to a file using the ++.B \-\-output ++option or send it using sendmail with the ++.B \-\-send ++option. ++.TP ++.B \-\-receive ++Receive a MIME confirmation request on STDIN and acknowledge it. ++.IP ++By default the confirmation response will be printed to STDOUT. You can ++also write it to a file using the ++.B \-\-output ++option or send it using sendmail with the ++.B \-\-send ++option. ++.TP ++.B \-\-read ++Receive a plain text confirmation request. Similar to ++.BR \-\-receive , ++but takes only the message body on STDIN. ++.TP ++.B \-\-version ++Show program version and some meta information. ++.TP ++.BR \-h ", " \-\-help ++Output a short usage information. ++.TP ++.B \-\-warranty ++Print warranty information. ++.TP ++.B \-\-dump-options ++Dump all available options and commands. ++ ++.SH OPTIONS ++.TP ++.BR \-v ", " \-\-verbose ++Enable verbose output. ++.TP ++.BR \-q ", " \-\-quiet ++Be somewhat more quiet. ++.TP ++.B \-\-send ++Send the mail using sendmail. ++.TP ++.BR \-o ", " \-\-output " \fIFILE\fR" ++Write the mail to FILE. ++.TP ++.BI \-\-status\-fd " FD" ++Write status info to this FD. ++.TP ++.B \-\-debug ++Set debugging flags. All flags are or-ed and flags may be given in C ++syntax (e.g. 0x0042) or as a comma separated list of flag names. To get ++a list of all supported flags the single word "help" can be used. ++.TP ++.BI \-\-gpg " GPG" ++Use the specified command instead of ++.BR gpg . ++.TP ++.BI \-\-fake\-submission\-addr " MAILADDR" ++Send mail to MAILADDR instead of the submission address queried through ++Web Key Service. ++ ++.SH EXAMPLES ++.SS Send a publication request ++First find the fingerprint (a long string of hex digits) of the key you ++want to publish: ++.P ++.nf ++.RS 4 ++gpg \-\-list\-key "Alice " ++.RE ++.fi ++.P ++Now create and send the publication request: ++.P ++.nf ++.RS 4 ++/usr/lib/gnupg/gpg\-wks\-client \-\-create \-\-send 0123456789ABCDEF0123456789ABCDEF01234567 "Alice " ++.RE ++.fi ++.P ++Instead of \fI"Alice "\fR you can also just give \fIalice@example.com\fR. ++.P ++.SS Confirm a confirmation request ++Paste the full mail containing the confirmation request (including ++headers) you got from the Web Key Service on STDIN after starting: ++.P ++.nf ++.RS 4 ++/usr/lib/gnupg/gpg\-wks\-client \-\-receive \-\-send ++.RE ++.fi ++ ++.SH SEE ALSO ++.IP \(em 4 ++Latest draft for the protocol: ++ ++.IP \(em 4 ++GnuPG on Web Key Service: ++ ++ ++.SH BUGS ++Please report bugs to . ++ ++.SH COPYRIGHT ++Copyright \(co 2017 Free Software Foundation, Inc. ++License GPLv3+: GNU GPL version 3 or later ++ ++This is free software: you are free to change and redistribute it. ++There is NO WARRANTY, to the extent permitted by law. ++ ++This manpage was written by \fBStefan Bühler\fR for the Debian ++distribution (but may be used by others). diff --cc debian/gpg-wks-client.install index 0000000,0000000..1b331dd new file mode 100644 --- /dev/null +++ b/debian/gpg-wks-client.install @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/lib/gnupg/gpg-wks-client diff --cc debian/gpg-wks-client.manpages index 0000000,0000000..d2edd3e new file mode 100644 --- /dev/null +++ b/debian/gpg-wks-client.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/gpg-wks-client.1 diff --cc debian/gpg-wks-server.1 index 0000000,0000000..4c01128 new file mode 100644 --- /dev/null +++ b/debian/gpg-wks-server.1 @@@ -1,0 -1,0 +1,180 @@@ ++.TH GPG\-WKS\-SERVER "1" "May 2017" "gpg-wks-server (GnuPG) 2.1.20" "User Commands" ++ ++.SH NAME ++gpg\-wks\-server \- Server for the Web Key Service ++ ++.SH SYNOPSIS ++.B gpg\-wks\-server ++.RB [ COMMAND ] ++.RB [ OPTIONS ] ++.RB [ ARGS ] ++ ++.SH DESCRIPTION ++.B gpg\-wks\-server ++is a server for the Web Key Service. It can handle incoming mails with ++the ++.B \-\-receive ++command. ++.P ++See the EXAMPLES section for procmail and crontab configurations. ++.P ++You also need a webserver configured to alias requests to ++.I /.well\-known/openpgp/ ++and below to the ++.I /var/lib/gnupg/wks// ++directory. ++ ++.SH COMMANDS ++.TP ++.B \-\-receive ++Receive a submission or confirmation. ++.TP ++.B \-\-cron ++Run regular jobs. ++.TP ++.B \-\-list\-domains ++List configured domains, and checks some file and directory permissions. ++.TP ++.B \-\-version ++Show program version and some meta information. ++.TP ++.BR \-h ", " \-\-help ++Output a short usage information. ++.TP ++.B \-\-warranty ++Print warranty information. ++.TP ++.B \-\-dump-options ++Dump all available options and commands. ++ ++.SH OPTIONS ++.TP ++.BR \-v ", " \-\-verbose ++Enable verbose output. ++.TP ++.BR \-q ", " \-\-quiet ++Be somewhat more quiet. ++.TP ++.B \-\-send ++Send the mail using sendmail. ++.TP ++.BR \-o ", " \-\-output " \fIFILE\fR" ++Write the mail to FILE. ++.TP ++.BI \-\-from " ADDR" ++Use ADDR as the default sender. ++.TP ++.BI \-\-header " NAME=VALUE" ++Add "NAME: VALUE" as header to all mails. ++.IP ++Can be used to add a header for loop detections, see procmail example. ++.TP ++.B \-\-debug ++Set debugging flags. All flags are or-ed and flags may be given in C ++syntax (e.g. 0x0042) or as a comma separated list of flag names. To get ++a list of all supported flags the single word "help" can be used. ++.TP ++.BI \-\-gpg " GPG" ++Use the specified command instead of ++.BR gpg . ++ ++.SH DIRECTORIES ++.TP ++.B /var/lib/gnupg/wks/ ++Contains a subdirectory for each domain to run the server for. Each ++subdirectory is supposed to contain what should show up on ++.BR https://.../.well\-known/openpgp/ . ++.IP ++The user running ++.B gpg\-wks\-server ++needs write access to these subdirectories. ++ ++.SH EXAMPLES ++.SS ~/.procmailrc ++Store received emails in ++.B ~/Mail/ ++(create it manually first), uses \fIFrom: key\-submission@example.com\fR and ++\fIX\-WKS\-Loop: example.com\fR as loop detection: ++.P ++.nf ++.RS 4 ++MAILDIR=$HOME/Mail ++LOGFILE=$HOME/Mail/from ++LOCKFILE=$HOME/Mail/.lockmail ++VERBOSE=yes ++ ++# filter out FROM_DAEMON mails (bounces, ...) into separate mailbox ++:0 ++* ^FROM_DAEMON ++from\-daemon/ ++ ++# archive (copy!) all "normal" mails ++:0 c ++archive/ ++ ++# if not in a loop: handle mails with gpg\-wks\-server ++:0 w ++* !^From: key\-submission@example.com ++* !^X\-WKS\-Loop: example.com ++|gpg\-wks\-server \-v \-\-receive \\ ++ \-\-header X\-WKS\-Loop=example.com \\ ++ \-\-from key\-submission@example.com \-\-send ++ ++# if handling failed: store in separate mailbox ++:0 e ++cruft/ ++.RE ++.fi ++ ++.SS ~/.forward ++In case procmail is not used automatically the following ++.B ~/.forward ++file might be useful: ++.P ++.nf ++.RS 4 ++"|exec /usr/bin/procmail || exit 75" ++.RE ++.fi ++.P ++The double quotes are supposed to be included in the file! ++ ++.SS crontab ++You should run the ++.B \-\-cron ++command once a day. Edit the crontab with ++.P ++.nf ++.RS 4 ++crontab \-e ++.RE ++.fi ++.P ++and append the following line: ++.P ++.nf ++.RS 4 ++42 3 * * * gpg\-wks\-server \-\-cron ++.RE ++.fi ++ ++.SH SEE ALSO ++.IP \(em 4 ++Latest draft for the Web Key Service protocol: ++ ++.IP \(em 4 ++GnuPG on Web Key Service: ++ ++ ++.SH BUGS ++Please report bugs to . ++ ++.SH COPYRIGHT ++Copyright \(co 2017 Free Software Foundation, Inc. ++License GPLv3+: GNU GPL version 3 or later ++ ++This is free software: you are free to change and redistribute it. ++There is NO WARRANTY, to the extent permitted by law. ++ ++This manpage was written by \fBStefan Bühler\fR for the Debian ++distribution (but may be used by others). diff --cc debian/gpg-wks-server.install index 0000000,0000000..c18c2e7 new file mode 100644 --- /dev/null +++ b/debian/gpg-wks-server.install @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/bin/gpg-wks-server diff --cc debian/gpg-wks-server.manpages index 0000000,0000000..5bd206c new file mode 100644 --- /dev/null +++ b/debian/gpg-wks-server.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/gpg-wks-server.1 diff --cc debian/gpg-zip.1 index 0000000,0000000..c20f770 new file mode 100644 --- /dev/null +++ b/debian/gpg-zip.1 @@@ -1,0 -1,0 +1,106 @@@ ++.TH "GPG\-ZIP" 1 "November 2006" ++ ++.SH NAME ++gpg\-zip \- encrypt or sign files into an archive ++ ++.SH SYNOPSIS ++.B gpg\-zip ++.RB [ OPTIONS ] ++.IR filename1 " [" "filename2, ..." ] ++.IR directory1 " [" "directory2, ..." ] ++ ++.SH DESCRIPTION ++This manual page documents briefly the ++.B gpg\-zip ++command. ++.PP ++.B gpg\-zip ++IS DEPRECATED. PLEASE USE gpgtar(1) instead. ++.PP ++.B gpg\-zip ++encrypts or signs files into an archive. It is an gpg-ized tar using the ++same format as PGP's PGP Zip. ++ ++.SH OPTIONS ++.TP ++.BR \-e ", " \-\-encrypt ++Encrypt data. This option may be combined with ++.B \-\-symmetric ++(for output that may be decrypted via a secret key or a passphrase). ++.TP ++.BR \-d ", " \-\-decrypt ++Decrypt data. ++.TP ++.BR \-c ", " \-\-symmetric ++Encrypt with a symmetric cipher using a passphrase. The default ++symmetric cipher used is CAST5, but may be chosen with the ++.B \-\-cipher\-algo ++option to ++.BR gpg (1). ++.TP ++.BR \-s ", " \-\-sign ++Make a signature. See ++.BR gpg (1). ++.TP ++.BR \-r ", " \-\-recipient " \fIUSER\fR" ++Encrypt for user id \fIUSER\fR. See ++.BR gpg (1). ++.TP ++.BR \-u ", " \-\-local\-user " \fIUSER\fR" ++Use \fIUSER\fR as the key to sign with. See ++.BR gpg (1). ++.TP ++.B \-\-list\-archive ++List the contents of the specified archive. ++.TP ++.BR \-o ", " \-\-output " " \fIFILE\fR" ++Write output to specified file ++.IR FILE . ++.TP ++.BI \-\-gpg " GPG" ++Use the specified command instead of ++.BR gpg . ++.TP ++.BI \-\-gpg\-args " ARGS" ++Pass the specified options to ++.BR gpg (1). ++.TP ++.BI \-\-tar " TAR" ++Use the specified command instead of ++.BR tar . ++.TP ++.BI \-\-tar\-args " ARGS" ++Pass the specified options to ++.BR tar (1). ++.TP ++.BR \-h ", " \-\-help ++Output a short usage information. ++.TP ++.B \-\-version ++Output the program version. ++ ++.SH DIAGNOSTICS ++The program returns \fB0\fR if everything was fine, \fB1\fR otherwise. ++ ++.SH EXAMPLES ++Encrypt the contents of directory \fImydocs\fR for user Bob to file \fItest1\fR: ++.IP ++.B gpg\-zip \-\-encrypt \-\-output test1 \-\-gpg-args ""\-r Bob"" mydocs ++.PP ++List the contents of archive \fItest1\fR: ++.IP ++.B gpg\-zip \-\-list\-archive test1 ++ ++.SH SEE ALSO ++.BR gpg (1), ++.BR gpgtar (1), ++.BR tar (1) ++ ++.SH AUTHOR ++Copyright (C) 2005 Free Software Foundation, Inc. Please report bugs to ++<\&bug-gnupg@gnu.org\&>. ++ ++This manpage was written by \fBColin Tuckley\fR <\&colin@tuckley.org\&> ++and \fBDaniel Leidert\fR <\&daniel.leidert@wgdd.de\&> for the Debian ++distribution (but may be used by others). ++ diff --cc debian/gpg.install index 0000000,0000000..0b53564 new file mode 100644 --- /dev/null +++ b/debian/gpg.install @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/bin/gpg diff --cc debian/gpg.manpages index 0000000,0000000..7c47415 new file mode 100644 --- /dev/null +++ b/debian/gpg.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man1/gpg.1 diff --cc debian/gpgcompose.1 index 0000000,0000000..f92fb05 new file mode 100644 --- /dev/null +++ b/debian/gpgcompose.1 @@@ -1,0 -1,0 +1,56 @@@ ++.TH "gpgcompose" 1 "June 2017" ++ ++.SH NAME ++gpgcompose \- Generate a stream of OpenPGP packets ++ ++.SH SYNOPSIS ++.B gpgcompose ++.RI [[ OPTION ++.RI [ ARGS ]] ++\&... ] ++ ++.B gpgcompose --help ++ ++.B gpgcompose ++.I OPTION ++.B --help ++ ++.SH DESCRIPTION ++.B gpgcompose ++generates a stream of OpenPGP packets, including some which can ++include other nested packets within a layer of encryption. The syntax ++on the command line isn't stable enough to document currently, but ++additional hints and examples can be found from the command line using ++.BR \-\-help . ++ ++.SH EXTERNAL DEPENDENCIES ++ ++.B gpgcompose ++is not capable of performing secret key operations on its own. ++Creation of any OpenPGP object that requires secret key operations ++(e.g., ++.BR \-\-signature ) ++will need to speak to an already-running ++.BR gpg-agent . ++ ++.SH FILES ++ ++Occasionally, ++.B gpgcompose ++will need to look up existing public keys for reference (e.g., ++.BR \-\-public-key ). ++It will do so in ++.BR ~/.gnupg/keyring.kbx, ++or in ++.B $GNUPGHOME/keyring.kbx ++if that variable is set. ++ ++.SH SEE ALSO ++ ++RFC 4880, gpg(1), gpg-agent(1), gpg-connect-agent(1) ++ ++.SH AUTHOR ++gpgcompose is copyright (C) 2016, g10 Code GmbH. ++ ++This manpage was written by Daniel Kahn Gillmor . ++ diff --cc debian/gpgconf.examples index 0000000,0000000..3e74b94 new file mode 100644 --- /dev/null +++ b/debian/gpgconf.examples @@@ -1,0 -1,0 +1,1 @@@ ++doc/examples/gpgconf.conf diff --cc debian/gpgconf.install index 0000000,0000000..398d8a6 new file mode 100644 --- /dev/null +++ b/debian/gpgconf.install @@@ -1,0 -1,0 +1,3 @@@ ++debian/tmp/usr/bin/gpg-connect-agent ++debian/tmp/usr/bin/gpgconf ++debian/tmp/usr/share/gnupg/distsigkey.gpg diff --cc debian/gpgconf.manpages index 0000000,0000000..70bb0d7 new file mode 100644 --- /dev/null +++ b/debian/gpgconf.manpages @@@ -1,0 -1,0 +1,2 @@@ ++debian/tmp/usr/share/man/man1/gpg-connect-agent.1 ++debian/tmp/usr/share/man/man1/gpgconf.1 diff --cc debian/gpgsm.install index 0000000,0000000..8822607 new file mode 100644 --- /dev/null +++ b/debian/gpgsm.install @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/bin/gpgsm diff --cc debian/gpgsm.manpages index 0000000,0000000..ad6a686 new file mode 100644 --- /dev/null +++ b/debian/gpgsm.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man1/gpgsm.1 diff --cc debian/gpgsplit.1 index 0000000,0000000..116ce89 new file mode 100644 --- /dev/null +++ b/debian/gpgsplit.1 @@@ -1,0 -1,0 +1,41 @@@ ++.TH "gpgsplit" 1 "December 2005" ++ ++.SH NAME ++gpgsplit \- Split an OpenPGP message into packets ++ ++.SH SYNOPSIS ++.B gpgsplit ++.RI [ OPTIONS ] ++.RI [ FILES ] ++ ++.SH DESCRIPTION ++This manual page documents briefly the ++.B gpgsplit ++command. ++.PP ++.B gpgsplit ++splits an OpenPGP message into packets. ++ ++.SH OPTIONS ++.TP ++.BR \-v , \-\-verbose ++Verbose. ++.TP ++.BR \-p , "\-\-prefix " \fISTRING\fR ++Prepend filenames with \fISTRING\fR. ++.TP ++.B \-\-uncompress ++Uncompress a packet. ++.TP ++.B \-\-secret\-to\-public ++Convert secret keys to public keys. ++.TP ++.B \-\-no\-split ++Write to stdout and don't actually split. ++ ++.SH AUTHOR ++Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to ++. ++ ++This manpage was written by Francois Wendling . ++ diff --cc debian/gpgv-static.1 index 0000000,0000000..c8dcc1a new file mode 100644 --- /dev/null +++ b/debian/gpgv-static.1 @@@ -1,0 -1,0 +1,32 @@@ ++.TH GPGV-STATIC "1" "November 2016" "GnuPG" "Gnu Privacy Guard 2.1" ++ ++.SH NAME ++gpgv-static - Verify OpenPGP signatures (static build) ++ ++.SH SYNOPSIS ++.B gpgv-static [\fIoptions\fP] \fIsigned_files\fP ++ ++.SH DESCRIPTION ++\fBgpgv\fR is an OpenPGP signature verification tool. ++ ++\fBgpgv-static\fR is \fBgpgv\fR built statically so that it can be ++directly used on any platform that is running on the Linux kernel, ++such as Android, ChromeOS, or many embedded Linux systems. ++ ++This version of \fBgpgv\fR in combination with \fBdebootstrap\fR and ++the Debian archive keyring allows the secure creation of chroot ++installs on these platforms by using the full Debian signature ++verification that is present in all official Debian mirrors. ++ ++You may wish to re-name the binary to plain \fBgpgv\fR when ++transferring it into such a platform to create a chroot. ++ ++Please read the documentation for \fBgpgv\fR for more details. ++ ++.SH SEE ALSO ++\fBgpg\fR(1) ++ ++.SH AUTHOR ++This manual page was written by Daniel Kahn Gillmor ++ for the Debian project, but may be used by ++others under the same license as GnuPG itself. diff --cc debian/gpgv-static.install index 0000000,0000000..adb6deb new file mode 100644 --- /dev/null +++ b/debian/gpgv-static.install @@@ -1,0 -1,0 +1,1 @@@ ++build-gpgv-static/g10/gpgv-static usr/bin/ diff --cc debian/gpgv-static.lintian-overrides index 0000000,0000000..fa0b8df new file mode 100644 --- /dev/null +++ b/debian/gpgv-static.lintian-overrides @@@ -1,0 -1,0 +1,3 @@@ ++# gpgv-static is deliberately built statically. We cannot avoid ++# embedding zlib. ++gpgv-static: embedded-library usr/bin/gpgv-static: zlib diff --cc debian/gpgv-static.manpages index 0000000,0000000..e3f73aa new file mode 100644 --- /dev/null +++ b/debian/gpgv-static.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/gpgv-static.1 diff --cc debian/gpgv-udeb.install index 0000000,0000000..fe27533 new file mode 100644 --- /dev/null +++ b/debian/gpgv-udeb.install @@@ -1,0 -1,0 +1,1 @@@ ++build-gpgv-udeb/g10/gpgv usr/bin/ diff --cc debian/gpgv-win32.install index 0000000,0000000..cf3cd8c new file mode 100644 --- /dev/null +++ b/debian/gpgv-win32.install @@@ -1,0 -1,0 +1,1 @@@ ++build-gpgv-win32/g10/gpgv.exe usr/share/win32 diff --cc debian/gpgv.install index 0000000,0000000..0a9f9a2 new file mode 100644 --- /dev/null +++ b/debian/gpgv.install @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/bin/gpgv diff --cc debian/gpgv.manpages index 0000000,0000000..86a9e29 new file mode 100644 --- /dev/null +++ b/debian/gpgv.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man1/gpgv.1 diff --cc debian/gpgv2.links index 0000000,0000000..5107429 new file mode 100644 --- /dev/null +++ b/debian/gpgv2.links @@@ -1,0 -1,0 +1,2 @@@ ++usr/bin/gpgv usr/bin/gpgv2 ++usr/share/man/man1/gpgv.1.gz usr/share/man/man1/gpgv2.1.gz diff --cc debian/kbxutil.1 index 0000000,0000000..d59f1fe new file mode 100644 --- /dev/null +++ b/debian/kbxutil.1 @@@ -1,0 -1,0 +1,62 @@@ ++.TH KBXUTIL "1" "March 2016" "kbxutil (GnuPG) 2.1.11" "User Commands" ++ ++.SH NAME ++kbxutil \- List, export, import Keybox data ++ ++.SH SYNOPSIS ++.B kbxutil ++.RB [ OPTIONS ] ++.RB [ FILES ] ++ ++.SH DESCRIPTION ++List, export, import Keybox data ++ ++.SH COMMANDS ++.TP ++.B \-\-stats ++show key statistics ++.TP ++.B \-\-import\-openpgp ++import OpenPGP keyblocks ++.TP ++.B \-\-find\-dups ++find duplicates ++.TP ++.B \-\-cut ++export records ++ ++.SH OPTIONS ++.TP ++.BI \-\-from " N" ++first record to export ++.TP ++.BI \-\-to " N" ++last record to export ++.TP ++.BR \-v ", " \-\-verbose ++verbose ++.TP ++.BR \-q ", " \-\-quiet ++be somewhat more quiet ++.TP ++.BR \-n ", " \-\-dry\-run ++do not make any changes ++.TP ++.B \-\-debug ++set debugging flags ++.TP ++.B \-\-debug\-all ++enable full debugging ++ ++.SH BUGS ++Please report bugs to . ++ ++.SH COPYRIGHT ++Copyright \(co 2016 Free Software Foundation, Inc. ++License GPLv3+: GNU GPL version 3 or later ++ ++This is free software: you are free to change and redistribute it. ++There is NO WARRANTY, to the extent permitted by law. ++ ++This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian ++distribution (but may be used by others). diff --cc debian/lspgpot.1 index 0000000,0000000..ba27eca new file mode 100644 --- /dev/null +++ b/debian/lspgpot.1 @@@ -1,0 -1,0 +1,22 @@@ ++.TH "lspgpot" 1 "December 2005" ++ ++.SH NAME ++lspgpot - extracts the ownertrust values from PGP keyrings and list them in ++GnuPG ownertrust format. ++ ++ ++.SH SYNOPSIS ++.B lspgpot ++ ++ ++.SH DESCRIPTION ++.B lspgpot ++extracts the ownertrust values from PGP keyrings and list them in ++GnuPG ownertrust format. ++ ++.SH AUTHOR ++Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to ++. ++ ++This manpage was written by Francois Wendling . ++ diff --cc debian/migrate-pubring-from-classic-gpg index 0000000,0000000..ecbc8d9 new file mode 100755 --- /dev/null +++ b/debian/migrate-pubring-from-classic-gpg @@@ -1,0 -1,0 +1,108 @@@ ++#!/bin/bash ++ ++# script to migrate fully from pubring.gpg to pubring.kbx ++ ++# Author: Daniel Kahn Gillmor ++# Date: 2016-04-01 ++# License: GPLv3+ ++ ++# This was written for the Debian project ++ ++set -e ++ ++GPG="${GPG:-gpg}" ++ ++# select the default GnuPG home directory to work from: ++GHD=${GNUPGHOME:-${HOME:-$(getent passwd "$(id -u)" | cut -f6 -d:)}/.gnupg} ++ ++# Check that this is gnupg 2.1 or 2.2: ++VERSION=$("$GPG" --version | head -n1 | cut -f3 -d\ | cut -f1,2 -d.) ++if [ "$VERSION" != 2.1 ] && [ "$VERSION" != 2.2 ] ; then ++ printf '%s is version %s not version 2.1 or 2.2, this script might be wrong\n' "$GPG" "$VERSION" >&2 ++ exit 1 ++fi ++ ++usage() { ++ printf 'Usage: %s [GPGHOMEDIR|--default] ++\tMigrate public keyring in GPGHOMEDIR from "classic" to "modern" GnuPG ++\tusing %s version %s. ++ ++\t--default migrates the GnuPG home directory at "%s" ++' "$0" "$GPG" "$VERSION" "$GHD" ++} ++ ++if [ -z "$1" ]; then ++ usage >&2 ++ exit 1 ++else ++ case "$1" in ++ --help|--usage|-h) ++ usage ++ exit ++ ;; ++ --default) ++ ;; ++ *) ++ GHD="$1" ++ ;; ++ esac ++fi ++ ++GPG=("$GPG" --homedir "$GHD" --batch) ++ ++# ensure that there is a pubring.gpg to migrate: ++if ! [ -f "$GHD/pubring.gpg" ]; then ++ printf 'There is no %s/pubring.gpg, no need to migrate\n' "$GHD" >&2 ++ exit ++fi ++if ! [ -s "$GHD/pubring.gpg" ]; then ++ mv -- "$GHD/pubring.gpg" "$GHD/pubring.gpg.empty" ++ printf '%s/pubring.gpg was empty (and has been moved out of the way), no need to migrate\n' "$GHD" >&2 ++ exit ++fi ++ ++BACKUP="$(mktemp -d "$GHD/migrate-from-classic-backup.$(date +%F).XXXXXX")" ++printf 'Migrating from:\n%s\n[Backing up to %s]\n' "$(ls -l "$GHD/pubring.gpg")" "$BACKUP" >&2 ++ ++"${GPG[@]}" --export-ownertrust > "$BACKUP/ownertrust.txt" ++mv "$GHD/pubring.gpg" "$BACKUP/" ++ ++revert() { ++ printf >&2 'Restoring pubring.gpg...\n' ++ cp "$BACKUP/pubring.gpg" "$GHD/pubring.gpg" ++} ++ ++trap revert EXIT ++ ++if ! "${GPG[@]}" --status-file "$BACKUP/import-status" --import-options import-local-sigs,keep-ownertrust,repair-pks-subkey-bug --import < "$BACKUP/pubring.gpg" ; then ++ cat >&2 <&2 <&2 diff --cc debian/migrate-pubring-from-classic-gpg.1 index 0000000,0000000..7cbeec7 new file mode 100644 --- /dev/null +++ b/debian/migrate-pubring-from-classic-gpg.1 @@@ -1,0 -1,0 +1,94 @@@ ++.TH "MIGRATE-PUBRING-FROM-CLASSIC-GPG" 1 "April 2016" ++ ++.SH NAME ++migrate\-pubring\-from\-classic\-gpg \- Migrate a public keyring from "classic" to "modern" GnuPG ++ ++.SH SYNOPSIS ++.B migrate\-pubring\-from\-classic\-gpg ++.RB "[ " GPGHOMEDIR " | " ++.IR \-\-default " ]" ++ ++.SH DESCRIPTION ++ ++.B migrate\-pubring\-from\-classic\-gpg ++migrates the public keyring in GnuPG home directory GPGHOMEDIR from ++the "classic" keyring format (pubring.gpg) to the "modern" keybox format using GnuPG ++versions 2.1 or 2.2 (pubring.kbx). ++ ++Specifying ++.B \-\-default ++selects the standard GnuPG home directory (looking at $GNUPGHOME ++first, and falling back to ~/.gnupg if unset. ++ ++.SH OPTIONS ++.BR \-h ", " \-\-help ", " \-\-usage ++Output a short usage information. ++ ++.SH DIAGNOSTICS ++The program sends quite a bit of text (perhaps too much) to stderr. ++ ++During a migration, the tool backs up several pieces of data in a ++timestamped subdirectory of the GPGHOMEDIR. ++ ++.SH LIMITATIONS ++The keybox format rejects a number of OpenPGP certificates that the ++"classic" keyring format used to accept. These filters are defensive, ++since the certificates rejected are unsafe -- either cryptographically ++unsound, or dangerously non-performant. This means that some ++migrations may produce warning messages about the migration being ++incomplete. This is generally a good thing! ++ ++Known limitations: ++ ++.B Flooded certificates ++.RS 4 ++Some OpenPGP certificates have been flooded with bogus certifications ++as part of an attack on the SKS keyserver network (see ++https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-03#section-2.1). ++ ++The keybox format rejects import of any OpenPGP certificate larger ++than 5MiB. As of GnuPG 2.2.17, if gpg encounters such a flooded ++certificate will retry the import while stripping all third-party ++certifications (see "self-sigs-only" in gpg(1)). ++ ++The typical error message when migrating a keyring with a flooded ++certificate will be something like: ++ ++.RE ++.RS 8 ++error writing keyring 'pubring.kbx': Provided object is too large ++.RE ++ ++.B OpenPGPv3 public keys (a.k.a. "PGP-2" keys) ++.RS 4 ++Modern OpenPGP implementations use so-called "OpenPGP v4" public keys. ++Older versions of the public key format have serious known problems. ++See https://tools.ietf.org/html/rfc4880#section-5.5.2 for more details ++about and reasons for v3 key deprecation. ++ ++The keybox format skips v3 keys entirely during migration, and GnuPG ++will produce a message like: ++ ++.RE ++.RS 8 ++skipped PGP-2 keys: 1 ++.RE ++ ++.SH ENVIRONMENT VARIABLES ++ ++.B GNUPGHOME ++Selects the GnuPG home directory when set and --default is given. ++ ++.B GPG ++The name of the ++.B gpg ++executable (defaults to ++.B gpg ++). ++ ++.SH SEE ALSO ++.BR gpg (1) ++ ++.SH AUTHOR ++Copyright (C) 2016 Daniel Kahn Gillmor for the Debian project. Please ++report bugs via the Debian BTS. diff --cc debian/org.gnupg.scdaemon.metainfo.xml index 0000000,0000000..e244544 new file mode 100644 --- /dev/null +++ b/debian/org.gnupg.scdaemon.metainfo.xml @@@ -1,0 -1,0 +1,51 @@@ ++ ++ ++ org.gnupg.scdaemon ++ CC0-1.0 ++ scdaemon ++ USB SmartCard Readers ++ ++

++ GnuPG's scdaemon provides access to USB tokens and smartcard ++ readers that provide cryptographic functionality (e.g. use of ++ protected secret keys). ++

++ ++ ++ usb:v046Ap0005d* ++ usb:v046Ap0010d* ++ usb:v046Ap003Ed* ++ usb:v04E6p5111d* ++ usb:v04E6p5115d* ++ usb:v04E6p5116d* ++ usb:v04E6p5117d* ++ usb:v04E6pE001d* ++ usb:v04E6pE003d* ++ usb:v076Bp3821d* ++ usb:v076Bp6622d* ++ usb:v08E6p3437d* ++ usb:v08E6p3438d* ++ usb:v08E6p3478d* ++ usb:v08E6p34C2d* ++ usb:v08E6p34ECd* ++ usb:v0C4Bp0500d* ++ usb:v0D46p2012d* ++ usb:v1050p0111d* ++ usb:v1050p0112d* ++ usb:v1050p0115d* ++ usb:v1050p0116d* ++ usb:v1050p0404d* ++ usb:v1050p0405d* ++ usb:v1050p0406d* ++ usb:v1050p0407d* ++ usb:v1A44p0920d* ++ usb:v1FC9p81E6d* ++ usb:v20A0p4107d* ++ usb:v20A0p4108d* ++ usb:v20A0p4109d* ++ usb:v20A0p4211d* ++ usb:v234Bp0000d* ++ usb:v058Fp9540d* ++ usb:v0BF8p1006d* ++ ++ diff --cc debian/package-dependencies.dot index 0000000,0000000..8297f78 new file mode 100644 --- /dev/null +++ b/debian/package-dependencies.dot @@@ -1,0 -1,0 +1,73 @@@ ++#!/usr/bin/dot ++ ++# interrelationships between binary packages produced by gnupg2 source ++# package: ++ ++# it would be good to graph the external dependencies as well. ++ ++digraph gnupg2 { ++ # odd-duck packages: ++ node [shape=box]; ++ gpgv_udeb [label="gpgv-udeb"]; ++ gpgv_static [label="gpgv-static"]; ++ gpgv_win32 [label="gpgv-win32"]; ++ ++ # meta-packages, transitional packages: ++ node [shape=diamond]; ++ gnupg_agent [label="gnupg-agent"]; ++ gnupg; ++ gnupg2; ++ gpgv2; ++ ++ ++ node [shape=ellipse]; ++ gpg_agent [label="gpg-agent"]; ++ gpg_wks_server [label="gpg-wks-server"]; ++ gpg_wks_client [label="gpg-wks-client"]; ++ gnupg_l10n [label="gnupg-l10n"]; ++ gnupg_utils [label="gnupg-utils"]; ++ ++ ++ # depends: ++ edge [color=black]; ++ gnupg_agent -> gpg_agent; ++ gpg_agent -> gpgconf; ++ gpg_wks_server -> gpg; ++ gpg_wks_server -> gpg_agent; ++ gpg_wks_client -> gpg; ++ gpg_wks_client -> gpg_agent; ++ gpg_wks_client -> dirmngr; ++ scdaemon -> gpg_agent; ++ gpgsm -> gpgconf; ++ gpg -> gpgconf; ++ gnupg -> dirmngr; ++ gnupg -> gnupg_l10n; ++ gnupg -> gnupg_utils; ++ gnupg -> gpg; ++ gnupg -> gpg_agent; ++ gnupg -> gpg_wks_client; ++ gnupg -> gpg_wks_server; ++ gnupg -> gpgsm; ++ gnupg -> gpgv; ++ gnupg2 -> gnupg; ++ gpgv2 -> gpgv; ++ dirmngr -> gpgconf; ++ ++ ++ # recommends: ++ edge [color=red]; ++ gpg_agent -> gnupg; ++ gpg_wks_server -> gnupg; ++ gpg_wks_client -> gnupg; ++ gpgsm -> gnupg; ++ gpg -> gnupg; ++ dirmngr -> gnupg; ++ gnupg_utils -> gpg; ++ gnupg_utils -> gpg_agent; ++ gnupg_utils -> gpgconf; ++ gnupg_utils -> gpgsm; ++ ++ # suggests: ++ edge [color=blue]; ++ gpgv -> gnupg; ++} diff --cc debian/patches/Make-gpg-zip-use-tar-from-PATH.patch index 0000000,0000000..2deee94 new file mode 100644 --- /dev/null +++ b/debian/patches/Make-gpg-zip-use-tar-from-PATH.patch @@@ -1,0 -1,0 +1,27 @@@ ++From: Daniel Kahn Gillmor ++Date: Sun, 18 Nov 2018 17:29:52 -0500 ++Subject: Make gpg-zip use tar from $PATH ++ ++Apparently there is no clean way to configure this from ./configure, ++and upstream is deprecating gpg-zip anyway. So just force-set tar to ++be manually "tar" (meaning, that we should look in the $PATH at ++runtime). ++ ++See also https://dev.gnupg.org/T4251 and https://bugs.debian.org/913582 ++--- ++ tools/gpg-zip.in | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++diff --git a/tools/gpg-zip.in b/tools/gpg-zip.in ++index 9047e36..3821f3a 100644 ++--- a/tools/gpg-zip.in +++++ b/tools/gpg-zip.in ++@@ -23,7 +23,7 @@ ++ # the GNU or POSIX variant of USTAR. ++ ++ VERSION=@VERSION@ ++-TAR=@TAR@ +++TAR=tar ++ GPG=gpg ++ ++ usage="\ diff --cc debian/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch index 0000000,0000000..3d0629c new file mode 100644 --- /dev/null +++ b/debian/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch @@@ -1,0 -1,0 +1,89 @@@ ++From: Daniel Kahn Gillmor ++Date: Tue, 11 Aug 2015 20:28:26 -0400 ++Subject: Avoid simple memory dumps via ptrace ++ ++This avoids needing to setgid gpg-agent. It probably doesn't defend ++against all possible attacks, but it defends against one specific (and ++easy) one. If there are other protections we should do them too. ++ ++This will make it slightly harder to debug the agent because the ++normal user won't be able to attach gdb to it directly while it runs. ++ ++The remaining options for debugging are: ++ ++ * launch the agent from gdb directly ++ * connect gdb to a running agent as the superuser ++ ++Upstream bug: https://dev.gnupg.org/T1211 ++--- ++ agent/gpg-agent.c | 8 ++++++++ ++ configure.ac | 2 +- ++ scd/scdaemon.c | 9 +++++++++ ++ 3 files changed, 18 insertions(+), 1 deletion(-) ++ ++diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c ++index ffd85d1..591f4fd 100644 ++--- a/agent/gpg-agent.c +++++ b/agent/gpg-agent.c ++@@ -48,6 +48,9 @@ ++ # include ++ #endif ++ #include +++#ifdef HAVE_PRCTL +++# include +++#endif ++ ++ #define GNUPG_COMMON_NEED_AFLOCAL ++ #include "agent.h" ++@@ -1013,6 +1016,11 @@ main (int argc, char **argv ) ++ ++ early_system_init (); ++ +++#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) +++ /* Disable ptrace on Linux without sgid bit */ +++ prctl(PR_SET_DUMPABLE, 0); +++#endif +++ ++ /* Before we do anything else we save the list of currently open ++ file descriptors and the signal mask. This info is required to ++ do the exec call properly. We don't need it on Windows. */ ++diff --git a/configure.ac b/configure.ac ++index 919ab31..b5a72e6 100644 ++--- a/configure.ac +++++ b/configure.ac ++@@ -1395,7 +1395,7 @@ AC_CHECK_FUNCS([atexit canonicalize_file_name clock_gettime ctermid \ ++ ftruncate funlockfile getaddrinfo getenv getpagesize \ ++ getpwnam getpwuid getrlimit getrusage gettimeofday \ ++ gmtime_r inet_ntop inet_pton isascii lstat memicmp \ ++- memmove memrchr mmap nl_langinfo pipe raise rand \ +++ memmove memrchr mmap nl_langinfo pipe prctl raise rand \ ++ setenv setlocale setrlimit sigaction sigprocmask \ ++ stat stpcpy strcasecmp strerror strftime stricmp \ ++ strlwr strncasecmp strpbrk strsep strtol strtoul \ ++diff --git a/scd/scdaemon.c b/scd/scdaemon.c ++index 8f8a026..e427b9e 100644 ++--- a/scd/scdaemon.c +++++ b/scd/scdaemon.c ++@@ -36,6 +36,9 @@ ++ #include ++ #include ++ #include +++#ifdef HAVE_PRCTL +++# include +++#endif ++ ++ #define GNUPG_COMMON_NEED_AFLOCAL ++ #include "scdaemon.h" ++@@ -438,6 +441,12 @@ main (int argc, char **argv ) ++ npth_t pipecon_handler; ++ ++ early_system_init (); +++ +++#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) +++ /* Disable ptrace on Linux without sgid bit */ +++ prctl(PR_SET_DUMPABLE, 0); +++#endif +++ ++ set_strusage (my_strusage); ++ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); ++ /* Please note that we may running SUID(ROOT), so be very CAREFUL diff --cc debian/patches/debian-packaging/avoid-beta-warning.patch index 0000000,0000000..5cb22e5 new file mode 100644 --- /dev/null +++ b/debian/patches/debian-packaging/avoid-beta-warning.patch @@@ -1,0 -1,0 +1,44 @@@ ++From: Debian GnuPG Maintainers ++Date: Tue, 14 Apr 2015 10:02:31 -0400 ++Subject: avoid-beta-warning ++ ++avoid self-describing as a beta ++ ++Using autoreconf against the source as distributed in tarball form ++invariably results in a package that thinks it's a "beta" package, ++which produces the "THIS IS A DEVELOPMENT VERSION" warning string. ++ ++since we use dh_autoreconf, i need this patch to avoid producing ++builds that announce themselves as DEVELOPMENT VERSIONs. ++ ++See discussion at: ++ ++ http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html ++--- ++ autogen.sh | 6 +++--- ++ 1 file changed, 3 insertions(+), 3 deletions(-) ++ ++diff --git a/autogen.sh b/autogen.sh ++index b238550..9b86d3f 100755 ++--- a/autogen.sh +++++ b/autogen.sh ++@@ -229,7 +229,7 @@ if [ "$myhost" = "find-version" ]; then ++ esac ++ ++ beta=no ++- if [ -e .git ]; then +++ if false; then ++ ingit=yes ++ tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) ++ tmp=$(echo "$tmp" | sed s/^"$package"//) ++@@ -245,8 +245,8 @@ if [ "$myhost" = "find-version" ]; then ++ rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null))) ++ else ++ ingit=no ++- beta=yes ++- tmp="-unknown" +++ beta=no +++ tmp="" ++ rev="0000000" ++ rvd="0" ++ fi diff --cc debian/patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch index 0000000,0000000..3ca24f8 new file mode 100644 --- /dev/null +++ b/debian/patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch @@@ -1,0 -1,0 +1,37 @@@ ++From: Daniel Kahn Gillmor ++Date: Mon, 29 Aug 2016 12:34:42 -0400 ++Subject: avoid regenerating defsincdate (use shipped file) ++ ++upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am ++tries to rewrite doc/defsincdate if it notices that any of the files ++have been modified more recently, and it does so assuming that we're ++running from a git repo. ++ ++However, we'd rather ship the documents cleanly without regenerating ++defsincdate -- we don't have a git repo available (debian builds from ++upstream tarballs) and any changes to the texinfo files (e.g. from ++debian/patches/) might result in different dates on the files than we ++expect after they're applied by dpkg or quilt or whatever, which makes ++the datestamp unreproducible. ++--- ++ doc/Makefile.am | 7 ------- ++ 1 file changed, 7 deletions(-) ++ ++diff --git a/doc/Makefile.am b/doc/Makefile.am ++index d47d83e..c0a81b0 100644 ++--- a/doc/Makefile.am +++++ b/doc/Makefile.am ++@@ -177,13 +177,6 @@ $(myman_pages) gnupg.7 : yat2m-stamp defs.inc ++ ++ dist-hook: defsincdate ++ ++-defsincdate: $(gnupg_TEXINFOS) ++- : >defsincdate ; \ ++- if test -e $(top_srcdir)/.git; then \ ++- (cd $(srcdir) && git log -1 --format='%ct' \ ++- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ ++- fi ++- ++ defs.inc : defsincdate Makefile mkdefsinc ++ incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ ++ ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ diff --cc debian/patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch index 0000000,0000000..16c3981 new file mode 100644 --- /dev/null +++ b/debian/patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch @@@ -1,0 -1,0 +1,47 @@@ ++From: Daniel Kahn Gillmor ++Date: Sun, 20 Nov 2016 23:09:24 -0500 ++Subject: dirmngr: Avoid automatically checking upstream swdb. ++ ++* dirmngr/dirmngr.c (housekeeping_thread): Avoid automatically ++checking upstream's software database. In Debian, software updates ++should be handled by the distro mechanism, and additional upstream ++checks only confuse the user. ++* doc/dirmngr.texi: document that --allow-version-check does nothing. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ dirmngr/dirmngr.c | 2 -- ++ doc/dirmngr.texi | 7 ++++--- ++ 2 files changed, 4 insertions(+), 5 deletions(-) ++ ++diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c ++index a96cdcf..76843bd 100644 ++--- a/dirmngr/dirmngr.c +++++ b/dirmngr/dirmngr.c ++@@ -1957,8 +1957,6 @@ housekeeping_thread (void *arg) ++ if (network_activity_seen) ++ { ++ network_activity_seen = 0; ++- if (opt.allow_version_check) ++- dirmngr_load_swdb (&ctrlbuf, 0); ++ workqueue_run_global_tasks (&ctrlbuf, 1); ++ } ++ else ++diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi ++index 76be528..742658e 100644 ++--- a/doc/dirmngr.texi +++++ b/doc/dirmngr.texi ++@@ -290,9 +290,10 @@ Set the size of the queue for pending connections. The default is 64. ++ @item --allow-version-check ++ @opindex allow-version-check ++ Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get ++-the list of current software versions. If this option is enabled ++-the list is retrieved in case the local ++-copy does not exist or is older than 5 to 7 days. See the option +++the list of current software versions. +++On debian-packaged versions, this option does nothing since software +++updates should be handled by the distribution. +++See the option ++ @option{--query-swdb} of the command @command{gpgconf} for more ++ details. Note, that regardless of this option a version check can ++ always be triggered using this command: diff --cc debian/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch index 0000000,0000000..0d279d2 new file mode 100644 --- /dev/null +++ b/debian/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch @@@ -1,0 -1,0 +1,226 @@@ ++From: Daniel Kahn Gillmor ++Date: Sat, 29 Oct 2016 02:00:50 -0400 ++Subject: dirmngr: Avoid need for hkp housekeeping. ++ ++* dirmngr/ks-engine-hkp.c (host_is_alive): New function. Test whether ++host is alive and resurrects it if it has been dead long enough. ++(select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive ++instead of testing hostinfo_t->dead directly. ++(ks_hkp_housekeeping): Remove function, no longer needed. ++* dirmngr/dirmngr.c (housekeeping_thread): Remove call to ++ks_hkp_housekeeping. ++ ++-- ++ ++Rather than resurrecting hosts upon scheduled resurrection times, test ++whether hosts should be resurrected as they're inspected for being ++dead. This removes the need for explicit housekeeping, and makes host ++resurrections happen "just in time", rather than being clustered on ++HOUSEKEEPING_INTERVAL seconds. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ dirmngr/dirmngr.c | 3 --- ++ dirmngr/dirmngr.h | 1 - ++ dirmngr/ks-engine-hkp.c | 72 ++++++++++++++++++++++++------------------------- ++ 3 files changed, 35 insertions(+), 41 deletions(-) ++ ++diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c ++index 55c7a49..a96cdcf 100644 ++--- a/dirmngr/dirmngr.c +++++ b/dirmngr/dirmngr.c ++@@ -1938,12 +1938,10 @@ static void * ++ housekeeping_thread (void *arg) ++ { ++ static int sentinel; ++- time_t curtime; ++ struct server_control_s ctrlbuf; ++ ++ (void)arg; ++ ++- curtime = gnupg_get_time (); ++ if (sentinel) ++ { ++ log_info ("housekeeping is already going on\n"); ++@@ -1956,7 +1954,6 @@ housekeeping_thread (void *arg) ++ memset (&ctrlbuf, 0, sizeof ctrlbuf); ++ dirmngr_init_default_ctrl (&ctrlbuf); ++ ++- ks_hkp_housekeeping (curtime); ++ if (network_activity_seen) ++ { ++ network_activity_seen = 0; ++diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h ++index 5189f93..c27f837 100644 ++--- a/dirmngr/dirmngr.h +++++ b/dirmngr/dirmngr.h ++@@ -215,7 +215,6 @@ const char* dirmngr_get_current_socket_name (void); ++ int dirmngr_use_tor (void); ++ ++ /*-- Various housekeeping functions. --*/ ++-void ks_hkp_housekeeping (time_t curtime); ++ void ks_hkp_reload (void); ++ ++ ++diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c ++index 801e565..68d2064 100644 ++--- a/dirmngr/ks-engine-hkp.c +++++ b/dirmngr/ks-engine-hkp.c ++@@ -214,6 +214,24 @@ host_in_pool_p (hostinfo_t hi, int tblidx) ++ return 0; ++ } ++ +++static int +++host_is_alive (hostinfo_t hi, time_t curtime) +++{ +++ if (!hi) +++ return 0; +++ if (!hi->dead) +++ return 1; +++ if (!hi->died_at) +++ return 0; /* manually marked dead */ +++ if (hi->died_at + RESURRECT_INTERVAL <= curtime +++ || hi->died_at > curtime) +++ { +++ hi->dead = 0; +++ log_info ("resurrected host '%s'", hi->name); +++ return 1; +++ } +++ return 0; +++} ++ ++ /* Select a random host. Consult HI->pool which indices into the global ++ hosttable. Returns index into HI->pool or -1 if no host could be ++@@ -224,13 +242,15 @@ select_random_host (hostinfo_t hi) ++ int *tbl = NULL; ++ size_t tblsize = 0; ++ int pidx, idx; +++ time_t curtime; ++ +++ curtime = gnupg_get_time (); ++ /* We create a new table so that we randomly select only from ++ currently alive hosts. */ ++ for (idx = 0; ++ idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; ++ idx++) ++- if (hosttable[pidx] && !hosttable[pidx]->dead) +++ if (hosttable[pidx] && host_is_alive (hosttable[pidx], curtime)) ++ { ++ tblsize++; ++ tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); ++@@ -458,6 +478,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, ++ int is_pool; ++ int new_hosts = 0; ++ char *cname; +++ time_t curtime; ++ ++ *r_host = NULL; ++ if (r_httpflags) ++@@ -484,6 +505,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, ++ } ++ else ++ hi = hosttable[idx]; +++ curtime = gnupg_get_time (); ++ ++ is_pool = hi->pool != NULL; ++ ++@@ -590,7 +612,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, ++ if (force_reselect) ++ hi->poolidx = -1; ++ else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size ++- && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) +++ && hosttable[hi->poolidx] && !host_is_alive (hosttable[hi->poolidx], curtime)) ++ hi->poolidx = -1; ++ ++ /* Select a host if needed. */ ++@@ -642,7 +664,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, ++ free_dns_addrinfo (aibuf); ++ } ++ ++- if (hi->dead) +++ if (!host_is_alive (hi, curtime)) ++ { ++ log_error ("host '%s' marked as dead\n", hi->name); ++ if (r_httphost) ++@@ -747,7 +769,8 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) ++ { ++ gpg_error_t err = 0; ++ hostinfo_t hi, hi2; ++- int idx, idx2, idx3, n; +++ int idx, idx2, idx3, n, is_alive; +++ time_t curtime; ++ ++ if (!name || !*name || !strcmp (name, "localhost")) ++ return 0; ++@@ -756,13 +779,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) ++ if (idx == -1) ++ return gpg_error (GPG_ERR_NOT_FOUND); ++ +++ curtime = gnupg_get_time (); ++ hi = hosttable[idx]; ++- if (alive && hi->dead) +++ is_alive = host_is_alive (hi, curtime); +++ if (alive && !is_alive) ++ { ++ hi->dead = 0; ++ err = ks_printf_help (ctrl, "marking '%s' as alive", name); ++ } ++- else if (!alive && !hi->dead) +++ else if (!alive && is_alive) ++ { ++ hi->dead = 1; ++ hi->died_at = 0; /* Manually set dead. */ ++@@ -796,14 +821,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) ++ ++ hi2 = hosttable[n]; ++ if (!hi2) ++- ; ++- else if (alive && hi2->dead) +++ continue; +++ is_alive = host_is_alive (hi2, curtime); +++ if (alive && !is_alive) ++ { ++ hi2->dead = 0; ++ err = ks_printf_help (ctrl, "marking '%s' as alive", ++ hi2->name); ++ } ++- else if (!alive && !hi2->dead) +++ else if (!alive && is_alive) ++ { ++ hi2->dead = 1; ++ hi2->died_at = 0; /* Manually set dead. */ ++@@ -1089,34 +1115,6 @@ ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri) ++ } ++ ++ ++-/* Housekeeping function called from the housekeeping thread. It is ++- used to mark dead hosts alive so that they may be tried again after ++- some time. */ ++-void ++-ks_hkp_housekeeping (time_t curtime) ++-{ ++- int idx; ++- hostinfo_t hi; ++- ++- for (idx=0; idx < hosttable_size; idx++) ++- { ++- hi = hosttable[idx]; ++- if (!hi) ++- continue; ++- if (!hi->dead) ++- continue; ++- if (!hi->died_at) ++- continue; /* Do not resurrect manually shot hosts. */ ++- if (hi->died_at + RESURRECT_INTERVAL <= curtime ++- || hi->died_at > curtime) ++- { ++- hi->dead = 0; ++- log_info ("resurrected host '%s'", hi->name); ++- } ++- } ++-} ++- ++- ++ /* Reload (SIGHUP) action for this module. We mark all host alive ++ * even those which have been manually shot. */ ++ void diff --cc debian/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch index 0000000,0000000..1e3877f new file mode 100644 --- /dev/null +++ b/debian/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch @@@ -1,0 -1,0 +1,81 @@@ ++From: Daniel Kahn Gillmor ++Date: Sat, 29 Oct 2016 01:25:05 -0400 ++Subject: dirmngr: hkp: Avoid potential race condition when some hosts die. ++ ++* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass ++through the host table instead of risking out-of-bounds write. ++ ++-- ++ ++Multiple threads may write to hosttable[x]->dead while ++select_random_host() is running. For example, a housekeeping thread ++might clear the ->dead bit on some entries, or another connection to ++dirmngr might manually mark a host as alive. ++ ++If one or more hosts are resurrected between the two loops over a ++given table in select_random_host(), then the allocation of tbl might ++not be large enough, resulting in a write past the end of tbl on the ++second loop. ++ ++This change collapses the two loops into a single loop to avoid this ++discrepancy: each host's "dead" bit is now only checked once. ++ ++As Werner points out, this isn't currently strictly necessary, since ++npth will not switch threads unless a blocking system call is made, ++and no blocking system call is made in these two loops. ++ ++However, in a subsequent change in this series, we will call a ++function in this loop, and that function may sometimes write(2), or ++call other functions, which may themselves block. Keeping this as a ++single-pass loop avoids the need to keep track of what might block and ++what might not. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ dirmngr/ks-engine-hkp.c | 23 ++++++++++------------- ++ 1 file changed, 10 insertions(+), 13 deletions(-) ++ ++diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c ++index 20d29e9..801e565 100644 ++--- a/dirmngr/ks-engine-hkp.c +++++ b/dirmngr/ks-engine-hkp.c ++@@ -221,29 +221,26 @@ host_in_pool_p (hostinfo_t hi, int tblidx) ++ static int ++ select_random_host (hostinfo_t hi) ++ { ++- int *tbl; ++- size_t tblsize; +++ int *tbl = NULL; +++ size_t tblsize = 0; ++ int pidx, idx; ++ ++ /* We create a new table so that we randomly select only from ++ currently alive hosts. */ ++- for (idx = 0, tblsize = 0; +++ for (idx = 0; ++ idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; ++ idx++) ++ if (hosttable[pidx] && !hosttable[pidx]->dead) ++- tblsize++; +++ { +++ tblsize++; +++ tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); +++ if (!tbl) +++ return -1; /* memory allocation failed! */ +++ tbl[tblsize-1] = pidx; +++ } ++ if (!tblsize) ++ return -1; /* No hosts. */ ++ ++- tbl = xtrymalloc (tblsize * sizeof *tbl); ++- if (!tbl) ++- return -1; ++- for (idx = 0, tblsize = 0; ++- idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; ++- idx++) ++- if (hosttable[pidx] && !hosttable[pidx]->dead) ++- tbl[tblsize++] = pidx; ++- ++ if (tblsize == 1) /* Save a get_uint_nonce. */ ++ pidx = tbl[0]; ++ else diff --cc debian/patches/fix-spelling.patch index 0000000,0000000..5490130 new file mode 100644 --- /dev/null +++ b/debian/patches/fix-spelling.patch @@@ -1,0 -1,0 +1,39 @@@ ++From: Daniel Kahn Gillmor ++Date: Sun, 18 Nov 2018 17:33:55 -0500 ++Subject: fix spelling ++ ++--- ++ doc/tools.texi | 6 +++--- ++ 1 file changed, 3 insertions(+), 3 deletions(-) ++ ++diff --git a/doc/tools.texi b/doc/tools.texi ++index 7becf67..6256c05 100644 ++--- a/doc/tools.texi +++++ b/doc/tools.texi ++@@ -1561,7 +1561,7 @@ string @code{true} or @code{yes}. The evaluation is done by passing ++ /subst ++ /let i 3 ++ /while $i ++- /echo loop couter is $i +++ /echo loop counter is $i ++ /let i $@{- $i 1@} ++ /end ++ @end smallexample ++@@ -1962,7 +1962,7 @@ Extract all files from an encrypted archive. ++ ++ @item --sign ++ @itemx -s ++-Make a signed archive from the given files and directories. Thsi can +++Make a signed archive from the given files and directories. This can ++ be combined with option @option{--encrypt} to create a signed and then ++ encrypted archive. ++ ++@@ -2031,7 +2031,7 @@ linefeed to separate file names. ++ ++ @item --openpgp ++ @opindex openpgp ++-This option has no effect becuase OpenPGP encryption and signing is +++This option has no effect because OpenPGP encryption and signing is ++ the default. ++ ++ @item --cms diff --cc debian/patches/from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch index 0000000,0000000..8dd141c new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch @@@ -1,0 -1,0 +1,98 @@@ ++From: Werner Koch ++Date: Mon, 17 Dec 2018 18:46:26 +0100 ++Subject: Silence compiler warnings new with gcc 8. ++ ++* dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc. ++* tests/gpgscm/scheme.c: Include gpgrt.h. ++(Eval_Cycle): Ignore -Wimplicit-fallthrough. ++-- ++ ++The funny use of case and labels in the CASE macro seems confuse the ++fallthrough detection. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 21fc089148678f59edb02e0e16bed65b709fb972) ++--- ++ dirmngr/dns.c | 17 ++++++++++++----- ++ tests/gpgscm/scheme.c | 12 ++++++++++++ ++ 2 files changed, 24 insertions(+), 5 deletions(-) ++ ++diff --git a/dirmngr/dns.c b/dirmngr/dns.c ++index 77f83f4..968fc3d 100644 ++--- a/dirmngr/dns.c +++++ b/dirmngr/dns.c ++@@ -77,6 +77,7 @@ typedef int socket_fd_t; ++ #include /* struct addrinfo */ ++ #endif ++ +++#include "gpgrt.h" /* For GGPRT_GCC_VERSION */ ++ #include "dns.h" ++ ++ ++@@ -7521,9 +7522,13 @@ static unsigned char *dns_so_tcp_recv_buffer(struct dns_socket *so) { ++ } ++ ++ ++-#if defined __clang__ ++-#pragma clang diagnostic push ++-#pragma clang diagnostic ignored "-Warray-bounds" +++ +++#if GPGRT_GCC_VERSION >= 80000 +++# pragma GCC diagnostic push +++# pragma GCC diagnostic ignored "-Warray-bounds" +++#elif defined __clang__ +++# pragma clang diagnostic push +++# pragma clang diagnostic ignored "-Warray-bounds" ++ #endif ++ ++ static int dns_so_tcp_send(struct dns_socket *so) { ++@@ -7589,8 +7594,10 @@ static int dns_so_tcp_recv(struct dns_socket *so) { ++ return 0; ++ } /* dns_so_tcp_recv() */ ++ ++-#if __clang__ ++-#pragma clang diagnostic pop +++#if GPGRT_GCC_VERSION >= 80000 +++# pragma GCC diagnostic pop +++#elif __clang__ +++# pragma clang diagnostic pop ++ #endif ++ ++ ++diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c ++index 4384841..b188e36 100644 ++--- a/tests/gpgscm/scheme.c +++++ b/tests/gpgscm/scheme.c ++@@ -44,6 +44,8 @@ ++ # endif ++ #endif ++ +++#include "gpgrt.h" /* For GGPRT_GCC_VERSION */ +++ ++ /* Used for documentation purposes, to signal functions in 'interface' */ ++ #define INTERFACE ++ ++@@ -3438,6 +3440,11 @@ int list_length(scheme *sc, pointer a) { ++ ++ ++ +++#if GPGRT_GCC_VERSION >= 80000 +++# pragma GCC diagnostic push +++# pragma GCC diagnostic ignored "-Wimplicit-fallthrough" +++#endif +++ ++ #define s_retbool(tf) s_return(sc,(tf) ? sc->T : sc->F) ++ ++ /* kernel of this interpreter */ ++@@ -5323,6 +5330,11 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) { ++ } ++ } ++ +++#if GPGRT_GCC_VERSION >= 80000 +++# pragma GCC diagnostic pop +++#endif +++ +++ ++ typedef int (*test_predicate)(pointer); ++ ++ static int is_any(pointer p) { diff --cc debian/patches/from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch index 0000000,0000000..fa0b6d3 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch @@@ -1,0 -1,0 +1,176 @@@ ++From: NIIBE Yutaka ++Date: Mon, 28 Jan 2019 12:58:13 +0900 ++Subject: agent: Clear bogus pinentry cache, when it causes an error. ++ ++* agent/agent.h (PINENTRY_STATUS_*): Expose to public. ++(struct pin_entry_info_s): Add status. ++* agent/call-pinentry.c (agent_askpin): Clearing the ->status ++before the loop, let the assuan_transact set ->status. When ++failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns ++soon. ++* agent/findkey.c (unprotect): Clear the pinentry cache, ++when it causes an error. ++ ++-- ++ ++Cherry-picked from master commit of: ++ 02a2633a7f0b7d91aa48ea615fb3a0edfd6ed6bb ++ ++Debian-bug-id: 919856 ++GnuPG-bug-id: 4348 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 9109bb9919f84d5472b7e62e84b961414a79d3c2) ++--- ++ agent/agent.h | 11 ++++++++++- ++ agent/call-pinentry.c | 37 ++++++++++++++++++------------------- ++ agent/findkey.c | 12 +++++++++++- ++ 3 files changed, 39 insertions(+), 21 deletions(-) ++ ++diff --git a/agent/agent.h b/agent/agent.h ++index 97ac15d..b07ea57 100644 ++--- a/agent/agent.h +++++ b/agent/agent.h ++@@ -265,6 +265,14 @@ struct server_control_s ++ }; ++ ++ +++/* Status of pinentry. */ +++enum +++ { +++ PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, +++ PINENTRY_STATUS_PIN_REPEATED = 1 << 8, +++ PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 +++ }; +++ ++ /* Information pertaining to pinentry requests. */ ++ struct pin_entry_info_s ++ { ++@@ -274,7 +282,8 @@ struct pin_entry_info_s ++ int failed_tries; /* Number of tries so far failed. */ ++ int with_qualitybar; /* Set if the quality bar should be displayed. */ ++ int with_repeat; /* Request repetition of the passphrase. */ ++- int repeat_okay; /* Repetition worked. */ +++ int repeat_okay; /* Repetition worked. */ +++ unsigned int status; /* Status. */ ++ gpg_error_t (*check_cb)(struct pin_entry_info_s *); /* CB used to check ++ the PIN */ ++ void *check_cb_arg; /* optional argument which might be of use in the CB */ ++diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c ++index b68d0a8..1f3bd52 100644 ++--- a/agent/call-pinentry.c +++++ b/agent/call-pinentry.c ++@@ -891,13 +891,6 @@ setup_qualitybar (ctrl_t ctrl) ++ return 0; ++ } ++ ++-enum ++- { ++- PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, ++- PINENTRY_STATUS_PIN_REPEATED = 1 << 8, ++- PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 ++- }; ++- ++ /* Check the button_info line for a close action. Also check for the ++ PIN_REPEATED flag. */ ++ static gpg_error_t ++@@ -962,7 +955,6 @@ agent_askpin (ctrl_t ctrl, ++ const char *errtext = NULL; ++ int is_pin = 0; ++ int saveflag; ++- unsigned int pinentry_status; ++ ++ if (opt.batch) ++ return 0; /* fixme: we should return BAD PIN */ ++@@ -1073,6 +1065,7 @@ agent_askpin (ctrl_t ctrl, ++ pininfo->with_repeat = 0; /* Pinentry does not support it. */ ++ } ++ pininfo->repeat_okay = 0; +++ pininfo->status = 0; ++ ++ for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++) ++ { ++@@ -1106,10 +1099,9 @@ agent_askpin (ctrl_t ctrl, ++ ++ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); ++ assuan_begin_confidential (entry_ctx); ++- pinentry_status = 0; ++ rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, ++ inq_quality, entry_ctx, ++- pinentry_status_cb, &pinentry_status); +++ pinentry_status_cb, &pininfo->status); ++ assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); ++ /* Most pinentries out in the wild return the old Assuan error code ++ for canceled which gets translated to an assuan Cancel error and ++@@ -1121,7 +1113,7 @@ agent_askpin (ctrl_t ctrl, ++ ++ /* Change error code in case the window close button was clicked ++ to cancel the operation. */ ++- if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) +++ if ((pininfo->status & PINENTRY_STATUS_CLOSE_BUTTON) ++ && gpg_err_code (rc) == GPG_ERR_CANCELED) ++ rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); ++ ++@@ -1148,12 +1140,19 @@ agent_askpin (ctrl_t ctrl, ++ /* More checks by utilizing the optional callback. */ ++ pininfo->cb_errtext = NULL; ++ rc = pininfo->check_cb (pininfo); ++- if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE ++- && pininfo->cb_errtext) ++- errtext = pininfo->cb_errtext; ++- else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE ++- || gpg_err_code (rc) == GPG_ERR_BAD_PIN) ++- errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); +++ /* When pinentry cache causes an error, return now. */ +++ if (rc +++ && (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) +++ return unlock_pinentry (ctrl, rc); +++ +++ if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE) +++ { +++ if (pininfo->cb_errtext) +++ errtext = pininfo->cb_errtext; +++ else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE +++ || gpg_err_code (rc) == GPG_ERR_BAD_PIN) +++ errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); +++ } ++ else if (rc) ++ return unlock_pinentry (ctrl, rc); ++ } ++@@ -1161,12 +1160,12 @@ agent_askpin (ctrl_t ctrl, ++ if (!errtext) ++ { ++ if (pininfo->with_repeat ++- && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) +++ && (pininfo->status & PINENTRY_STATUS_PIN_REPEATED)) ++ pininfo->repeat_okay = 1; ++ return unlock_pinentry (ctrl, 0); /* okay, got a PIN or passphrase */ ++ } ++ ++- if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) +++ if ((pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) ++ /* The password was read from the cache. Don't count this ++ against the retry count. */ ++ pininfo->failed_tries --; ++diff --git a/agent/findkey.c b/agent/findkey.c ++index 78c3b1a..89a18fa 100644 ++--- a/agent/findkey.c +++++ b/agent/findkey.c ++@@ -632,7 +632,17 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, ++ pi->check_cb_arg = &arg; ++ ++ rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode); ++- if (!rc) +++ if (rc) +++ { +++ if ((pi->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) +++ { +++ log_error ("Clearing pinentry cache which caused error %s\n", +++ gpg_strerror (rc)); +++ +++ agent_clear_passphrase (ctrl, hexgrip, cache_mode); +++ } +++ } +++ else ++ { ++ assert (arg.unprotected_key); ++ if (arg.change_required) diff --cc debian/patches/from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch index 0000000,0000000..d169017 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch @@@ -1,0 -1,0 +1,38 @@@ ++From: NIIBE Yutaka ++Date: Fri, 25 Jan 2019 10:15:39 +0900 ++Subject: dirmngr: Fix initialization of assuan's nPth hook. ++ ++* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to... ++(thread_init): ... here. ++ ++-- ++ ++Cherry picked master commit of: ++ 1f8817475f59ede3f28f57edc10ba56bbdd08b49 ++ ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 7f4c3eb0a039621c564b6095ab5f810524843157) ++--- ++ dirmngr/dirmngr.c | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c ++index 76843bd..ffbb108 100644 ++--- a/dirmngr/dirmngr.c +++++ b/dirmngr/dirmngr.c ++@@ -802,6 +802,7 @@ static void ++ thread_init (void) ++ { ++ npth_init (); +++ assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); ++ gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); ++ ++ /* Now with NPth running we can set the logging callback. Our ++@@ -877,7 +878,6 @@ main (int argc, char **argv) ++ assuan_set_malloc_hooks (&malloc_hooks); ++ assuan_set_assuan_log_prefix (log_get_prefix (NULL)); ++ assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); ++- assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); ++ assuan_sock_init (); ++ setup_libassuan_logging (&opt.debug, dirmngr_assuan_log_monitor); ++ diff --cc debian/patches/from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch index 0000000,0000000..144a8fc new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch @@@ -1,0 -1,0 +1,54 @@@ ++From: Werner Koch ++Date: Tue, 8 Jan 2019 11:21:07 +0100 ++Subject: doc: Mark keyserver-options timeout and http-proxy as obsolete. ++ ++-- ++ ++(cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400) ++(cherry picked from commit 9fd6ba268f1fdf77cc5baa6e8fd3ab28e432e49b) ++--- ++ doc/gpg.texi | 30 +++++------------------------- ++ 1 file changed, 5 insertions(+), 25 deletions(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index 1eed9fa..1597f9e 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -1895,32 +1895,12 @@ are available for all keyserver types, some common options are: ++ retrieving keys by subkey id. ++ ++ @item timeout ++- Tell the keyserver helper program how long (in seconds) to try and ++- perform a keyserver action before giving up. Note that performing ++- multiple actions at the same time uses this timeout value per action. ++- For example, when retrieving multiple keys via @option{--receive-keys}, the ++- timeout applies separately to each key retrieval, and not to the ++- @option{--receive-keys} command as a whole. Defaults to 30 seconds. ++- ++- @item http-proxy=@var{value} ++- This option is deprecated. ++- Set the proxy to use for HTTP and HKP keyservers. ++- This overrides any proxy defined in @file{dirmngr.conf}. ++- ++- @item verbose ++- This option has no more function since GnuPG 2.1. Use the ++- @code{dirmngr} configuration options instead. ++- ++- @item debug ++- This option has no more function since GnuPG 2.1. Use the ++- @code{dirmngr} configuration options instead. ++- ++- @item check-cert ++- This option has no more function since GnuPG 2.1. Use the ++- @code{dirmngr} configuration options instead. ++- +++ @itemx http-proxy=@var{value} +++ @itemx verbose +++ @itemx debug +++ @itemx check-cert ++ @item ca-cert-file ++- This option has no more function since GnuPG 2.1. Use the +++ These options have no more function since GnuPG 2.1. Use the ++ @code{dirmngr} configuration options instead. ++ ++ @end table diff --cc debian/patches/from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch index 0000000,0000000..0967104 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch @@@ -1,0 -1,0 +1,29 @@@ ++From: Werner Koch ++Date: Wed, 30 Jan 2019 11:28:14 +0100 ++Subject: gpg: Allow generating Ed25519 key from an existing key. ++ ++* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping. ++-- ++ ++Due to this missing mapping a "gpg --export --full-gen-key" with ++selection "13 - Existing key" did not worked for an ed25519 key. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 346a98fabe03adf2e202e36fc2aa24b1c2571154) ++(cherry picked from commit 31d2a1eecaee766919b18bc42b918d9168f601f8) ++--- ++ g10/misc.c | 1 + ++ 1 file changed, 1 insertion(+) ++ ++diff --git a/g10/misc.c b/g10/misc.c ++index d9ebf48..8144471 100644 ++--- a/g10/misc.c +++++ b/g10/misc.c ++@@ -508,6 +508,7 @@ map_pk_gcry_to_openpgp (enum gcry_pk_algos algo) ++ { ++ switch (algo) ++ { +++ case GCRY_PK_EDDSA: return PUBKEY_ALGO_EDDSA; ++ case GCRY_PK_ECDSA: return PUBKEY_ALGO_ECDSA; ++ case GCRY_PK_ECDH: return PUBKEY_ALGO_ECDH; ++ default: return algo < 110 ? (pubkey_algo_t)algo : 0; diff --cc debian/patches/from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch index 0000000,0000000..4aa1edf new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch @@@ -1,0 -1,0 +1,26 @@@ ++From: Werner Koch ++Date: Wed, 30 Jan 2019 14:40:26 +0100 ++Subject: gpg: Emit an ERROR status if no key was found with --list-keys. ++ ++* g10/keylist.c (list_one): Emit status line. ++-- ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 140fda8c61422ec055c3f7e214cc35706c4320dd) ++(cherry picked from commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b) ++--- ++ g10/keylist.c | 1 + ++ 1 file changed, 1 insertion(+) ++ ++diff --git a/g10/keylist.c b/g10/keylist.c ++index 66b03bb..262ea8d 100644 ++--- a/g10/keylist.c +++++ b/g10/keylist.c ++@@ -610,6 +610,7 @@ list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret) ++ { ++ log_error ("error reading key: %s\n", gpg_strerror (rc)); ++ getkey_end (ctrl, ctx); +++ write_status_error ("keylist.getkey", rc); ++ return; ++ } ++ diff --cc debian/patches/from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch index 0000000,0000000..ae96245 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch @@@ -1,0 -1,0 +1,38 @@@ ++From: Werner Koch ++Date: Tue, 22 Jan 2019 10:06:15 +0100 ++Subject: gpg: Stop early when trying to create a primary Elgamal key. ++ ++* g10/misc.c (openpgp_pk_test_algo2): Add extra check. ++-- ++ ++The problem is that --key-gen --batch with a parameter file didn't ++detect that Elgamal is not capable of signing and so an error was only ++triggered at the time the self-signature was created. See the code ++comment for details. ++ ++GnuPG-bug-id: 4329 ++Signed-off-by: Werner Koch ++(cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8) ++(cherry picked from commit f5d3b982e44c5cfc60e9936020102a598b635187) ++--- ++ g10/misc.c | 7 +++++++ ++ 1 file changed, 7 insertions(+) ++ ++diff --git a/g10/misc.c b/g10/misc.c ++index 86baff9..d9ebf48 100644 ++--- a/g10/misc.c +++++ b/g10/misc.c ++@@ -644,6 +644,13 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use) ++ if (!ga) ++ return gpg_error (GPG_ERR_PUBKEY_ALGO); ++ +++ /* Elgamal in OpenPGP used to support signing and Libgcrypt still +++ * does. However, we removed the signing capability from gpg ages +++ * ago. This function should reflect this so that errors are thrown +++ * early and not only when we try to sign using Elgamal. */ +++ if (ga == GCRY_PK_ELG && (use & (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG))) +++ return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); +++ ++ /* Now check whether Libgcrypt has support for the algorithm. */ ++ return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf); ++ } diff --cc debian/patches/from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch index 0000000,0000000..efeb160 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch @@@ -1,0 -1,0 +1,50 @@@ ++From: Werner Koch ++Date: Tue, 18 Dec 2018 08:21:03 +0100 ++Subject: wks: Do not use compression for the encrypted data. ++ ++* tools/gpg-wks-client.c (encrypt_response): Add arg -z0. ++* tools/gpg-wks-server.c (encrypt_stream): Ditto. ++-- ++ ++If for example a server was built without the development packages of ++the compression libraries installed, the server will not be able to ++decrypt a request. In theory this can't happen due to the preference ++system but it is just to easy to create the server's key using a ++different version of gpg and then use gpg-wks-server built ++differently. ++ ++For the short messages we exchange compression is not really required ++and thus we better do without to make the system more robust. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719) ++(cherry picked from commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052) ++--- ++ tools/gpg-wks-client.c | 1 + ++ tools/gpg-wks-server.c | 1 + ++ 2 files changed, 2 insertions(+) ++ ++diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c ++index c8ff166..78e4fe4 100644 ++--- a/tools/gpg-wks-client.c +++++ b/tools/gpg-wks-client.c ++@@ -1151,6 +1151,7 @@ encrypt_response (estream_t *r_output, estream_t input, const char *addrspec, ++ ccparray_put (&ccp, "--status-fd=2"); ++ ccparray_put (&ccp, "--always-trust"); ++ ccparray_put (&ccp, "--armor"); +++ ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */ ++ if (fake_submission_addr) ++ ccparray_put (&ccp, "--auto-key-locate=clear,local"); ++ else ++diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c ++index 1a0ba8f..f83ef65 100644 ++--- a/tools/gpg-wks-server.c +++++ b/tools/gpg-wks-server.c ++@@ -586,6 +586,7 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile) ++ ccparray_put (&ccp, "--always-trust"); ++ ccparray_put (&ccp, "--no-keyring"); ++ ccparray_put (&ccp, "--armor"); +++ ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */ ++ ccparray_put (&ccp, "--recipient-file"); ++ ccparray_put (&ccp, keyfile); ++ ccparray_put (&ccp, "--encrypt"); diff --cc debian/patches/from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch index 0000000,0000000..61521c0 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch @@@ -1,0 -1,0 +1,61 @@@ ++From: Werner Koch ++Date: Fri, 22 Feb 2019 14:09:02 +0100 ++Subject: agent: Fix for suggested Libgcrypt use. ++ ++* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter. ++-- ++ ++The libgcrypt docs say that a "flags" parameter should always be used ++in the input of pkdecrypt. Thus we should allow that parameter also ++when parsing an s-expression to figure out the algorithm for use with ++scdaemon. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit a12c3a566e2e4b10bc02976a2819070877ee895c) ++(cherry picked from commit 0a95b153811f36739d1b20f23920bad0bb07c68b) ++--- ++ agent/divert-scd.c | 17 ++++++++++++++++- ++ 1 file changed, 16 insertions(+), 1 deletion(-) ++ ++diff --git a/agent/divert-scd.c b/agent/divert-scd.c ++index 88b35cd..aff5055 100644 ++--- a/agent/divert-scd.c +++++ b/agent/divert-scd.c ++@@ -476,6 +476,7 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text, ++ char *kid; ++ const unsigned char *s; ++ size_t n; +++ int depth; ++ const unsigned char *ciphertext; ++ size_t ciphertextlen; ++ char *plaintext; ++@@ -484,7 +485,6 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text, ++ (void)desc_text; ++ ++ *r_padding = -1; ++- ++ s = cipher; ++ if (*s != '(') ++ return gpg_error (GPG_ERR_INV_SEXP); ++@@ -500,6 +500,21 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text, ++ n = snext (&s); ++ if (!n) ++ return gpg_error (GPG_ERR_INV_SEXP); +++ +++ /* First check whether we have a flags parameter and skip it. */ +++ if (smatch (&s, n, "flags")) +++ { +++ depth = 1; +++ if (sskip (&s, &depth) || depth) +++ return gpg_error (GPG_ERR_INV_SEXP); +++ if (*s != '(') +++ return gpg_error (GPG_ERR_INV_SEXP); +++ s++; +++ n = snext (&s); +++ if (!n) +++ return gpg_error (GPG_ERR_INV_SEXP); +++ } +++ ++ if (smatch (&s, n, "rsa")) ++ { ++ if (*s != '(') diff --cc debian/patches/from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch index 0000000,0000000..c9a549f new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch @@@ -1,0 -1,0 +1,63 @@@ ++From: NIIBE Yutaka ++Date: Fri, 25 Jan 2019 12:08:09 +0900 ++Subject: agent: Support --mode=ssh option for CLEAR_PASSPHRASE. ++ ++* agent/command.c (cmd_clear_passphrase): Add support for SSH. ++ ++-- ++ ++GnuPG-bug-id: 4340 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit ae966bbe9b16ed68a51391afdde615339755e22d) ++(cherry picked from commit 77a285a0a94994ee9b42289897f9bf3075c7192d) ++--- ++ agent/command.c | 18 ++++++++++-------- ++ 1 file changed, 10 insertions(+), 8 deletions(-) ++ ++diff --git a/agent/command.c b/agent/command.c ++index 60eb6ad..50385b8 100644 ++--- a/agent/command.c +++++ b/agent/command.c ++@@ -1568,19 +1568,24 @@ static const char hlp_clear_passphrase[] = ++ "may be used to invalidate the cache entry for a passphrase. The\n" ++ "function returns with OK even when there is no cached passphrase.\n" ++ "The --mode=normal option is used to clear an entry for a cacheid\n" ++- "added by the agent.\n"; +++ "added by the agent. The --mode=ssh option is used for a cacheid\n" +++ "added for ssh.\n"; ++ static gpg_error_t ++ cmd_clear_passphrase (assuan_context_t ctx, char *line) ++ { ++ ctrl_t ctrl = assuan_get_pointer (ctx); ++ char *cacheid = NULL; ++ char *p; ++- int opt_normal; +++ cache_mode_t cache_mode = CACHE_MODE_USER; ++ ++ if (ctrl->restricted) ++ return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); ++ ++- opt_normal = has_option (line, "--mode=normal"); +++ if (has_option (line, "--mode=normal")) +++ cache_mode = CACHE_MODE_NORMAL; +++ else if (has_option (line, "--mode=ssh")) +++ cache_mode = CACHE_MODE_SSH; +++ ++ line = skip_options (line); ++ ++ /* parse the stuff */ ++@@ -1593,12 +1598,9 @@ cmd_clear_passphrase (assuan_context_t ctx, char *line) ++ if (!*cacheid || strlen (cacheid) > 50) ++ return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID"); ++ ++- agent_put_cache (ctrl, cacheid, ++- opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER, ++- NULL, 0); +++ agent_put_cache (ctrl, cacheid, cache_mode, NULL, 0); ++ ++- agent_clear_passphrase (ctrl, cacheid, ++- opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER); +++ agent_clear_passphrase (ctrl, cacheid, cache_mode); ++ ++ return 0; ++ } diff --cc debian/patches/from-2.2.14/common-Fix-gnupg_wait_processes.patch index 0000000,0000000..b1b9ed4 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/common-Fix-gnupg_wait_processes.patch @@@ -1,0 -1,0 +1,82 @@@ ++From: NIIBE Yutaka ++Date: Tue, 19 Sep 2017 12:28:43 +0900 ++Subject: common: Fix gnupg_wait_processes. ++ ++* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes ++even if we already see an error. ++ ++-- ++ ++The value stored by waitpid for exit code is encoded; It requires ++decoded by WEXITSTATUS macro, regardless of an error. ++ ++For example, when one of processes is already exited and another is ++still running, it resulted wrong value of in r_exitcodes[n]. ++ ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit eeb3da6eb717ed6a1a1069a7611eb37503e8672d) ++--- ++ common/exechelp-posix.c | 50 +++++++++++++++++++++++++------------------------ ++ 1 file changed, 26 insertions(+), 24 deletions(-) ++ ++diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c ++index 7237993..3acf74a 100644 ++--- a/common/exechelp-posix.c +++++ b/common/exechelp-posix.c ++@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, ++ } ++ } ++ ++- if (ec == 0) ++- for (i = 0; i < count; i++) ++- { ++- if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) ++- { ++- log_error (_("error running '%s': probably not installed\n"), ++- pgmnames[i]); ++- ec = GPG_ERR_CONFIGURATION; ++- } ++- else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) ++- { ++- if (dummy) ++- log_error (_("error running '%s': exit status %d\n"), ++- pgmnames[i], WEXITSTATUS (r_exitcodes[i])); ++- else ++- r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); ++- ec = GPG_ERR_GENERAL; ++- } ++- else if (!WIFEXITED (r_exitcodes[i])) ++- { ++- log_error (_("error running '%s': terminated\n"), pgmnames[i]); ++- ec = GPG_ERR_GENERAL; ++- } ++- } +++ for (i = 0; i < count; i++) +++ { +++ if (r_exitcodes[i] == -1) +++ continue; +++ +++ if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) +++ { +++ log_error (_("error running '%s': probably not installed\n"), +++ pgmnames[i]); +++ ec = GPG_ERR_CONFIGURATION; +++ } +++ else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) +++ { +++ if (dummy) +++ log_error (_("error running '%s': exit status %d\n"), +++ pgmnames[i], WEXITSTATUS (r_exitcodes[i])); +++ else +++ r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); +++ ec = GPG_ERR_GENERAL; +++ } +++ else if (!WIFEXITED (r_exitcodes[i])) +++ { +++ log_error (_("error running '%s': terminated\n"), pgmnames[i]); +++ ec = GPG_ERR_GENERAL; +++ } +++ } ++ ++ xfree (dummy); ++ return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); diff --cc debian/patches/from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch index 0000000,0000000..57bb513 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch @@@ -1,0 -1,0 +1,87 @@@ ++From: Werner Koch ++Date: Thu, 7 Mar 2019 11:34:03 +0100 ++Subject: dirmngr: Add CSRF protection exception for protonmail. ++ ++* dirmngr/http.c (same_host_p): Add exception table. ++-- ++ ++Please: Adding entries to this table shall be an exception and not the ++rule. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 134c3c16523b1a267ebdd2df6339240fd9e1e3b3) ++(cherry picked from commit 557c721e787e7e6d311ccb48d8aa677123061cf5) ++--- ++ dirmngr/http.c | 45 ++++++++++++++++++++++++++++++++++++++++----- ++ 1 file changed, 40 insertions(+), 5 deletions(-) ++ ++diff --git a/dirmngr/http.c b/dirmngr/http.c ++index 9f4afc8..7fdd06a 100644 ++--- a/dirmngr/http.c +++++ b/dirmngr/http.c ++@@ -3514,16 +3514,51 @@ uri_query_lookup (parsed_uri_t uri, const char *key) ++ } ++ ++ ++-/* Return true if both URI point to the same host. */ +++/* Return true if both URI point to the same host for the purpose of +++ * redirection check. A is the original host and B the host given in +++ * the Location header. As a temporary workaround a fixed list of +++ * exceptions is also consulted. */ ++ static int ++ same_host_p (parsed_uri_t a, parsed_uri_t b) ++ { ++- return a->host && b->host && !ascii_strcasecmp (a->host, b->host); +++ static struct +++ { +++ const char *from; /* NULL uses the last entry from the table. */ +++ const char *to; +++ } allow[] = +++ { +++ { "protonmail.com", "api.protonmail.com" }, +++ { NULL, "api.protonmail.ch" }, +++ { "protonmail.ch", "api.protonmail.com" }, +++ { NULL, "api.protonmail.ch" } +++ }; +++ int i; +++ const char *from; +++ +++ if (!a->host || !b->host) +++ return 0; +++ +++ if (!ascii_strcasecmp (a->host, b->host)) +++ return 1; +++ +++ from = NULL; +++ for (i=0; i < DIM (allow); i++) +++ { +++ if (allow[i].from) +++ from = allow[i].from; +++ if (!from) +++ continue; +++ if (!ascii_strcasecmp (from, a->host) +++ && !ascii_strcasecmp (allow[i].to, b->host)) +++ return 1; +++ } +++ +++ return 0; ++ } ++ ++ ++ /* Prepare a new URL for a HTTP redirect. INFO has flags controlling ++- * the operaion, STATUS_CODE is used for diagnostics, LOCATION is the +++ * the operation, STATUS_CODE is used for diagnostics, LOCATION is the ++ * value of the "Location" header, and R_URL reveives the new URL on ++ * success or NULL or error. Note that INFO->ORIG_URL is ++ * required. */ ++@@ -3594,8 +3629,8 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code, ++ } ++ else if (same_host_p (origuri, locuri)) ++ { ++- /* The host is the same and thus we can take the location ++- * verbatim. */ +++ /* The host is the same or on an exception list and thus we can +++ * take the location verbatim. */ ++ http_release_parsed_uri (origuri); ++ http_release_parsed_uri (locuri); ++ newurl = xtrystrdup (location); diff --cc debian/patches/from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch index 0000000,0000000..868688b new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch @@@ -1,0 -1,0 +1,658 @@@ ++From: Werner Koch ++Date: Mon, 18 Mar 2019 13:07:14 +0100 ++Subject: gpg: Allow import of PGP desktop exported secret keys. ++ ++* g10/import.c (NODE_TRANSFER_SECKEY): New. ++(import): Add attic kludge. ++(transfer_secret_keys): Add arg only_marked. ++(resync_sec_with_pub_keyblock): Return removed seckeys via new arg ++r_removedsecs. ++(import_secret_one): New arg r_secattic. Change to take ownership of ++arg keyblock. Implement extra secret key import logic. Factor some ++code out to ... ++(do_transfer): New. ++(import_matching_seckeys): New. ++-- ++ ++The PGP desktops exported secret keys are really stupid. And they ++even a have kind of exception in rfc4880 which does not rule that ++out (section 11.2): ++ ++ [...] Implementations SHOULD include self-signatures on any user ++ IDs and subkeys, as this allows for a complete public key to be ++ automatically extracted from the transferable secret key. ++ Implementations MAY choose to omit the self-signatures, especially ++ if a transferable public key accompanies the transferable secret ++ key. ++ ++Now if they would only put the public key before the secret ++key. Anyway we now have a workaround for that ugliness. ++ ++GnuPG-bug-id: 4392 ++Signed-off-by: Werner Koch ++(cherry picked from commit 5205512fc092c53c0a52c8379ef2a129ce6e58a9) ++(cherry picked from commit 0e73214dd208fca4df26ac796416c6f25b3ae50d) ++--- ++ g10/import.c | 381 ++++++++++++++++++++++++++++++++++++++++++++++------------ ++ g10/keyedit.c | 2 +- ++ g10/main.h | 3 +- ++ 3 files changed, 307 insertions(+), 79 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index 2a01814..f76ca0c 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -1,6 +1,6 @@ ++ /* import.c - import a key into our key storage. ++ * Copyright (C) 1998-2007, 2010-2011 Free Software Foundation, Inc. ++- * Copyright (C) 2014, 2016, 2017 Werner Koch +++ * Copyright (C) 2014, 2016, 2017, 2019 Werner Koch ++ * ++ * This file is part of GnuPG. ++ * ++@@ -75,6 +75,8 @@ struct import_stats_s ++ #define NODE_DELETION_MARK 4 ++ /* A node flag used to temporary mark a node. */ ++ #define NODE_FLAG_A 8 +++/* A flag used by transfer_secret_keys. */ +++#define NODE_TRANSFER_SECKEY 16 ++ ++ ++ /* An object and a global instance to store selectors created from ++@@ -110,10 +112,15 @@ static gpg_error_t import_one (ctrl_t ctrl, ++ unsigned int options, int from_sk, int silent, ++ import_screener_t screener, void *screener_arg, ++ int origin, const char *url, int *r_valid); +++static gpg_error_t import_matching_seckeys ( +++ ctrl_t ctrl, kbnode_t seckeys, +++ const byte *mainfpr, size_t mainfprlen, +++ struct import_stats_s *stats, int batch); ++ static gpg_error_t import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ struct import_stats_s *stats, int batch, ++ unsigned int options, int for_migration, ++- import_screener_t screener, void *screener_arg); +++ import_screener_t screener, void *screener_arg, +++ kbnode_t *r_secattic); ++ static int import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options, ++ struct import_stats_s *stats); ++ static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, ++@@ -562,6 +569,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, ++ kbnode_t keyblock = NULL; /* Need to initialize because gcc can't ++ grasp the return semantics of ++ read_block. */ +++ kbnode_t secattic = NULL; /* Kludge for PGP desktop percularity */ ++ int rc = 0; ++ int v3keys; ++ ++@@ -582,18 +590,63 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, ++ { ++ stats->v3keys += v3keys; ++ if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) ++- rc = import_one (ctrl, keyblock, ++- stats, fpr, fpr_len, options, 0, 0, ++- screener, screener_arg, origin, url, NULL); +++ { +++ rc = import_one (ctrl, keyblock, +++ stats, fpr, fpr_len, options, 0, 0, +++ screener, screener_arg, origin, url, NULL); +++ if (secattic) +++ { +++ byte tmpfpr[MAX_FINGERPRINT_LEN]; +++ size_t tmpfprlen; +++ +++ if (!rc && !(opt.dry_run || (options & IMPORT_DRY_RUN))) +++ { +++ /* Kudge for PGP desktop - see below. */ +++ fingerprint_from_pk (keyblock->pkt->pkt.public_key, +++ tmpfpr, &tmpfprlen); +++ rc = import_matching_seckeys (ctrl, secattic, +++ tmpfpr, tmpfprlen, +++ stats, opt.batch); +++ } +++ release_kbnode (secattic); +++ secattic = NULL; +++ } +++ } ++ else if (keyblock->pkt->pkttype == PKT_SECRET_KEY) ++- rc = import_secret_one (ctrl, keyblock, stats, ++- opt.batch, options, 0, ++- screener, screener_arg); +++ { +++ release_kbnode (secattic); +++ secattic = NULL; +++ rc = import_secret_one (ctrl, keyblock, stats, +++ opt.batch, options, 0, +++ screener, screener_arg, &secattic); +++ keyblock = NULL; /* Ownership was transferred. */ +++ if (secattic) +++ { +++ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY) +++ rc = 0; /* Try import after the next pubkey. */ +++ +++ /* The attic is a workaround for the peculiar PGP +++ * Desktop method of exporting a secret key: The +++ * exported file is the concatenation of two armored +++ * keyblocks; first the private one and then the public +++ * one. The strange thing is that the secret one has no +++ * binding signatures at all and thus we have not +++ * imported it. The attic stores that secret keys and +++ * we try to import it once after the very next public +++ * keyblock. */ +++ } +++ } ++ else if (keyblock->pkt->pkttype == PKT_SIGNATURE ++ && IS_KEY_REV (keyblock->pkt->pkt.signature) ) ++- rc = import_revoke_cert (ctrl, keyblock, options, stats); +++ { +++ release_kbnode (secattic); +++ secattic = NULL; +++ rc = import_revoke_cert (ctrl, keyblock, options, stats); +++ } ++ else ++ { +++ release_kbnode (secattic); +++ secattic = NULL; ++ log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype); ++ } ++ release_kbnode (keyblock); ++@@ -619,6 +672,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, ++ else if (rc && gpg_err_code (rc) != GPG_ERR_INV_KEYRING) ++ log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (rc)); ++ +++ release_kbnode (secattic); ++ return rc; ++ } ++ ++@@ -655,8 +709,11 @@ import_old_secring (ctrl_t ctrl, const char *fname) ++ while (!(err = read_block (inp, 0, &pending_pkt, &keyblock, &v3keys))) ++ { ++ if (keyblock->pkt->pkttype == PKT_SECRET_KEY) ++- err = import_secret_one (ctrl, keyblock, stats, 1, 0, 1, ++- NULL, NULL); +++ { +++ err = import_secret_one (ctrl, keyblock, stats, 1, 0, 1, +++ NULL, NULL, NULL); +++ keyblock = NULL; /* Ownership was transferred. */ +++ } ++ release_kbnode (keyblock); ++ if (err) ++ break; ++@@ -2159,12 +2216,15 @@ import_one (ctrl_t ctrl, ++ ++ ++ /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The ++- function prints diagnostics and returns an error code. If BATCH is ++- true the secret keys are stored by gpg-agent in the transfer format ++- (i.e. no re-protection and aksing for passphrases). */ +++ * function prints diagnostics and returns an error code. If BATCH is +++ * true the secret keys are stored by gpg-agent in the transfer format +++ * (i.e. no re-protection and aksing for passphrases). If ONLY_MARKED +++ * is set, only those nodes with flag NODE_TRANSFER_SECKEY are +++ * processed. */ ++ gpg_error_t ++ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, ++- kbnode_t sec_keyblock, int batch, int force) +++ kbnode_t sec_keyblock, int batch, int force, +++ int only_marked) ++ { ++ gpg_error_t err = 0; ++ void *kek = NULL; ++@@ -2205,12 +2265,16 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, ++ xfree (kek); ++ kek = NULL; ++ +++ /* Note: We need to use walk_kbnode so that we skip nodes which are +++ * marked as deleted. */ ++ main_pk = NULL; ++ while ((node = walk_kbnode (sec_keyblock, &ctx, 0))) ++ { ++ if (node->pkt->pkttype != PKT_SECRET_KEY ++ && node->pkt->pkttype != PKT_SECRET_SUBKEY) ++ continue; +++ if (only_marked && !(node->flag & NODE_TRANSFER_SECKEY)) +++ continue; ++ pk = node->pkt->pkt.public_key; ++ if (!main_pk) ++ main_pk = pk; ++@@ -2508,12 +2572,15 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) ++ /* Delete all notes in the keyblock at R_KEYBLOCK which are not in ++ * PUB_KEYBLOCK. Modifies the tags of both keyblock's nodes. */ ++ static gpg_error_t ++-resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock) +++resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock, +++ kbnode_t *r_removedsecs) ++ { ++ kbnode_t sec_keyblock = *r_keyblock; ++- kbnode_t node; +++ kbnode_t node, prevnode; ++ unsigned int *taglist; ++ unsigned int ntaglist, n; +++ kbnode_t attic = NULL; +++ kbnode_t *attic_head = &attic; ++ ++ /* Collect all tags in an array for faster searching. */ ++ for (ntaglist = 0, node = pub_keyblock; node; node = node->next) ++@@ -2525,40 +2592,188 @@ resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock) ++ taglist[ntaglist++] = node->tag; ++ ++ /* Walks over the secret keyblock and delete all nodes which are not ++- * in the tag list. Those nodes have been delete in the ++- * pub_keyblock. Sequential search is a bit lazt and could be ++- * optimized by sorting and bsearch; however secret key rings are ++- * short and there are easier weaus to DoS gpg. */ ++- for (node = sec_keyblock; node; node = node->next) +++ * in the tag list. Those nodes have been deleted in the +++ * pub_keyblock. Sequential search is a bit lazy and could be +++ * optimized by sorting and bsearch; however secret keyrings are +++ * short and there are easier ways to DoS the import. */ +++ again: +++ for (prevnode=NULL, node=sec_keyblock; node; prevnode=node, node=node->next) ++ { ++ for (n=0; n < ntaglist; n++) ++ if (taglist[n] == node->tag) ++ break; ++- if (n == ntaglist) ++- delete_kbnode (node); +++ if (n == ntaglist) /* Not in public keyblock. */ +++ { +++ if (node->pkt->pkttype == PKT_SECRET_KEY +++ || node->pkt->pkttype == PKT_SECRET_SUBKEY) +++ { +++ if (!prevnode) +++ sec_keyblock = node->next; +++ else +++ prevnode->next = node->next; +++ node->next = NULL; +++ *attic_head = node; +++ attic_head = &node->next; +++ goto again; /* That's lame; I know. */ +++ } +++ else +++ delete_kbnode (node); +++ } ++ } ++ ++ xfree (taglist); ++ ++ /* Commit the as deleted marked nodes and return the possibly ++- * modified keyblock. */ +++ * modified keyblock and a list of removed secret key nodes. */ ++ commit_kbnode (&sec_keyblock); ++ *r_keyblock = sec_keyblock; +++ *r_removedsecs = attic; ++ return 0; ++ } ++ ++ ++-/**************** ++- * Ditto for secret keys. Handling is simpler than for public keys. ++- * We allow secret key importing only when allow is true, this is so ++- * that a secret key can not be imported accidentally and thereby tampering ++- * with the trust calculation. +++/* Helper for import_secret_one. */ +++static gpg_error_t +++do_transfer (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk, +++ struct import_stats_s *stats, int batch, int only_marked) +++ +++{ +++ gpg_error_t err; +++ struct import_stats_s subkey_stats = {0}; +++ +++ err = transfer_secret_keys (ctrl, &subkey_stats, keyblock, +++ batch, 0, only_marked); +++ if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED) +++ { +++ /* TRANSLATORS: For a smartcard, each private key on host has a +++ * reference (stub) to a smartcard and actual private key data +++ * is stored on the card. A single smartcard can have up to +++ * three private key data. Importing private key stub is always +++ * skipped in 2.1, and it returns GPG_ERR_NOT_PROCESSED. +++ * Instead, user should be suggested to run 'gpg --card-status', +++ * then, references to a card will be automatically created +++ * again. */ +++ log_info (_("To migrate '%s', with each smartcard, " +++ "run: %s\n"), "secring.gpg", "gpg --card-status"); +++ err = 0; +++ } +++ +++ if (!err) +++ { +++ int status = 16; +++ +++ if (!opt.quiet) +++ log_info (_("key %s: secret key imported\n"), keystr_from_pk (pk)); +++ if (subkey_stats.secret_imported) +++ { +++ status |= 1; +++ stats->secret_imported += 1; +++ } +++ if (subkey_stats.secret_dups) +++ stats->secret_dups += 1; +++ +++ if (is_status_enabled ()) +++ print_import_ok (pk, status); +++ } +++ +++ return err; +++} +++ +++ +++/* If the secret keys (main or subkey) in SECKEYS have a corresponding +++ * public key in the public key described by (FPR,FPRLEN) import these +++ * parts. +++ */ +++static gpg_error_t +++import_matching_seckeys (ctrl_t ctrl, kbnode_t seckeys, +++ const byte *mainfpr, size_t mainfprlen, +++ struct import_stats_s *stats, int batch) +++{ +++ gpg_error_t err; +++ kbnode_t pub_keyblock = NULL; +++ kbnode_t node; +++ struct { byte fpr[MAX_FINGERPRINT_LEN]; size_t fprlen; } *fprlist = NULL; +++ size_t n, nfprlist; +++ byte fpr[MAX_FINGERPRINT_LEN]; +++ size_t fprlen; +++ PKT_public_key *pk; +++ +++ /* Get the entire public key block from our keystore and put all its +++ * fingerprints into an array. */ +++ err = get_pubkey_byfprint (ctrl, NULL, &pub_keyblock, mainfpr, mainfprlen); +++ if (err) +++ goto leave; +++ log_assert (pub_keyblock && pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY); +++ pk = pub_keyblock->pkt->pkt.public_key; +++ +++ for (nfprlist = 0, node = pub_keyblock; node; node = node->next) +++ if (node->pkt->pkttype == PKT_PUBLIC_KEY +++ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) +++ nfprlist++; +++ log_assert (nfprlist); +++ fprlist = xtrycalloc (nfprlist, sizeof *fprlist); +++ if (!fprlist) +++ { +++ err = gpg_error_from_syserror (); +++ goto leave; +++ } +++ for (n = 0, node = pub_keyblock; node; node = node->next) +++ if (node->pkt->pkttype == PKT_PUBLIC_KEY +++ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) +++ { +++ fingerprint_from_pk (node->pkt->pkt.public_key, +++ fprlist[n].fpr, &fprlist[n].fprlen); +++ n++; +++ } +++ log_assert (n == nfprlist); +++ +++ /* for (n=0; n < nfprlist; n++) */ +++ /* log_printhex (fprlist[n].fpr, fprlist[n].fprlen, "pubkey %zu:", n); */ +++ +++ /* Mark all secret keys which have a matching public key part in +++ * PUB_KEYBLOCK. */ +++ for (node = seckeys; node; node = node->next) +++ { +++ if (node->pkt->pkttype != PKT_SECRET_KEY +++ && node->pkt->pkttype != PKT_SECRET_SUBKEY) +++ continue; /* Should not happen. */ +++ fingerprint_from_pk (node->pkt->pkt.public_key, fpr, &fprlen); +++ node->flag &= ~NODE_TRANSFER_SECKEY; +++ for (n=0; n < nfprlist; n++) +++ if (fprlist[n].fprlen == fprlen && !memcmp (fprlist[n].fpr,fpr,fprlen)) +++ { +++ node->flag |= NODE_TRANSFER_SECKEY; +++ /* log_debug ("found matching seckey\n"); */ +++ break; +++ } +++ } +++ +++ /* Transfer all marked keys. */ +++ err = do_transfer (ctrl, seckeys, pk, stats, batch, 1); +++ +++ leave: +++ xfree (fprlist); +++ release_kbnode (pub_keyblock); +++ return err; +++} +++ +++ +++/* Import function for a single secret keyblock. Handling is simpler +++ * than for public keys. We allow secret key importing only when +++ * allow is true, this is so that a secret key can not be imported +++ * accidentally and thereby tampering with the trust calculation. +++ * +++ * Ownership of KEYBLOCK is transferred to this function! +++ * +++ * If R_SECATTIC is not null the last special sec_keyblock is stored +++ * there. ++ */ ++ static gpg_error_t ++ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ struct import_stats_s *stats, int batch, ++ unsigned int options, int for_migration, ++- import_screener_t screener, void *screener_arg) +++ import_screener_t screener, void *screener_arg, +++ kbnode_t *r_secattic) ++ { ++ PKT_public_key *pk; ++ struct seckey_info *ski; ++@@ -2567,6 +2782,9 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ gpg_error_t err = 0; ++ int nr_prev; ++ kbnode_t pub_keyblock; +++ kbnode_t attic = NULL; +++ byte fpr[MAX_FINGERPRINT_LEN]; +++ size_t fprlen; ++ char pkstrbuf[PUBKEY_STRING_SIZE]; ++ ++ /* Get the key and print some info about it */ ++@@ -2576,6 +2794,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ ++ pk = node->pkt->pkt.public_key; ++ +++ fingerprint_from_pk (pk, fpr, &fprlen); ++ keyid_from_pk (pk, keyid); ++ uidnode = find_next_kbnode (keyblock, PKT_USER_ID); ++ ++@@ -2583,6 +2802,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ { ++ log_error (_("secret key %s: %s\n"), keystr_from_pk (pk), ++ _("rejected by import screener")); +++ release_kbnode (keyblock); ++ return 0; ++ } ++ ++@@ -2602,6 +2822,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ { ++ if (!for_migration) ++ log_error (_("importing secret keys not allowed\n")); +++ release_kbnode (keyblock); ++ return 0; ++ } ++ ++@@ -2609,6 +2830,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ { ++ if (!for_migration) ++ log_error( _("key %s: no user ID\n"), keystr_from_pk (pk)); +++ release_kbnode (keyblock); ++ return 0; ++ } ++ ++@@ -2617,6 +2839,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ { ++ /* Actually an internal error. */ ++ log_error ("key %s: secret key info missing\n", keystr_from_pk (pk)); +++ release_kbnode (keyblock); ++ return 0; ++ } ++ ++@@ -2627,6 +2850,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ if (!for_migration) ++ log_error (_("key %s: secret key with invalid cipher %d" ++ " - skipped\n"), keystr_from_pk (pk), ski->algo); +++ release_kbnode (keyblock); ++ return 0; ++ } ++ ++@@ -2637,6 +2861,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ to put a secret key into the keyring and the user might later ++ be tricked into signing stuff with that key. */ ++ log_error (_("importing secret keys not allowed\n")); +++ release_kbnode (keyblock); ++ return 0; ++ } ++ #endif ++@@ -2668,16 +2893,43 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ * the public keyblock. Otherwise we would import just the ++ * secret key without having the public key. That would be ++ * surprising and clutters out private-keys-v1.d. */ ++- err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock); +++ err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock, &attic); ++ if (err) ++ goto leave; ++ ++ if (!valid) ++ { ++- err = gpg_error (GPG_ERR_NO_SECKEY); +++ /* If the block was not valid the primary key is left in the +++ * original keyblock because we require that for the first +++ * node. Move it to ATTIC. */ +++ if (keyblock && keyblock->pkt->pkttype == PKT_SECRET_KEY) +++ { +++ node = keyblock; +++ keyblock = node->next; +++ node->next = NULL; +++ if (attic) +++ { +++ node->next = attic; +++ attic = node; +++ } +++ else +++ attic = node; +++ } +++ +++ /* Try to import the secret key iff we have a public key. */ +++ if (attic && !(opt.dry_run || (options & IMPORT_DRY_RUN))) +++ err = import_matching_seckeys (ctrl, attic, fpr, fprlen, +++ stats, batch); +++ else +++ err = gpg_error (GPG_ERR_NO_SECKEY); ++ goto leave; ++ } ++ +++ /* log_debug ("attic is:\n"); */ +++ /* dump_kbnode (attic); */ +++ +++ /* Proceed with the valid parts of PUBKEYBLOCK. */ +++ ++ /* At least we cancel the secret key import when the public key ++ import was skipped due to MERGE_ONLY option and a new ++ key. */ ++@@ -2686,62 +2938,37 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ { ++ /* Read the keyblock again to get the effects of a merge for ++ * the public key. */ ++- /* Fixme: we should do this based on the fingerprint or ++- even better let import_one return the merged ++- keyblock. */ ++- node = get_pubkeyblock (ctrl, keyid); ++- if (!node) ++- log_error ("key %s: failed to re-lookup public key\n", ++- keystr_from_pk (pk)); +++ err = get_pubkey_byfprint (ctrl, NULL, &node, fpr, fprlen); +++ if (err || !node) +++ log_error ("key %s: failed to re-lookup public key: %s\n", +++ keystr_from_pk (pk), gpg_strerror (err)); ++ else ++ { ++- /* transfer_secret_keys collects subkey stats. */ ++- struct import_stats_s subkey_stats = {0}; +++ err = do_transfer (ctrl, keyblock, pk, stats, batch, 0); +++ if (!err) +++ check_prefs (ctrl, node); +++ release_kbnode (node); ++ ++- err = transfer_secret_keys (ctrl, &subkey_stats, keyblock, ++- batch, 0); ++- if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED) +++ if (!err && attic) ++ { ++- /* TRANSLATORS: For smartcard, each private key on ++- host has a reference (stub) to a smartcard and ++- actual private key data is stored on the card. A ++- single smartcard can have up to three private key ++- data. Importing private key stub is always ++- skipped in 2.1, and it returns ++- GPG_ERR_NOT_PROCESSED. Instead, user should be ++- suggested to run 'gpg --card-status', then, ++- references to a card will be automatically ++- created again. */ ++- log_info (_("To migrate '%s', with each smartcard, " ++- "run: %s\n"), "secring.gpg", "gpg --card-status"); ++- err = 0; +++ /* Try to import invalid subkeys. This can be the +++ * case if the primary secret key was imported due +++ * to --allow-non-selfsigned-uid. */ +++ err = import_matching_seckeys (ctrl, attic, fpr, fprlen, +++ stats, batch); ++ } ++- if (!err) ++- { ++- int status = 16; ++- if (!opt.quiet) ++- log_info (_("key %s: secret key imported\n"), ++- keystr_from_pk (pk)); ++- if (subkey_stats.secret_imported) ++- { ++- status |= 1; ++- stats->secret_imported += 1; ++- } ++- if (subkey_stats.secret_dups) ++- stats->secret_dups += 1; ++- ++- if (is_status_enabled ()) ++- print_import_ok (pk, status); ++ ++- check_prefs (ctrl, node); ++- } ++- release_kbnode (node); ++ } ++ } ++ } ++ ++ leave: +++ release_kbnode (keyblock); ++ release_kbnode (pub_keyblock); +++ if (r_secattic) +++ *r_secattic = attic; +++ else +++ release_kbnode (attic); ++ return err; ++ } ++ ++diff --git a/g10/keyedit.c b/g10/keyedit.c ++index f95f02f..742dfba 100644 ++--- a/g10/keyedit.c +++++ b/g10/keyedit.c ++@@ -1894,7 +1894,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, ++ node = new_kbnode (pkt); ++ ++ /* Transfer it to gpg-agent which handles secret keys. */ ++- err = transfer_secret_keys (ctrl, NULL, node, 1, 1); +++ err = transfer_secret_keys (ctrl, NULL, node, 1, 1, 0); ++ ++ /* Treat the pkt as a public key. */ ++ pkt->pkttype = PKT_PUBLIC_KEY; ++diff --git a/g10/main.h b/g10/main.h ++index dcd3767..d3d6060 100644 ++--- a/g10/main.h +++++ b/g10/main.h ++@@ -376,7 +376,8 @@ struct impex_filter_parm_s ++ ++ const char *impex_filter_getval (void *cookie, const char *propname); ++ gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, ++- kbnode_t sec_keyblock, int batch, int force); +++ kbnode_t sec_keyblock, int batch, int force, +++ int only_marked); ++ ++ int collapse_uids( KBNODE *keyblock ); ++ diff --cc debian/patches/from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch index 0000000,0000000..43bd524 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch @@@ -1,0 -1,0 +1,367 @@@ ++From: Werner Koch ++Date: Fri, 15 Mar 2019 19:50:37 +0100 ++Subject: gpg: Avoid importing secret keys if the keyblock is not valid. ++ ++* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by ++new field TAG. ++* g10/kbnode.c (alloc_node): Change accordingly. ++* g10/import.c (import_one): Add arg r_valid. ++(sec_to_pub_keyblock): Set tags. ++(resync_sec_with_pub_keyblock): New. ++(import_secret_one): Change return code to gpg_error_t. Return an ++error code if sec_to_pub_keyblock failed. Resync secret keyblock. ++-- ++ ++When importing an invalid secret key ring for example without key ++binding signatures or no UIDs, gpg used to let gpg-agent store the ++secret keys anyway. This is clearly a bug because the diagnostics ++before claimed that for example the subkeys have been skipped. ++Importing the secret key parameters then anyway is surprising in ++particular because a gpg -k does not show the key. After importing ++the public key the secret keys suddenly showed up. ++ ++This changes the behaviour of ++GnuPG-bug-id: 4392 ++to me more consistent but is not a solution to the actual bug. ++ ++Caution: The ecc.scm test now fails because two of the sample keys ++ don't have binding signatures. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit f799e9728bcadb3d4148a47848c78c5647860ea4) ++(cherry picked from commit 43b23aa82be7e02414398af506986b812e2b9349) ++--- ++ g10/import.c | 122 ++++++++++++++++++++++++++++++++-------- ++ g10/kbnode.c | 2 +- ++ g10/keydb.h | 13 +++-- ++ tests/openpgp/ecc.scm | 2 +- ++ tests/openpgp/samplekeys/README | 2 + ++ 5 files changed, 111 insertions(+), 30 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index a5f4f38..2a01814 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -109,8 +109,8 @@ static gpg_error_t import_one (ctrl_t ctrl, ++ unsigned char **fpr, size_t *fpr_len, ++ unsigned int options, int from_sk, int silent, ++ import_screener_t screener, void *screener_arg, ++- int origin, const char *url); ++-static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock, +++ int origin, const char *url, int *r_valid); +++static gpg_error_t import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ struct import_stats_s *stats, int batch, ++ unsigned int options, int for_migration, ++ import_screener_t screener, void *screener_arg); ++@@ -584,7 +584,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, ++ if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) ++ rc = import_one (ctrl, keyblock, ++ stats, fpr, fpr_len, options, 0, 0, ++- screener, screener_arg, origin, url); +++ screener, screener_arg, origin, url, NULL); ++ else if (keyblock->pkt->pkttype == PKT_SECRET_KEY) ++ rc = import_secret_one (ctrl, keyblock, stats, ++ opt.batch, options, 0, ++@@ -1654,7 +1654,9 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) ++ * programs which called gpg. If SILENT is no messages are printed - ++ * even most error messages are suppressed. ORIGIN is the origin of ++ * the key (0 for unknown) and URL the corresponding URL. FROM_SK ++- * indicates that the key has been made from a secret key. +++ * indicates that the key has been made from a secret key. If R_SAVED +++ * is not NULL a boolean will be stored indicating whether the keyblock +++ * has valid parts. ++ */ ++ static gpg_error_t ++ import_one (ctrl_t ctrl, ++@@ -1662,7 +1664,7 @@ import_one (ctrl_t ctrl, ++ unsigned char **fpr, size_t *fpr_len, unsigned int options, ++ int from_sk, int silent, ++ import_screener_t screener, void *screener_arg, ++- int origin, const char *url) +++ int origin, const char *url, int *r_valid) ++ { ++ gpg_error_t err = 0; ++ PKT_public_key *pk; ++@@ -1681,6 +1683,9 @@ import_one (ctrl_t ctrl, ++ int any_filter = 0; ++ KEYDB_HANDLE hd = NULL; ++ +++ if (r_valid) +++ *r_valid = 0; +++ ++ /* If show-only is active we don't won't any extra output. */ ++ if ((options & (IMPORT_SHOW | IMPORT_DRY_RUN))) ++ silent = 1; ++@@ -1701,7 +1706,7 @@ import_one (ctrl_t ctrl, ++ if (opt.verbose && !opt.interactive && !silent && !from_sk) ++ { ++ /* Note that we do not print this info in FROM_SK mode ++- * because import_one already printed that. */ +++ * because import_secret_one already printed that. */ ++ log_info ("pub %s/%s %s ", ++ pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), ++ keystr_from_pk(pk), datestr_from_pk(pk) ); ++@@ -1827,6 +1832,10 @@ import_one (ctrl_t ctrl, ++ return 0; ++ } ++ +++ /* The keyblock is valid and ready for real import. */ +++ if (r_valid) +++ *r_valid = 1; +++ ++ /* Show the key in the form it is merged or inserted. We skip this ++ * if "import-export" is also active without --armor or the output ++ * file has explicily been given. */ ++@@ -2440,14 +2449,21 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, ++ ++ ++ /* Walk a secret keyblock and produce a public keyblock out of it. ++- Returns a new node or NULL on error. */ +++ * Returns a new node or NULL on error. Modifies the tag field of the +++ * nodes. */ ++ static kbnode_t ++ sec_to_pub_keyblock (kbnode_t sec_keyblock) ++ { ++ kbnode_t pub_keyblock = NULL; ++ kbnode_t ctx = NULL; ++ kbnode_t secnode, pubnode; +++ unsigned int tag = 0; +++ +++ /* Set a tag to all nodes. */ +++ for (secnode = sec_keyblock; secnode; secnode = secnode->next) +++ secnode->tag = ++tag; ++ +++ /* Copy. */ ++ while ((secnode = walk_kbnode (sec_keyblock, &ctx, 0))) ++ { ++ if (secnode->pkt->pkttype == PKT_SECRET_KEY ++@@ -2477,6 +2493,7 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) ++ { ++ pubnode = clone_kbnode (secnode); ++ } +++ pubnode->tag = secnode->tag; ++ ++ if (!pub_keyblock) ++ pub_keyblock = pubnode; ++@@ -2487,23 +2504,67 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) ++ return pub_keyblock; ++ } ++ +++ +++/* Delete all notes in the keyblock at R_KEYBLOCK which are not in +++ * PUB_KEYBLOCK. Modifies the tags of both keyblock's nodes. */ +++static gpg_error_t +++resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock) +++{ +++ kbnode_t sec_keyblock = *r_keyblock; +++ kbnode_t node; +++ unsigned int *taglist; +++ unsigned int ntaglist, n; +++ +++ /* Collect all tags in an array for faster searching. */ +++ for (ntaglist = 0, node = pub_keyblock; node; node = node->next) +++ ntaglist++; +++ taglist = xtrycalloc (ntaglist, sizeof *taglist); +++ if (!taglist) +++ return gpg_error_from_syserror (); +++ for (ntaglist = 0, node = pub_keyblock; node; node = node->next) +++ taglist[ntaglist++] = node->tag; +++ +++ /* Walks over the secret keyblock and delete all nodes which are not +++ * in the tag list. Those nodes have been delete in the +++ * pub_keyblock. Sequential search is a bit lazt and could be +++ * optimized by sorting and bsearch; however secret key rings are +++ * short and there are easier weaus to DoS gpg. */ +++ for (node = sec_keyblock; node; node = node->next) +++ { +++ for (n=0; n < ntaglist; n++) +++ if (taglist[n] == node->tag) +++ break; +++ if (n == ntaglist) +++ delete_kbnode (node); +++ } +++ +++ xfree (taglist); +++ +++ /* Commit the as deleted marked nodes and return the possibly +++ * modified keyblock. */ +++ commit_kbnode (&sec_keyblock); +++ *r_keyblock = sec_keyblock; +++ return 0; +++} +++ +++ ++ /**************** ++ * Ditto for secret keys. Handling is simpler than for public keys. ++ * We allow secret key importing only when allow is true, this is so ++ * that a secret key can not be imported accidentally and thereby tampering ++ * with the trust calculation. ++ */ ++-static int +++static gpg_error_t ++ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++- struct import_stats_s *stats, int batch, unsigned int options, ++- int for_migration, +++ struct import_stats_s *stats, int batch, +++ unsigned int options, int for_migration, ++ import_screener_t screener, void *screener_arg) ++ { ++ PKT_public_key *pk; ++ struct seckey_info *ski; ++ kbnode_t node, uidnode; ++ u32 keyid[2]; ++- int rc = 0; +++ gpg_error_t err = 0; ++ int nr_prev; ++ kbnode_t pub_keyblock; ++ char pkstrbuf[PUBKEY_STRING_SIZE]; ++@@ -2527,7 +2588,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ ++ if (opt.verbose && !for_migration) ++ { ++- log_info ("sec %s/%s %s ", +++ log_info ("sec %s/%s %s ", ++ pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), ++ keystr_from_pk (pk), datestr_from_pk (pk)); ++ if (uidnode) ++@@ -2587,20 +2648,35 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ /* Make a public key out of the key. */ ++ pub_keyblock = sec_to_pub_keyblock (keyblock); ++ if (!pub_keyblock) ++- log_error ("key %s: failed to create public key from secret key\n", ++- keystr_from_pk (pk)); +++ { +++ err = gpg_error_from_syserror (); +++ log_error ("key %s: failed to create public key from secret key\n", +++ keystr_from_pk (pk)); +++ } ++ else ++ { +++ int valid; +++ ++ /* Note that this outputs an IMPORT_OK status message for the ++ public key block, and below we will output another one for ++ the secret keys. FIXME? */ ++ import_one (ctrl, pub_keyblock, stats, ++ NULL, NULL, options, 1, for_migration, ++- screener, screener_arg, 0, NULL); +++ screener, screener_arg, 0, NULL, &valid); ++ ++- /* Fixme: We should check for an invalid keyblock and ++- cancel the secret key import in this case. */ ++- release_kbnode (pub_keyblock); +++ /* The secret keyblock may not have nodes which are deleted in +++ * the public keyblock. Otherwise we would import just the +++ * secret key without having the public key. That would be +++ * surprising and clutters out private-keys-v1.d. */ +++ err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock); +++ if (err) +++ goto leave; +++ +++ if (!valid) +++ { +++ err = gpg_error (GPG_ERR_NO_SECKEY); +++ goto leave; +++ } ++ ++ /* At least we cancel the secret key import when the public key ++ import was skipped due to MERGE_ONLY option and a new ++@@ -2608,7 +2684,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ if (!(opt.dry_run || (options & IMPORT_DRY_RUN)) ++ && stats->skipped_new_keys <= nr_prev) ++ { ++- /* Read the keyblock again to get the effects of a merge. */ +++ /* Read the keyblock again to get the effects of a merge for +++ * the public key. */ ++ /* Fixme: we should do this based on the fingerprint or ++ even better let import_one return the merged ++ keyblock. */ ++@@ -2618,8 +2695,6 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ keystr_from_pk (pk)); ++ else ++ { ++- gpg_error_t err; ++- ++ /* transfer_secret_keys collects subkey stats. */ ++ struct import_stats_s subkey_stats = {0}; ++ ++@@ -2657,6 +2732,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ ++ if (is_status_enabled ()) ++ print_import_ok (pk, status); +++ ++ check_prefs (ctrl, node); ++ } ++ release_kbnode (node); ++@@ -2664,7 +2740,9 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ } ++ } ++ ++- return rc; +++ leave: +++ release_kbnode (pub_keyblock); +++ return err; ++ } ++ ++ ++diff --git a/g10/kbnode.c b/g10/kbnode.c ++index c2aaacd..9ed6caf 100644 ++--- a/g10/kbnode.c +++++ b/g10/kbnode.c ++@@ -68,8 +68,8 @@ alloc_node (void) ++ n->next = NULL; ++ n->pkt = NULL; ++ n->flag = 0; +++ n->tag = 0; ++ n->private_flag=0; ++- n->recno = 0; ++ return n; ++ } ++ ++diff --git a/g10/keydb.h b/g10/keydb.h ++index 6fb4e5e..7aa2048 100644 ++--- a/g10/keydb.h +++++ b/g10/keydb.h ++@@ -52,12 +52,13 @@ typedef struct getkey_ctx_s *getkey_ctx_t; ++ * This structure is also used to bind arbitrary packets together. ++ */ ++ ++-struct kbnode_struct { ++- KBNODE next; ++- PACKET *pkt; ++- int flag; ++- int private_flag; ++- ulong recno; /* used while updating the trustdb */ +++struct kbnode_struct +++{ +++ kbnode_t next; +++ PACKET *pkt; +++ int flag; /* Local use during keyblock processing (not cloned).*/ +++ unsigned int tag; /* Ditto. */ +++ int private_flag; ++ }; ++ ++ #define is_deleted_kbnode(a) ((a)->private_flag & 1) ++diff --git a/tests/openpgp/ecc.scm b/tests/openpgp/ecc.scm ++index d7c02a5..a63ec45 100755 ++--- a/tests/openpgp/ecc.scm +++++ b/tests/openpgp/ecc.scm ++@@ -175,7 +175,7 @@ Rg== ++ (display "This is one line\n" (fdopen fd "wb"))) ++ ++ (for-each-p ++- "Checking ECDSA decryption" +++ "Checking ECDH decryption" ++ (lambda (test) ++ (lettmp (x y) ++ (call-with-output-file ++diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README ++index 9f1648b..f8a7e9e 100644 ++--- a/tests/openpgp/samplekeys/README +++++ b/tests/openpgp/samplekeys/README ++@@ -29,3 +29,5 @@ Notes: ++ such a file is created which is then directly followed by a separate ++ armored public key block. To create such a sample concatenate ++ pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc +++- ecc-sample-2-sec.asc and ecc-sample-3-sec.asc do not have and +++ binding signatures either. ecc-sample-1-sec.asc has them, though. diff --cc debian/patches/from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch index 0000000,0000000..97ae61a new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch @@@ -1,0 -1,0 +1,121 @@@ ++From: Werner Koch ++Date: Mon, 18 Mar 2019 14:10:16 +0100 ++Subject: gpg: Do not bail out on v5 keys in the local keyring. ++ ++* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION ++instead of invalid packet. ++* g10/keydb.c (parse_keyblock_image): Do not map the unknown version ++error to invalid keyring. ++(keydb_search): Skip unknown version errors simlar to legacy keys. ++* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown ++versions. ++* g10/import.c (read_block): Handle unknown version. ++-- ++ ++When using gpg 2.3 the local keyring may contain v5 keys. This patch ++allows the use of such a keyring also with a 2.2 version which does ++not support v5 keys. We will probably need some more tweaking here ++but this covers the most common cases of listing keys and also ++importing v5 keys. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit de70a2f377c1647417fb8a2b6476c3744a901296) ++--- ++ g10/import.c | 6 ++++-- ++ g10/keydb.c | 13 +++++++++---- ++ g10/keylist.c | 2 ++ ++ g10/keyring.c | 2 ++ ++ g10/parse-packet.c | 2 +- ++ 5 files changed, 18 insertions(+), 7 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index f76ca0c..aeab4e0 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -860,12 +860,14 @@ read_block( IOBUF a, int with_meta, ++ skip_sigs = 0; ++ while ((rc=parse_packet (&parsectx, pkt)) != -1) ++ { ++- if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY +++ if (rc && ((gpg_err_code (rc) == GPG_ERR_LEGACY_KEY +++ || gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) ++ && (pkt->pkttype == PKT_PUBLIC_KEY ++ || pkt->pkttype == PKT_SECRET_KEY))) ++ { ++ in_v3key = 1; ++- ++*r_v3keys; +++ if (gpg_err_code (rc) != GPG_ERR_UNKNOWN_VERSION) +++ ++*r_v3keys; ++ free_packet (pkt, &parsectx); ++ init_packet (pkt); ++ continue; ++diff --git a/g10/keydb.c b/g10/keydb.c ++index 03fadfd..0475f85 100644 ++--- a/g10/keydb.c +++++ b/g10/keydb.c ++@@ -1249,9 +1249,12 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, ++ } ++ if (err) ++ { ++- log_error ("parse_keyblock_image: read error: %s\n", ++- gpg_strerror (err)); ++- err = gpg_error (GPG_ERR_INV_KEYRING); +++ if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) +++ { +++ log_error ("parse_keyblock_image: read error: %s\n", +++ gpg_strerror (err)); +++ err = gpg_error (GPG_ERR_INV_KEYRING); +++ } ++ break; ++ } ++ ++@@ -1955,7 +1958,9 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, ++ rc = keybox_search (hd->active[hd->current].u.kb, desc, ++ ndesc, KEYBOX_BLOBTYPE_PGP, ++ descindex, &hd->skipped_long_blobs); ++- while (rc == GPG_ERR_LEGACY_KEY); +++ while (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY +++ || gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) +++ ; ++ break; ++ } ++ ++diff --git a/g10/keylist.c b/g10/keylist.c ++index 7b3fde1..85fcdba 100644 ++--- a/g10/keylist.c +++++ b/g10/keylist.c ++@@ -527,6 +527,8 @@ list_all (ctrl_t ctrl, int secret, int mark_secret) ++ { ++ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) ++ continue; /* Skip legacy keys. */ +++ if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) +++ continue; /* Skip keys with unknown versions. */ ++ log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc)); ++ goto leave; ++ } ++diff --git a/g10/keyring.c b/g10/keyring.c ++index 25ef507..a8dd462 100644 ++--- a/g10/keyring.c +++++ b/g10/keyring.c ++@@ -1476,6 +1476,8 @@ keyring_rebuild_cache (ctrl_t ctrl, void *token, int noisy) ++ { ++ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) ++ continue; /* Skip legacy keys. */ +++ if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) +++ continue; /* Skip keys with unknown version. */ ++ log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc)); ++ goto leave; ++ } ++diff --git a/g10/parse-packet.c b/g10/parse-packet.c ++index ff348ec..05f63e9 100644 ++--- a/g10/parse-packet.c +++++ b/g10/parse-packet.c ++@@ -2296,7 +2296,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, ++ log_error ("packet(%d) with unknown version %d\n", pkttype, version); ++ if (list_mode) ++ es_fputs (":key packet: [unknown version]\n", listfp); ++- err = gpg_error (GPG_ERR_INV_PACKET); +++ err = gpg_error (GPG_ERR_UNKNOWN_VERSION); ++ goto leave; ++ } ++ diff --cc debian/patches/from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch index 0000000,0000000..302f7cf new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch @@@ -1,0 -1,0 +1,135 @@@ ++From: Werner Koch ++Date: Fri, 15 Mar 2019 19:11:32 +0100 ++Subject: gpg: During secret key import print "sec" instead of "pub". ++ ++* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove ++useless code for "sub" and "ssb". ++* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do ++not print the first keyinfo in FROM_SK mode. ++printing. ++-- ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit f64477db86568bdc28c313bfeb8b95d8edf05a3c) ++(cherry picked from commit db2d75f1ffede2ea77163b487a15e60249daffa0) ++--- ++ g10/gpgcompose.c | 5 +++-- ++ g10/import.c | 11 +++++++---- ++ g10/keyedit.c | 23 ++++++++++++++--------- ++ g10/keyedit.h | 2 +- ++ 4 files changed, 25 insertions(+), 16 deletions(-) ++ ++diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c ++index 226f793..aec0b4a 100644 ++--- a/g10/gpgcompose.c +++++ b/g10/gpgcompose.c ++@@ -3058,10 +3058,11 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, ++ } ++ ++ void ++-show_basic_key_info (ctrl_t ctrl, KBNODE keyblock) +++show_basic_key_info (ctrl_t ctrl, KBNODE keyblock, int made_from_sec) ++ { ++ (void)ctrl; ++- (void) keyblock; +++ (void)keyblock; +++ (void)made_from_sec; ++ } ++ ++ int ++diff --git a/g10/import.c b/g10/import.c ++index 29de8ff..a5f4f38 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -1653,7 +1653,8 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) ++ * the internal errorcount, so that invalid input can be detected by ++ * programs which called gpg. If SILENT is no messages are printed - ++ * even most error messages are suppressed. ORIGIN is the origin of ++- * the key (0 for unknown) and URL the corresponding URL. +++ * the key (0 for unknown) and URL the corresponding URL. FROM_SK +++ * indicates that the key has been made from a secret key. ++ */ ++ static gpg_error_t ++ import_one (ctrl_t ctrl, ++@@ -1697,9 +1698,11 @@ import_one (ctrl_t ctrl, ++ keyid_from_pk( pk, keyid ); ++ uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); ++ ++- if (opt.verbose && !opt.interactive && !silent) +++ if (opt.verbose && !opt.interactive && !silent && !from_sk) ++ { ++- log_info( "pub %s/%s %s ", +++ /* Note that we do not print this info in FROM_SK mode +++ * because import_one already printed that. */ +++ log_info ("pub %s/%s %s ", ++ pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), ++ keystr_from_pk(pk), datestr_from_pk(pk) ); ++ if (uidnode) ++@@ -1730,7 +1733,7 @@ import_one (ctrl_t ctrl, ++ print_import_check (pk, uidnode->pkt->pkt.user_id); ++ merge_keys_and_selfsig (ctrl, keyblock); ++ tty_printf ("\n"); ++- show_basic_key_info (ctrl, keyblock); +++ show_basic_key_info (ctrl, keyblock, from_sk); ++ tty_printf ("\n"); ++ if (!cpr_get_answer_is_yes ("import.okay", ++ "Do you want to import this key? (y/N) ")) ++diff --git a/g10/keyedit.c b/g10/keyedit.c ++index b717960..f95f02f 100644 ++--- a/g10/keyedit.c +++++ b/g10/keyedit.c ++@@ -3662,13 +3662,14 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp, ++ ++ ++ /* Display basic key information. This function is suitable to show ++- information on the key without any dependencies on the trustdb or ++- any other internal GnuPG stuff. KEYBLOCK may either be a public or ++- a secret key. This function may be called with KEYBLOCK containing ++- secret keys and thus the printing of "pub" vs. "sec" does only ++- depend on the packet type and not by checking with gpg-agent. */ +++ * information on the key without any dependencies on the trustdb or +++ * any other internal GnuPG stuff. KEYBLOCK may either be a public or +++ * a secret key. This function may be called with KEYBLOCK containing +++ * secret keys and thus the printing of "pub" vs. "sec" does only +++ * depend on the packet type and not by checking with gpg-agent. If +++ * PRINT_SEC ist set "sec" is printed instead of "pub". */ ++ void ++-show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock) +++show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec) ++ { ++ KBNODE node; ++ int i; ++@@ -3681,13 +3682,17 @@ show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock) ++ || node->pkt->pkttype == PKT_SECRET_KEY) ++ { ++ PKT_public_key *pk = node->pkt->pkt.public_key; +++ const char *tag; +++ +++ if (node->pkt->pkttype == PKT_SECRET_KEY || print_sec) +++ tag = "sec"; +++ else +++ tag = "pub"; ++ ++ /* Note, we use the same format string as in other show ++ functions to make the translation job easier. */ ++ tty_printf ("%s %s/%s ", ++- node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" : ++- node->pkt->pkttype == PKT_PUBLIC_SUBKEY ? "sub" : ++- node->pkt->pkttype == PKT_SECRET_KEY ? "sec" :"ssb", +++ tag, ++ pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), ++ keystr_from_pk (pk)); ++ tty_printf (_("created: %s"), datestr_from_pk (pk)); ++diff --git a/g10/keyedit.h b/g10/keyedit.h ++index d1f453a..af5e996 100644 ++--- a/g10/keyedit.h +++++ b/g10/keyedit.h ++@@ -50,7 +50,7 @@ void keyedit_quick_set_expire (ctrl_t ctrl, ++ char **subkeyfprs); ++ void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, ++ const char *primaryuid); ++-void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock); +++void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec); ++ int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, ++ int rc, kbnode_t keyblock, ++ kbnode_t node, int *inv_sigs, int *no_key, diff --cc debian/patches/from-2.2.14/gpg-Fix-comparison.patch index 0000000,0000000..9fdc1cb new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpg-Fix-comparison.patch @@@ -1,0 -1,0 +1,26 @@@ ++From: "Neal H. Walfield" ++Date: Fri, 6 Oct 2017 11:51:39 +0200 ++Subject: gpg: Fix comparison. ++ ++* g10/gpgcompose.c (literal_name): Complain if passed zero arguments, ++not one or fewer. ++ ++Signed-off-by: Neal H. Walfield ++(cherry picked from commit 1ed21eee79749b976b4a935f2279b162634e9c5e) ++--- ++ g10/gpgcompose.c | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c ++index 430538e..226f793 100644 ++--- a/g10/gpgcompose.c +++++ b/g10/gpgcompose.c ++@@ -2746,7 +2746,7 @@ literal_name (const char *option, int argc, char *argv[], void *cookie) ++ { ++ struct litinfo *li = cookie; ++ ++- if (argc <= 1) +++ if (argc <= 0) ++ log_fatal ("Usage: %s NAME\n", option); ++ ++ if (strlen (argv[0]) > 255) diff --cc debian/patches/from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch index 0000000,0000000..c642092 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch @@@ -1,0 -1,0 +1,51 @@@ ++From: Werner Koch ++Date: Tue, 5 Mar 2019 12:39:11 +0100 ++Subject: gpg: Make invalid primary key algos obvious in key listings. ++ ++* g10/keylist.c (print_key_line): Print a warning for invalid algos. ++-- ++ ++Non-OpenPGP compliant keys now show a warning flag on the sec or pub ++line like in: ++ ++ gpg: can't encode a 256 bit MD into a 88 bits frame, algo=8 ++ sec cv25519 2019-01-30 [INVALID_ALGO] ++ 4239F3D606A19258E7A88C3F9A3F4F909C5034C5 ++ uid [ultimate] ffffff ++ ++Instead of showing the usage flags "[CE]". Without this patch only ++the error message is printed and the reason for it was not immediately ++obvious (cv25519 is encryption only but we always consider the primary ++key as having the "C" flag). ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit db87132b10664718b7db6ec1dad584b54d1fb265) ++(cherry picked from commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d) ++--- ++ g10/keylist.c | 10 +++++++++- ++ 1 file changed, 9 insertions(+), 1 deletion(-) ++ ++diff --git a/g10/keylist.c b/g10/keylist.c ++index 262ea8d..7b3fde1 100644 ++--- a/g10/keylist.c +++++ b/g10/keylist.c ++@@ -2059,10 +2059,18 @@ print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret) ++ tty_fprintf (fp, "/%s", keystr_from_pk (pk)); ++ tty_fprintf (fp, " %s", datestr_from_pk (pk)); ++ ++- if ((opt.list_options & LIST_SHOW_USAGE)) +++ if (pk->flags.primary +++ && !(openpgp_pk_algo_usage (pk->pubkey_algo) +++ & (PUBKEY_USAGE_CERT| PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))) +++ { +++ /* A primary key which is really not capable to sign. */ +++ tty_fprintf (fp, " [INVALID_ALGO]"); +++ } +++ else if ((opt.list_options & LIST_SHOW_USAGE)) ++ { ++ tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0)); ++ } +++ ++ if (pk->flags.revoked) ++ { ++ tty_fprintf (fp, " ["); diff --cc debian/patches/from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch index 0000000,0000000..9212c1d new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch @@@ -1,0 -1,0 +1,45 @@@ ++From: NIIBE Yutaka ++Date: Mon, 25 Feb 2019 10:44:16 +0900 ++Subject: gpgscm: Build well even if NDEBUG defined. ++ ++* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";". ++[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno. ++ ++-- ++ ++Cherry icked from master commit of: ++ e140c6d4f581be1a60a34b67b16430452f3987e8 ++ ++In some build environment, NDEBUG is defined (although it's ++bad practice). This change supports such a situation. ++ ++GnuPG-bug-id: 3959 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 8161afb9dddaba839be92fbe9d85c05235eda825) ++--- ++ tests/gpgscm/scheme.c | 4 +++- ++ 1 file changed, 3 insertions(+), 1 deletion(-) ++ ++diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c ++index b188e36..b4960b0 100644 ++--- a/tests/gpgscm/scheme.c +++++ b/tests/gpgscm/scheme.c ++@@ -874,7 +874,7 @@ gc_reservation_failure(struct scheme *sc) ++ { ++ #ifdef NDEBUG ++ fprintf(stderr, ++- "insufficient reservation\n") +++ "insufficient reservation\n"); ++ #else ++ fprintf(stderr, ++ "insufficient %s reservation in line %d\n", ++@@ -5627,7 +5627,9 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) { ++ sc->fcells = 0; ++ sc->inhibit_gc = GC_ENABLED; ++ sc->reserved_cells = 0; +++#ifndef NDEBUG ++ sc->reserved_lineno = 0; +++#endif ++ sc->no_memory=0; ++ sc->inport=sc->NIL; ++ sc->outport=sc->NIL; diff --cc debian/patches/from-2.2.14/gpgsm-default-to-3072-bit-keys.patch index 0000000,0000000..48cbef5 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpgsm-default-to-3072-bit-keys.patch @@@ -1,0 -1,0 +1,131 @@@ ++From: Daniel Kahn Gillmor ++Date: Thu, 7 Sep 2017 18:39:37 -0400 ++Subject: gpgsm: default to 3072-bit keys. ++ ++* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update ++default to 3072 bits. ++* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to ++3072 bits. ++* sm/certreqgen.c (proc_parameters): update default to 3072 bits. ++* sm/gpgsm.c (main): print correct default_pubkey_algo. ++ ++-- ++ ++3072-bit RSA is widely considered to be 128-bit-equivalent security. ++This is a sensible default in 2017. ++ ++Signed-off-by: Daniel Kahn Gillmor ++ ++(cherry picked from commit 7955262151a5c755814dd23414e6804f79125355) ++(cherry picked from commit 121286d9d1506dbaad9ba33bae2e459814fe5849) ++--- ++ doc/gpgsm.texi | 2 +- ++ doc/howto-create-a-server-cert.texi | 14 +++++++------- ++ sm/certreqgen-ui.c | 2 +- ++ sm/certreqgen.c | 4 ++-- ++ sm/gpgsm.c | 2 +- ++ 5 files changed, 12 insertions(+), 12 deletions(-) ++ ++diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi ++index ebe58bc..eb30368 100644 ++--- a/doc/gpgsm.texi +++++ b/doc/gpgsm.texi ++@@ -1082,7 +1082,7 @@ key. The algorithm must be capable of signing. This is a required ++ parameter. The only supported value for @var{algo} is @samp{rsa}. ++ ++ @item Key-Length: @var{nbits} ++-The requested length of a generated key in bits. Defaults to 2048. +++The requested length of a generated key in bits. Defaults to 3072. ++ ++ @item Key-Grip: @var{hexstring} ++ This is optional and used to generate a CSR or certificate for an ++diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi ++index 55f1a91..30e28bd 100644 ++--- a/doc/howto-create-a-server-cert.texi +++++ b/doc/howto-create-a-server-cert.texi ++@@ -31,14 +31,14 @@ Let's continue: ++ ++ @cartouche ++ @example ++- What keysize do you want? (2048) ++- Requested keysize is 2048 bits +++ What keysize do you want? (3072) +++ Requested keysize is 3072 bits ++ @end example ++ @end cartouche ++ ++-Hitting enter chooses the default RSA key size of 2048 bits. Smaller ++-keys are too weak on the modern Internet. If you choose a larger ++-(stronger) key, your server will need to do more work. +++Hitting enter chooses the default RSA key size of 3072 bits. Keys +++smaller than 2048 bits are too weak on the modern Internet. If you +++choose a larger (stronger) key, your server will need to do more work. ++ ++ @cartouche ++ @example ++@@ -124,7 +124,7 @@ request: ++ @example ++ These parameters are used: ++ Key-Type: RSA ++- Key-Length: 2048 +++ Key-Length: 3072 ++ Key-Usage: sign, encrypt ++ Name-DN: CN=example.com ++ Name-DNS: example.com ++@@ -224,7 +224,7 @@ To see the content of your certificate, you may now enter: ++ aka: (dns-name example.com) ++ aka: (dns-name www.example.com) ++ validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51 ++- key type: 2048 bit RSA +++ key type: 3072 bit RSA ++ key usage: digitalSignature keyEncipherment ++ ext key usage: clientAuth (suggested), serverAuth (suggested), [...] ++ fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57 ++diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c ++index 9772a3b..4f8a1ac 100644 ++--- a/sm/certreqgen-ui.c +++++ b/sm/certreqgen-ui.c ++@@ -138,7 +138,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) ++ unsigned int nbits; ++ int minbits = 1024; ++ int maxbits = 4096; ++- int defbits = 2048; +++ int defbits = 3072; ++ const char *keyusage; ++ char *subject_name; ++ membuf_t mb_email, mb_dns, mb_uri, mb_result; ++diff --git a/sm/certreqgen.c b/sm/certreqgen.c ++index 4431870..1d610c1 100644 ++--- a/sm/certreqgen.c +++++ b/sm/certreqgen.c ++@@ -26,7 +26,7 @@ ++ $ cat >foo < 4096) && !cardkeyid) ++diff --git a/sm/gpgsm.c b/sm/gpgsm.c ++index defc698..52f26e2 100644 ++--- a/sm/gpgsm.c +++++ b/sm/gpgsm.c ++@@ -1800,7 +1800,7 @@ main ( int argc, char **argv) ++ /* The next one is an info only item and should match what ++ proc_parameters actually implements. */ ++ es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, ++- "RSA-2048"); +++ "RSA-3072"); ++ es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg"); ++ ++ } diff --cc debian/patches/from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch index 0000000,0000000..036c0be new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch @@@ -1,0 -1,0 +1,45 @@@ ++From: Daniel Kahn Gillmor ++Date: Sun, 3 Mar 2019 10:22:34 -0500 ++Subject: gpgv: Improve documentation for keyring choices ++ ++* doc/gpgv.texi: Improve documentation for keyring choices ++ ++-- ++ ++From the existing documentation, it's not clear whether the default ++keyring will always be mixed into the set of keyrings, or whether it ++will be skipped if a --keyring is present. The updated text here ++attempts to describe the keyring selection logic more completely. ++ ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit a7b2a87f940dba078867c44f1f50d46211d51719) ++--- ++ doc/gpgv.texi | 15 ++++++++------- ++ 1 file changed, 8 insertions(+), 7 deletions(-) ++ ++diff --git a/doc/gpgv.texi b/doc/gpgv.texi ++index a052861..2dd9576 100644 ++--- a/doc/gpgv.texi +++++ b/doc/gpgv.texi ++@@ -59,13 +59,14 @@ no configuration files and only a few options are implemented. ++ That does also mean that it does not check for expired or revoked ++ keys. ++ ++-By default a keyring named @file{trustedkeys.kbx} is used; if that ++-does not exist a keyring named @file{trustedkeys.gpg} is used. The ++-default keyring is assumed to be in the home directory of GnuPG, ++-either the default home directory or the one set by an option or an ++-environment variable. The option @code{--keyring} may be used to ++-specify a different keyring or even multiple keyrings. ++- +++If no @code{--keyring} option is given, @code{gpgv} looks for a +++``default'' keyring named @file{trustedkeys.kbx} (preferred) or +++@file{trustedkeys.gpg} in the home directory of GnuPG, either the +++default home directory or the one set by the @code{--homedir} option +++or the @code{GNUPGHOME} environment variable. If any @code{--keyring} +++option is used, @code{gpgv} will not look for the default keyring. The +++@code{--keyring} option may be used multiple times and all specified +++keyrings will be used together. ++ ++ @noindent ++ @mansect options diff --cc debian/patches/from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch index 0000000,0000000..f1f9d84 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch @@@ -1,0 -1,0 +1,68 @@@ ++From: NIIBE Yutaka ++Date: Wed, 20 Sep 2017 10:06:43 +0900 ++Subject: scd: Distinguish cancel by user and protocol error. ++ ++* scd/apdu.h (SW_HOST_CANCELLED): New. ++* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED. ++(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED. ++* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for ++SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED. ++ ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 2396055c096884d521c26b76f26263a146207c24) ++--- ++ scd/apdu.c | 3 ++- ++ scd/apdu.h | 3 ++- ++ scd/iso7816.c | 3 ++- ++ 3 files changed, 6 insertions(+), 3 deletions(-) ++ ++diff --git a/scd/apdu.c b/scd/apdu.c ++index 9e3594b..1a5e371 100644 ++--- a/scd/apdu.c +++++ b/scd/apdu.c ++@@ -499,6 +499,7 @@ host_sw_string (long err) ++ case SW_HOST_ABORTED: return "aborted"; ++ case SW_HOST_NO_PINPAD: return "no pinpad"; ++ case SW_HOST_ALREADY_CONNECTED: return "already connected"; +++ case SW_HOST_CANCELLED: return "cancelled"; ++ default: return "unknown host status error"; ++ } ++ } ++@@ -605,7 +606,7 @@ pcsc_error_to_sw (long ec) ++ { ++ case 0: rc = 0; break; ++ ++- case PCSC_E_CANCELLED: rc = SW_HOST_ABORTED; break; +++ case PCSC_E_CANCELLED: rc = SW_HOST_CANCELLED; break; ++ case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break; ++ case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break; ++ case PCSC_E_NO_SERVICE: ++diff --git a/scd/apdu.h b/scd/apdu.h ++index 6751e8c..8a0d4bd 100644 ++--- a/scd/apdu.h +++++ b/scd/apdu.h ++@@ -71,7 +71,8 @@ enum { ++ SW_HOST_NO_READER = 0x1000c, ++ SW_HOST_ABORTED = 0x1000d, ++ SW_HOST_NO_PINPAD = 0x1000e, ++- SW_HOST_ALREADY_CONNECTED = 0x1000f +++ SW_HOST_ALREADY_CONNECTED = 0x1000f, +++ SW_HOST_CANCELLED = 0x10010 ++ }; ++ ++ struct dev_list; ++diff --git a/scd/iso7816.c b/scd/iso7816.c ++index 081b080..29208c2 100644 ++--- a/scd/iso7816.c +++++ b/scd/iso7816.c ++@@ -93,8 +93,9 @@ map_sw (int sw) ++ case SW_HOST_CARD_IO_ERROR: ec = GPG_ERR_EIO; break; ++ case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break; ++ case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break; ++- case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break; +++ case SW_HOST_ABORTED: ec = GPG_ERR_INV_RESPONSE; break; ++ case SW_HOST_NO_PINPAD: ec = GPG_ERR_NOT_SUPPORTED; break; +++ case SW_HOST_CANCELLED: ec = GPG_ERR_CANCELED; break; ++ ++ default: ++ if ((sw & 0x010000)) diff --cc debian/patches/from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch index 0000000,0000000..7b7a795 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch @@@ -1,0 -1,0 +1,66 @@@ ++From: Werner Koch ++Date: Thu, 28 Feb 2019 14:43:42 +0100 ++Subject: sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs. ++ ++* sm/keylist.c (print_compliance_flags): Also check the digest_algo. ++Add new arg 'cert'. ++-- ++ ++A certificate with algorithm sha1WithRSAEncryption can be de-vs ++compliant (e.g. if the next in the chain used sha256WithRSAEncryption ++to sign it and RSA is long enough) but flagging it as such is useless ++because that certificate can't be used because it will create ++signatures using the non-compliant SHA-1 algorithm. ++ ++Well, it could be used for encryption. But also evaluating the ++key-usage flags here would make it harder for the user to understand ++why certain certificates are listed as de-vs compliant and others are ++not. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 2c75af9f65d15653ed1bc191f1098ae316607041) ++ ++Reworked to also pass the CERT. Note that 2.2 won't get the PK ++Screening feature. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit be69bf0cbd11cb8c0d452e07066669aacc6caafa) ++--- ++ sm/keylist.c | 15 ++++++++++++--- ++ 1 file changed, 12 insertions(+), 3 deletions(-) ++ ++diff --git a/sm/keylist.c b/sm/keylist.c ++index 9997da8..3fe75a1 100644 ++--- a/sm/keylist.c +++++ b/sm/keylist.c ++@@ -348,10 +348,19 @@ email_kludge (const char *name) ++ /* Print the compliance flags to field 18. ALGO is the gcrypt algo ++ * number. NBITS is the length of the key in bits. */ ++ static void ++-print_compliance_flags (int algo, unsigned int nbits, estream_t fp) +++print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits, +++ estream_t fp) ++ { +++ int hashalgo; +++ ++ if (gnupg_pk_is_compliant (CO_DE_VS, algo, NULL, nbits, NULL)) ++- es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); +++ { +++ hashalgo = gcry_md_map_name (ksba_cert_get_digest_algo (cert)); +++ if (gnupg_digest_is_compliant (CO_DE_VS, hashalgo)) +++ { +++ es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); +++ } +++ } ++ } ++ ++ ++@@ -526,7 +535,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, ++ es_putc (':', fp); /* End of field 15. */ ++ es_putc (':', fp); /* End of field 16. */ ++ es_putc (':', fp); /* End of field 17. */ ++- print_compliance_flags (algo, nbits, fp); +++ print_compliance_flags (cert, algo, nbits, fp); ++ es_putc (':', fp); /* End of field 18. */ ++ es_putc ('\n', fp); ++ diff --cc debian/patches/from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch index 0000000,0000000..6bcca6d new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch @@@ -1,0 -1,0 +1,95 @@@ ++From: Werner Koch ++Date: Fri, 1 Mar 2019 15:23:49 +0100 ++Subject: sm: Print Yubikey attestation extensions with --dump-cert. ++ ++* sm/keylist.c (oidtranstbl): Add Yubikey OIDs. ++(OID_FLAG_HEX): New. ++(print_hex_extn): New. ++(list_cert_raw): Make use of that flag. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e) ++(cherry picked from commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a) ++--- ++ sm/keylist.c | 40 +++++++++++++++++++++++++++++++++++++--- ++ 1 file changed, 37 insertions(+), 3 deletions(-) ++ ++diff --git a/sm/keylist.c b/sm/keylist.c ++index 3fe75a1..6efc6bd 100644 ++--- a/sm/keylist.c +++++ b/sm/keylist.c ++@@ -84,6 +84,8 @@ struct ++ #define OID_FLAG_SKIP 1 ++ /* The extension is a simple UTF8String and should be printed. */ ++ #define OID_FLAG_UTF8 2 +++/* The extension can be trnted as a hex string. */ +++#define OID_FLAG_HEX 4 ++ ++ /* A table mapping OIDs to a descriptive string. */ ++ static struct ++@@ -193,6 +195,12 @@ static struct ++ /* Extensions used by the Bundesnetzagentur. */ ++ { "1.3.6.1.4.1.8301.3.5", "validityModel" }, ++ +++ /* Yubikey extensions for attestation certificates. */ +++ { "1.3.6.1.4.1.41482.3.3", "yubikey-firmware-version", OID_FLAG_HEX }, +++ { "1.3.6.1.4.1.41482.3.7", "yubikey-serial-number", OID_FLAG_HEX }, +++ { "1.3.6.1.4.1.41482.3.8", "yubikey-pin-touch-policy", OID_FLAG_HEX }, +++ { "1.3.6.1.4.1.41482.3.9", "yubikey-formfactor", OID_FLAG_HEX }, +++ ++ { NULL } ++ }; ++ ++@@ -685,6 +693,21 @@ print_utf8_extn (estream_t fp, int indent, ++ } ++ ++ +++/* Print the extension described by (DER,DERLEN) in hex. */ +++static void +++print_hex_extn (estream_t fp, int indent, +++ const unsigned char *der, size_t derlen) +++{ +++ if (indent < 0) +++ indent = - indent; +++ +++ es_fprintf (fp, "%*s(", indent, ""); +++ for (; derlen; der++, derlen--) +++ es_fprintf (fp, "%02X%s", *der, derlen > 1? " ":""); +++ es_fprintf (fp, ")\n"); +++} +++ +++ ++ /* List one certificate in raw mode useful to have a closer look at ++ the certificate. This one does no beautification and only minimal ++ output sanitation. It is mainly useful for debugging. */ ++@@ -1022,16 +1045,27 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, ++ if ((flag & OID_FLAG_SKIP)) ++ continue; ++ ++- es_fprintf (fp, " %s: %s%s%s%s [%d octets]\n", +++ es_fprintf (fp, " %s: %s%s%s%s", ++ i? "critExtn":" extn", ++- oid, s?" (":"", s?s:"", s?")":"", (int)len); +++ oid, s?" (":"", s?s:"", s?")":""); ++ if ((flag & OID_FLAG_UTF8)) ++ { ++ if (!cert_der) ++ cert_der = ksba_cert_get_image (cert, NULL); ++- assert (cert_der); +++ log_assert (cert_der); +++ es_fprintf (fp, "\n"); ++ print_utf8_extn_raw (fp, -15, cert_der+off, len); ++ } +++ else if ((flag & OID_FLAG_HEX)) +++ { +++ if (!cert_der) +++ cert_der = ksba_cert_get_image (cert, NULL); +++ log_assert (cert_der); +++ es_fprintf (fp, "\n"); +++ print_hex_extn (fp, -15, cert_der+off, len); +++ } +++ else +++ es_fprintf (fp, " [%d octets]\n", (int)len); ++ } ++ ++ diff --cc debian/patches/from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch index 0000000,0000000..40ebad6 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch @@@ -1,0 -1,0 +1,98 @@@ ++From: NIIBE Yutaka ++Date: Thu, 21 Feb 2019 12:26:09 +0900 ++Subject: tests: Add "disable-scdaemon" in gpg-agent.conf. ++ ++* tests/openpgp/defs.scm: Add "disable-scdaemon". Remove ++ "scdaemon-program". ++* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise. ++* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon" ++ ++-- ++ ++Before this change, running "make check" accesses USB device by ++scdaemon on host computer. If there is any smartcard/token available, ++it may affect test results. Because default key choice depends on ++smartcard/token availability now and existing tests have nothing about ++testing smartcard/token, disabling scdaemon is good. ++ ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 64b7c6fd1945bc206cf56979633dfca8a7494374) ++(cherry picked from commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203) ++--- ++ tests/gpgme/gpgme-defs.scm | 3 +-- ++ tests/gpgsm/gpgsm-defs.scm | 5 +---- ++ tests/inittests | 1 + ++ tests/openpgp/defs.scm | 5 +---- ++ tests/pkits/inittests | 1 + ++ 5 files changed, 5 insertions(+), 10 deletions(-) ++ ++diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm ++index 0de589f..bc40b3c 100644 ++--- a/tests/gpgme/gpgme-defs.scm +++++ b/tests/gpgme/gpgme-defs.scm ++@@ -67,8 +67,7 @@ ++ (create-file ++ "gpg-agent.conf" ++ (string-append "pinentry-program " (tool 'pinentry)) ++- (string-append "scdaemon-program " (tool 'scdaemon)) ++- ) +++ "disable-scdaemon") ++ ++ (start-agent) ++ ++diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm ++index f118642..848bc75 100644 ++--- a/tests/gpgsm/gpgsm-defs.scm +++++ b/tests/gpgsm/gpgsm-defs.scm ++@@ -67,10 +67,7 @@ ++ "faked-system-time 1008241200") ++ (create-file "gpg-agent.conf" ++ (string-append "pinentry-program " (tool 'pinentry)) ++- (if (assoc "scdaemon" gpg-components) ++- (string-append "scdaemon-program " (tool 'scdaemon)) ++- "# No scdaemon available") ++- ) +++ "disable-scdaemon") ++ (start-agent) ++ (create-file ++ "trustlist.txt" ++diff --git a/tests/inittests b/tests/inittests ++index 6fbccfb..9090674 100755 ++--- a/tests/inittests +++++ b/tests/inittests ++@@ -85,6 +85,7 @@ EOF ++ cat > gpg-agent.conf < trustlist.txt < gpg-agent.conf < ++Date: Fri, 15 Mar 2019 19:40:02 +0100 ++Subject: tests: Add sample secret key w/o binding signatures. ++ ++-- ++ ++GnuPG-bug-id: 4392 ++(cherry picked from commit 8c20a363c221438373439cde8c242e04c1bd925e) ++(cherry picked from commit 61fc831885b0860e2143587b614c5a57f8c3f45f) ++--- ++ tests/openpgp/samplekeys/README | 10 +++++ ++ tests/openpgp/samplekeys/pgp-desktop-skr.asc | 56 ++++++++++++++++++++++++++++ ++ 2 files changed, 66 insertions(+) ++ create mode 100644 tests/openpgp/samplekeys/pgp-desktop-skr.asc ++ ++diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README ++index 6f2399f..9f1648b 100644 ++--- a/tests/openpgp/samplekeys/README +++++ b/tests/openpgp/samplekeys/README ++@@ -14,8 +14,18 @@ whats-new-in-2.1.asc Collection of sample keys. ++ e2e-p256-1-clr.asc Google End-end-End test key (no protection) ++ e2e-p256-1-prt.asc Ditto, but protected with passphrase "a". ++ E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection) +++pgp-desktop-skr.asc Secret key with subkeys w/o signatures ++ rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase) ++ ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase) ++ silent-running.asc Collection of sample secret keys (no passphrases) ++ rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth ++ rsa-primary-auth-only.sec.asc Ditto but the secret keyblock. +++ +++ +++Notes: +++ +++- pgp-desktop-skr.asc is a secret keyblock without the uid and subkey +++ binding signatures. When exporting a secret key from PGP desktop +++ such a file is created which is then directly followed by a separate +++ armored public key block. To create such a sample concatenate +++ pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc ++diff --git a/tests/openpgp/samplekeys/pgp-desktop-skr.asc b/tests/openpgp/samplekeys/pgp-desktop-skr.asc ++new file mode 100644 ++index 0000000..58f384c ++--- /dev/null +++++ b/tests/openpgp/samplekeys/pgp-desktop-skr.asc ++@@ -0,0 +1,56 @@ +++-----BEGIN PGP PRIVATE KEY BLOCK----- +++Version: Made up as if from PGP Encryption Desktop 10.3.2 +++ +++lQHYBFZfWcgBBAC+RQIbTFhpMiRmJPB3XAJQXxpDb5h2sEaNJ/MLIHwPNs+jNgDb +++144BrIOD1G56xAYhKYVDphFIg2wCiB019mYq7yNUyn/aZFBHqd5xbg4qR212cAjw +++HpBqP9yUEm333RFqFdytcbXd9rSfvZOlFvGZRSxjgpGlsJGbjitH0ABY+wARAQAB +++AAP+IvI/yc3C60dXYh9kvzd6AVMGWt5zTVFhE+oDfMaxooW5q0tu6vHzViFeYmcx +++B4FbctnSbTNiN0RUIT7oxpGEAAumKRejGAaMwiKZz3bMV05l0LI0Yn10GzXsLtRx ++++iKzpUxThZETRU43BJeMqP5/rVqdQAu47pClgTwQWn6bXNkCANe2+XwJgMv9D72p +++kMLIi0TmPtfjBFV6f3f190N6m5gCCwstzvKqcNQ7NqNdbLHo/HKCmdGzlzCajbNu +++1nLJYoUCAOHNiNhWU/IEC5fRNyxfE5AQAmc7Bm/7d5gVIWDUjWe1ukfwJGQESyNy +++GTraOcYQa8X0GskSEktjwZN/dM9yZX8B/02prLprc1+8GjTM7q7ePJJbiOWcvYrB +++qcHhqadU/uC/g4lzDAG4RVutIHaqqOPr85J9jPzP/AT6ygsNU5Q5902gYbQjQmFy +++cmV0dCBCcm93biA8YmFycmV0dEBleGFtcGxlLm9yZz6dAdgEVl9ZyAEEAMfR5EvR +++HsEQXjKwf+LvMD2qXZerKRJYv+Ok6O1nJgYZrxGSXRtGUGrWDb4JERKjmnbIHePa +++J42GgpAUibaya0lDkvjKOehX/+dno06Bcn7mbOistFBpvbbyhCcN2mYhjQGeT8r6 +++fiX/sSw8L49MRxwI/JRBITkqyKxr6uMsf/p1ABEBAAEAA/wN9hFQZs0SSjV6rzBQ +++R8wEEvo1FaVp/b9yhVws8i8K8BJ2VNaiiDgoLsqJA5MozTuGnxbPi7eFwOcwb+7r +++T+4E8c8cJlOFiWkYtUyFDAjjo1m0xxFI0GnWuEnl238URxIW+x4k6Bx7g8P/3psH +++f5x1ue8pxYzudxEuPTBV8HMp4QIA2p74/ZJafVJAIDcEcbMDoIhTpRgbMyeHaQmR +++81gwo2FHd3hlonspwJ37r3LRk2jMgecU+0cK7p7W4HkYD6Xo2QIA6fv/DFn2WVRA +++ODQVQQGGxsvO2cM847IFJu96BbbxOLaZJ536RE980c2a9q/9B4hOYzKV4B4NI03u +++5/BqoOY8/QH/ZIvWN1fksXhQMypVTLg8R81igqS3GXKmQ+KrVEfTIHnXKxH7tyfD +++eJSS6nfpfARhAe2mP3TIrbjX+9PR+Qmkg6GqnQHYBFZfWusBBACoJjGH5zSYYpWQ +++1EuJJ7X2tJs6AtUlwvp0fUSdrA7qSXLKkhusOibsM01OWntMyXBD5SwpuZPyPCRT +++Tz9rCDpb1arksIAFRK1itVzAkmV/eniUGu7QFJGVoq4iyWmTk+jB+PaU9dfqjV5E +++eyfGT0VMP4wZxaSF8v0cX5Gry89yJwARAQABAAP+NPUmd199hJrT8TOzgIRlvkfe +++dZRLziNM3yBO2nvEjMxKH3uJxKHh/VUg/VLo72On/HIyiQeeDVYcuLJGTm7edegk +++/9C85hT5K4VUF9+LXXDX1Vz/jQdZxq+JwUE/AdlAEC9fkFQzc0ftI832mgjROASw +++MVphqYUQERz00ve+NDUCAMmgeUzmQB+ZDcdCzKQfZChafEDqZNpqIKfhcg8SytcK +++LA5uLBYGPcj7DY5NZuh3PFaV3EGxpjJUIzdspHp6V0UCANV+jbkookz+pUHAKp6D +++wt+yxOj1HqKIRdOYVaEaLTpvv7CHL3u2a4FQbxCxK6umVPH1HglEKDHNs7UBB8gv +++tHsB/Rzk2o5+LyWT18v6ubDVoUO6WQx3iXJakorJrSML7gld8DAEDCFK/jlk5Rhz +++gmGvBZwZ+z2xOk3rxnQxBPAkHHyb8p0B2ARWX1uVAQQA5Hj2C3jzD8OGtLaw7+P2 +++gYdAfR4s4YS3/AK+kYYtbm5EX4srysyUbylbQDQXUvRzw4FPkjXbboF6KjHw8icN +++WHCazwSfPTfCDvi0JIildkfNqwBzCmNDRn++X8rvAeDCEJ/BtfcgfgmDTElSJOd+ +++3B4XwnmtnBW54KlR42PLobsAEQEAAQAD+gJL6SGioplwMH9xtZtZ5fixAynaOeYK +++LK8vF06EGpL3Xl8lHqwpKZU0tbmsfLJjkFL6yD2L750Ge0vcLj5YtxVh+pfzvtgo +++HbYvfcU0j3iUQXgrn9r792wILv9LcgfDGYEUTPY+TSQnhju6OA8EYFJC1l9vkeae +++HWiNi0VH5leBAgDr3h6mXHrLT4qSNexzz8BAvK/PlHMAMAJcy76lXSkl92+c4Bcp +++jFDr5Vpaq/VXoLC4L/IlnEEqY967pAycdLH7AgD3+UB/qEnh0dDq7HkEfwMiarY6 +++Nb6wre0jPN/p+lWQ+MO6o5iJ2b44vZIUIlrKZJZ1WraBBhuRx1Fd0YpUlYNBAf41 +++4cEsS5z9Vf6HeJ87WPIyWH72dmwcuRDNTKLYeetcnbbhyO+BzfXbC+0FAxTIsBFa +++4S4xUwDBah+Nf4ZlcvPSop+dAdgEVl9unAEEAOnl30hwc47rLL9QH6g0TX1BEPdW +++MV4Ou6+rQOErIMAr1AOlUzpjwJllvQqf2OHnQWaTr9kbNLn7XUEUhjkH3uHDYMHM +++dyAb7YJrk3ECDqnmr34VV/F/H5BH7D6AiFktl1SpUTczPxBxvPNlJ4joPmTm+ahf +++g+zL+4pVu6tIhM0LABEBAAEAA/9fHMTxVhkHswZdPZ3B7pLcLktR6NDmaKNVyhP1 +++/G2y95+dY+s2QT4eosp+uYWeR0XHCqNla7TDND41qrzyEAtHiAF3OoydMK4lb0lq +++fKORRI4tr017wgMxRBLs82Gk5ehtI7AwSca7WvaoAJwKZp42th4MOeykeGRRMagJ +++I420QQIA8zdj89HUQ9tIRyhenoqgGWGmYZgO6SlrloxwlVzvbOsxn59A7PpE0CZb +++TsVPwFCwEzf3316k7V0oqa8TVL8J2wIA9jEY4AFhxY6kmffl5KiKwHThC06BPk6k +++CX90tt5on5iH0q2tjrAt/+ZfTcWAT5huQh9OZ4Hq0N/hFhtcJjIokQH+OcGoGiG3 +++pNBeU0bZqnVZNcHhJP9F13chv5jSAOJf6rfyx3HbgTeOqh2BCpyocgzAgQ8JUkX+ +++OeRRvDotcfiTGKBc +++=VlTT +++-----END PGP PRIVATE KEY BLOCK----- diff --cc debian/patches/from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch index 0000000,0000000..7ca5145 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch @@@ -1,0 -1,0 +1,69 @@@ ++From: Werner Koch ++Date: Tue, 26 Mar 2019 09:02:19 +0100 ++Subject: agent: Allow other ssh fingerprint algos in KEYINFO. ++ ++* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO. Default to ++the standard algo. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 1c2fa8b6d747aa171bfef35a50754893aa80a562) ++--- ++ agent/command.c | 24 ++++++++++++++++++++---- ++ 1 file changed, 20 insertions(+), 4 deletions(-) ++ ++diff --git a/agent/command.c b/agent/command.c ++index 50385b8..41fb394 100644 ++--- a/agent/command.c +++++ b/agent/command.c ++@@ -1048,7 +1048,7 @@ cmd_readkey (assuan_context_t ctx, char *line) ++ ++ ++ static const char hlp_keyinfo[] = ++- "KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] \n" +++ "KEYINFO [--[ssh-]list] [--data] [--ssh-fpr[=algo]] [--with-ssh] \n" ++ "\n" ++ "Return information about the key specified by the KEYGRIP. If the\n" ++ "key is not available GPG_ERR_NOT_FOUND is returned. If the option\n" ++@@ -1084,7 +1084,9 @@ static const char hlp_keyinfo[] = ++ " '-' - Unknown protection.\n" ++ "\n" ++ "FPR returns the formatted ssh-style fingerprint of the key. It is only\n" ++- " printed if the option --ssh-fpr has been used. It defaults to '-'.\n" +++ " printed if the option --ssh-fpr has been used. If ALGO is not given\n" +++ " to that option the default ssh fingerprint algo is used. Without the\n" +++ " option a '-' is printed.\n" ++ "\n" ++ "TTL is the TTL in seconds for that key or '-' if n/a.\n" ++ "\n" ++@@ -1171,7 +1173,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, ++ ++ if (!agent_raw_key_from_file (ctrl, grip, &key)) ++ { ++- ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr); +++ ssh_get_fingerprint_string (key, with_ssh_fpr, &fpr); ++ gcry_sexp_release (key); ++ } ++ } ++@@ -1252,7 +1254,21 @@ cmd_keyinfo (assuan_context_t ctx, char *line) ++ else ++ list_mode = has_option (line, "--list"); ++ opt_data = has_option (line, "--data"); ++- opt_ssh_fpr = has_option (line, "--ssh-fpr"); +++ +++ if (has_option_name (line, "--ssh-fpr")) +++ { +++ if (has_option (line, "--ssh-fpr=md5")) +++ opt_ssh_fpr = GCRY_MD_MD5; +++ else if (has_option (line, "--ssh-fpr=sha1")) +++ opt_ssh_fpr = GCRY_MD_SHA1; +++ else if (has_option (line, "--ssh-fpr=sha256")) +++ opt_ssh_fpr = GCRY_MD_SHA256; +++ else +++ opt_ssh_fpr = opt.ssh_fingerprint_digest; +++ } +++ else +++ opt_ssh_fpr = 0; +++ ++ opt_with_ssh = has_option (line, "--with-ssh"); ++ line = skip_options (line); ++ diff --cc debian/patches/from-2.2.15/doc-Clarify-option-no-keyring.patch index 0000000,0000000..5bbaf39 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.15/doc-Clarify-option-no-keyring.patch @@@ -1,0 -1,0 +1,27 @@@ ++From: Werner Koch ++Date: Mon, 25 Mar 2019 14:47:31 +0100 ++Subject: doc: Clarify option --no-keyring. ++ ++-- ++GnuPG-bug-id: 4424 ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 7a38af6a1015a7a0b47502850cf3bfd60d61ee56) ++--- ++ doc/gpg.texi | 3 ++- ++ 1 file changed, 2 insertions(+), 1 deletion(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index b6eda9d..22813c7 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -3230,7 +3230,8 @@ secret keyrings. ++ ++ @item --no-keyring ++ @opindex no-keyring ++-Do not add use any keyrings even if specified as options. +++Do not use any keyring at all. This overrides the default and all +++options which specify keyrings. ++ ++ @item --skip-verify ++ @opindex skip-verify diff --cc debian/patches/from-2.2.15/doc-fix-formatting-error.patch index 0000000,0000000..fc81f92 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.15/doc-fix-formatting-error.patch @@@ -1,0 -1,0 +1,24 @@@ ++From: Daniel Kahn Gillmor ++Date: Fri, 22 Mar 2019 23:49:03 +0100 ++Subject: doc: fix formatting error ++ ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit 93782de23fe45e7f7f86140fda6de39395c3a9d8) ++--- ++ doc/gpg.texi | 3 ++- ++ 1 file changed, 2 insertions(+), 1 deletion(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index 1597f9e..b6eda9d 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -2320,7 +2320,8 @@ opposite meaning. The options are: ++ on the keyring. This option is the same as running the @option{--edit-key} ++ command "clean" after import. Defaults to no. ++ ++- @item repair-keys. After import, fix various problems with the +++ @item repair-keys +++ After import, fix various problems with the ++ keys. For example, this reorders signatures, and strips duplicate ++ signatures. Defaults to yes. ++ diff --cc debian/patches/from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch index 0000000,0000000..bc8b0d5 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch @@@ -1,0 -1,0 +1,49 @@@ ++From: Werner Koch ++Date: Tue, 26 Mar 2019 13:31:06 +0100 ++Subject: sm: Allow decryption even if expired other keys are configured. ++ ++* sm/gpgsm.c (main): Add special handling for bad keys in decrypt ++mode. ++-- ++ ++The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to ++a decryption command. With that patch the errors are printed but ++decryption continues and the process returns success unless other ++errors occur. ++ ++GnuPG-bug-id: 4431 ++Signed-off-by: Werner Koch ++(cherry picked from commit 30972d21824264aef2088d30b4f2e5ce3aca889e) ++--- ++ sm/gpgsm.c | 11 +++++++++++ ++ 1 file changed, 11 insertions(+) ++ ++diff --git a/sm/gpgsm.c b/sm/gpgsm.c ++index 52f26e2..598caa2 100644 ++--- a/sm/gpgsm.c +++++ b/sm/gpgsm.c ++@@ -1732,6 +1732,8 @@ main ( int argc, char **argv) ++ ++ if (!do_not_setup_keys) ++ { +++ int errcount = log_get_errorcount (0); +++ ++ for (sl = locusr; sl ; sl = sl->next) ++ { ++ int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0); ++@@ -1760,6 +1762,15 @@ main ( int argc, char **argv) ++ if ((sl->flags & 1)) ++ do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required); ++ } +++ +++ /* We do not require a recipient for decryption but because +++ * recipients and signers are always checked and log_error is +++ * sometimes used (for failed signing keys or due to a failed +++ * CRL checking) that would have bumbed up the error counter. +++ * We clear the counter in the decryption case because there is +++ * no reason to force decryption to fail. */ +++ if (cmd == aDecrypt && !errcount) +++ log_get_errorcount (1); /* clear counter */ ++ } ++ ++ if (log_get_errorcount(0)) diff --cc debian/patches/from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch index 0000000,0000000..db03d78 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch @@@ -1,0 -1,0 +1,295 @@@ ++From: Werner Koch ++Date: Fri, 22 Mar 2019 11:40:01 +0100 ++Subject: wkd: New command --print-wkd-hash for gpg-wks-client. ++ ++* tools/gpg-wks-client.c (aPrintWKDHash): New. ++(opts) : Add "--print-wkd-hash". ++(main): Implement that command. ++(proc_userid_from_stdin): New. ++* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY. ++(wks_cmd_print_wkd_hash): New. ++-- ++ ++GnuPG-bug-id: 4418 ++Signed-off-by: Werner Koch ++(cherry picked from commit 64621f1f40c31c7f453da98efb860ff8cf11edbc) ++--- ++ doc/wks.texi | 4 +++ ++ tools/gpg-wks-client.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++-- ++ tools/gpg-wks-server.c | 2 +- ++ tools/gpg-wks.h | 3 +- ++ tools/wks-util.c | 47 +++++++++++++++++++++++----- ++ 5 files changed, 129 insertions(+), 12 deletions(-) ++ ++diff --git a/doc/wks.texi b/doc/wks.texi ++index 5fe2a33..0c8a59a 100644 ++--- a/doc/wks.texi +++++ b/doc/wks.texi ++@@ -101,6 +101,10 @@ fingerprint and the mailbox separated by a space. The command ++ @option{--remove-key} removes a key from that directory, its only ++ argument is a user-id. ++ +++The command @option{--print-wkd-hash} prints a WKD user id identifier +++and the corresponding mailbox from the user-ids given on the command +++line or via stdin (one user-id per line). +++ ++ @command{gpg-wks-client} is not commonly invoked directly and thus it ++ is not installed in the bin directory. Here is an example how it can ++ be invoked manually to check for a Web Key Directory entry for ++diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c ++index 78e4fe4..f1750bf 100644 ++--- a/tools/gpg-wks-client.c +++++ b/tools/gpg-wks-client.c ++@@ -61,6 +61,7 @@ enum cmd_and_opt_values ++ aRead, ++ aInstallKey, ++ aRemoveKey, +++ aPrintWKDHash, ++ ++ oGpgProgram, ++ oSend, ++@@ -90,6 +91,8 @@ static ARGPARSE_OPTS opts[] = { ++ "install a key into a directory"), ++ ARGPARSE_c (aRemoveKey, "remove-key", ++ "remove a key from a directory"), +++ ARGPARSE_c (aPrintWKDHash, "print-wkd-hash", +++ "Print the WKD identifier for the given user ids"), ++ ++ ARGPARSE_group (301, ("@\nOptions:\n ")), ++ ++@@ -129,6 +132,8 @@ const char *fake_submission_addr; ++ ++ ++ static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; +++static gpg_error_t proc_userid_from_stdin (gpg_error_t (*func)(const char *), +++ const char *text); ++ static gpg_error_t command_supported (char *userid); ++ static gpg_error_t command_check (char *userid); ++ static gpg_error_t command_send (const char *fingerprint, const char *userid); ++@@ -230,6 +235,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) ++ case aCheck: ++ case aInstallKey: ++ case aRemoveKey: +++ case aPrintWKDHash: ++ cmd = pargs->r_opt; ++ break; ++ ++@@ -246,7 +252,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) ++ int ++ main (int argc, char **argv) ++ { ++- gpg_error_t err; +++ gpg_error_t err, delayed_err; ++ ARGPARSE_ARGS pargs; ++ enum cmd_and_opt_values cmd; ++ ++@@ -377,6 +383,28 @@ main (int argc, char **argv) ++ err = wks_cmd_remove_key (*argv); ++ break; ++ +++ case aPrintWKDHash: +++ if (!argc) +++ err = proc_userid_from_stdin (wks_cmd_print_wkd_hash, "printing hash"); +++ else +++ { +++ for (err = delayed_err = 0; !err && argc; argc--, argv++) +++ { +++ err = wks_cmd_print_wkd_hash (*argv); +++ if (gpg_err_code (err) == GPG_ERR_INV_USER_ID) +++ { +++ /* Diagnostic already printed. */ +++ delayed_err = err; +++ err = 0; +++ } +++ else if (err) +++ log_error ("printing hash failed: %s\n", gpg_strerror (err)); +++ } +++ if (!err) +++ err = delayed_err; +++ } +++ break; +++ ++ default: ++ usage (1); ++ err = 0; ++@@ -390,10 +418,63 @@ main (int argc, char **argv) ++ wks_write_status (STATUS_FAILURE, "- %u", GPG_ERR_GENERAL); ++ else ++ wks_write_status (STATUS_SUCCESS, NULL); ++- return log_get_errorcount (0)? 1:0; +++ return (err || log_get_errorcount (0))? 1:0; ++ } ++ ++ +++/* Read user ids from stdin and call FUNC for each user id. TEXT is +++ * used for error messages. */ +++static gpg_error_t +++proc_userid_from_stdin (gpg_error_t (*func)(const char *), const char *text) +++{ +++ gpg_error_t err = 0; +++ gpg_error_t delayed_err = 0; +++ char line[2048]; +++ size_t n = 0; +++ +++ /* If we are on a terminal disable buffering to get direct response. */ +++ if (gnupg_isatty (es_fileno (es_stdin)) +++ && gnupg_isatty (es_fileno (es_stdout))) +++ { +++ es_setvbuf (es_stdin, NULL, _IONBF, 0); +++ es_setvbuf (es_stdout, NULL, _IOLBF, 0); +++ } +++ +++ while (es_fgets (line, sizeof line - 1, es_stdin)) +++ { +++ n = strlen (line); +++ if (!n || line[n-1] != '\n') +++ { +++ err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG +++ : GPG_ERR_INCOMPLETE_LINE); +++ log_error ("error reading stdin: %s\n", gpg_strerror (err)); +++ break; +++ } +++ trim_spaces (line); +++ err = func (line); +++ if (gpg_err_code (err) == GPG_ERR_INV_USER_ID) +++ { +++ delayed_err = err; +++ err = 0; +++ } +++ else if (err) +++ log_error ("%s failed: %s\n", text, gpg_strerror (err)); +++ } +++ if (es_ferror (es_stdin)) +++ { +++ err = gpg_error_from_syserror (); +++ log_error ("error reading stdin: %s\n", gpg_strerror (err)); +++ goto leave; +++ } +++ +++ leave: +++ if (!err) +++ err = delayed_err; +++ return err; +++} +++ +++ +++ ++ ++ /* Add the user id UID to the key identified by FINGERPRINT. */ ++ static gpg_error_t ++diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c ++index f83ef65..2082fb8 100644 ++--- a/tools/gpg-wks-server.c +++++ b/tools/gpg-wks-server.c ++@@ -1939,7 +1939,7 @@ command_check_key (const char *userid) ++ char *addrspec = NULL; ++ char *fname = NULL; ++ ++- err = wks_fname_from_userid (userid, &fname, &addrspec); +++ err = wks_fname_from_userid (userid, 0, &fname, &addrspec); ++ if (err) ++ goto leave; ++ ++diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h ++index e369430..99969c1 100644 ++--- a/tools/gpg-wks.h +++++ b/tools/gpg-wks.h ++@@ -98,11 +98,12 @@ gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, ++ int ignore_unknown); ++ void wks_free_policy (policy_flags_t policy); ++ ++-gpg_error_t wks_fname_from_userid (const char *userid, +++gpg_error_t wks_fname_from_userid (const char *userid, int hash_only, ++ char **r_fname, char **r_addrspec); ++ gpg_error_t wks_compute_hu_fname (char **r_fname, const char *addrspec); ++ gpg_error_t wks_cmd_install_key (const char *fname, const char *userid); ++ gpg_error_t wks_cmd_remove_key (const char *userid); +++gpg_error_t wks_cmd_print_wkd_hash (const char *userid); ++ ++ ++ /*-- wks-receive.c --*/ ++diff --git a/tools/wks-util.c b/tools/wks-util.c ++index 3e48709..fee46d6 100644 ++--- a/tools/wks-util.c +++++ b/tools/wks-util.c ++@@ -749,9 +749,12 @@ write_to_file (estream_t src, const char *fname) ++ ++ ++ /* Return the filename and optionally the addrspec for USERID at ++- * R_FNAME and R_ADDRSPEC. R_ADDRSPEC might also be set on error. */ +++ * R_FNAME and R_ADDRSPEC. R_ADDRSPEC might also be set on error. If +++ * HASH_ONLY is set only the has is returned at R_FNAME and no file is +++ * created. */ ++ gpg_error_t ++-wks_fname_from_userid (const char *userid, char **r_fname, char **r_addrspec) +++wks_fname_from_userid (const char *userid, int hash_only, +++ char **r_fname, char **r_addrspec) ++ { ++ gpg_error_t err; ++ char *addrspec = NULL; ++@@ -767,7 +770,7 @@ wks_fname_from_userid (const char *userid, char **r_fname, char **r_addrspec) ++ addrspec = mailbox_from_userid (userid); ++ if (!addrspec) ++ { ++- if (opt.verbose) +++ if (opt.verbose || hash_only) ++ log_info ("\"%s\" is not a proper mail address\n", userid); ++ err = gpg_error (GPG_ERR_INV_USER_ID); ++ goto leave; ++@@ -788,11 +791,20 @@ wks_fname_from_userid (const char *userid, char **r_fname, char **r_addrspec) ++ goto leave; ++ } ++ ++- *r_fname = make_filename_try (opt.directory, domain, "hu", hash, NULL); ++- if (!*r_fname) ++- err = gpg_error_from_syserror (); +++ if (hash_only) +++ { +++ *r_fname = hash; +++ hash = NULL; +++ err = 0; +++ } ++ else ++- err = 0; +++ { +++ *r_fname = make_filename_try (opt.directory, domain, "hu", hash, NULL); +++ if (!*r_fname) +++ err = gpg_error_from_syserror (); +++ else +++ err = 0; +++ } ++ ++ leave: ++ if (r_addrspec && addrspec) ++@@ -1062,7 +1074,7 @@ wks_cmd_remove_key (const char *userid) ++ char *addrspec = NULL; ++ char *fname = NULL; ++ ++- err = wks_fname_from_userid (userid, &fname, &addrspec); +++ err = wks_fname_from_userid (userid, 0, &fname, &addrspec); ++ if (err) ++ goto leave; ++ ++@@ -1090,3 +1102,22 @@ wks_cmd_remove_key (const char *userid) ++ xfree (addrspec); ++ return err; ++ } +++ +++ +++/* Print the WKD hash for the user ids to stdout. */ +++gpg_error_t +++wks_cmd_print_wkd_hash (const char *userid) +++{ +++ gpg_error_t err; +++ char *addrspec, *fname; +++ +++ err = wks_fname_from_userid (userid, 1, &fname, &addrspec); +++ if (err) +++ return err; +++ +++ es_printf ("%s %s\n", fname, addrspec); +++ +++ xfree (fname); +++ xfree (addrspec); +++ return err; +++} diff --cc debian/patches/from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch index 0000000,0000000..226e999 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch @@@ -1,0 -1,0 +1,149 @@@ ++From: Werner Koch ++Date: Mon, 25 Mar 2019 15:13:59 +0100 ++Subject: wkd: New command --print-wkd-url for gpg-wks-client. ++ ++* tools/gpg-wks-client.c (aPrintWKDURL): New. ++(opts): Add option. ++(main): Implement. ++* tools/wks-util.c (wks_cmd_print_wkd_url): New. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 2f3eebf1865a85f8c09a1c052513260ed55acec6) ++--- ++ doc/wks.texi | 8 ++++++-- ++ tools/gpg-wks-client.c | 19 +++++++++++++++++-- ++ tools/gpg-wks.h | 1 + ++ tools/wks-util.c | 27 ++++++++++++++++++++++++++- ++ 4 files changed, 50 insertions(+), 5 deletions(-) ++ ++diff --git a/doc/wks.texi b/doc/wks.texi ++index 0c8a59a..ced418a 100644 ++--- a/doc/wks.texi +++++ b/doc/wks.texi ++@@ -101,10 +101,14 @@ fingerprint and the mailbox separated by a space. The command ++ @option{--remove-key} removes a key from that directory, its only ++ argument is a user-id. ++ ++-The command @option{--print-wkd-hash} prints a WKD user id identifier ++-and the corresponding mailbox from the user-ids given on the command +++The command @option{--print-wkd-hash} prints the WKD user-id identifiers +++and the corresponding mailboxes from the user-ids given on the command ++ line or via stdin (one user-id per line). ++ +++The command @option{--print-wkd-url} prints the URLs used to fetch the +++key for the given user-ids from WKD. The meanwhile preferred format +++with sub-domains is used here. +++ ++ @command{gpg-wks-client} is not commonly invoked directly and thus it ++ is not installed in the bin directory. Here is an example how it can ++ be invoked manually to check for a Web Key Directory entry for ++diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c ++index f1750bf..050c8aa 100644 ++--- a/tools/gpg-wks-client.c +++++ b/tools/gpg-wks-client.c ++@@ -62,6 +62,7 @@ enum cmd_and_opt_values ++ aInstallKey, ++ aRemoveKey, ++ aPrintWKDHash, +++ aPrintWKDURL, ++ ++ oGpgProgram, ++ oSend, ++@@ -93,6 +94,8 @@ static ARGPARSE_OPTS opts[] = { ++ "remove a key from a directory"), ++ ARGPARSE_c (aPrintWKDHash, "print-wkd-hash", ++ "Print the WKD identifier for the given user ids"), +++ ARGPARSE_c (aPrintWKDURL, "print-wkd-url", +++ "Print the WKD URL for the given user id"), ++ ++ ARGPARSE_group (301, ("@\nOptions:\n ")), ++ ++@@ -236,6 +239,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) ++ case aInstallKey: ++ case aRemoveKey: ++ case aPrintWKDHash: +++ case aPrintWKDURL: ++ cmd = pargs->r_opt; ++ break; ++ ++@@ -384,13 +388,24 @@ main (int argc, char **argv) ++ break; ++ ++ case aPrintWKDHash: +++ case aPrintWKDURL: ++ if (!argc) ++- err = proc_userid_from_stdin (wks_cmd_print_wkd_hash, "printing hash"); +++ { +++ if (cmd == aPrintWKDHash) +++ err = proc_userid_from_stdin (wks_cmd_print_wkd_hash, +++ "printing WKD hash"); +++ else +++ err = proc_userid_from_stdin (wks_cmd_print_wkd_url, +++ "printing WKD URL"); +++ } ++ else ++ { ++ for (err = delayed_err = 0; !err && argc; argc--, argv++) ++ { ++- err = wks_cmd_print_wkd_hash (*argv); +++ if (cmd == aPrintWKDHash) +++ err = wks_cmd_print_wkd_hash (*argv); +++ else +++ err = wks_cmd_print_wkd_url (*argv); ++ if (gpg_err_code (err) == GPG_ERR_INV_USER_ID) ++ { ++ /* Diagnostic already printed. */ ++diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h ++index 99969c1..9acd7c3 100644 ++--- a/tools/gpg-wks.h +++++ b/tools/gpg-wks.h ++@@ -104,6 +104,7 @@ gpg_error_t wks_compute_hu_fname (char **r_fname, const char *addrspec); ++ gpg_error_t wks_cmd_install_key (const char *fname, const char *userid); ++ gpg_error_t wks_cmd_remove_key (const char *userid); ++ gpg_error_t wks_cmd_print_wkd_hash (const char *userid); +++gpg_error_t wks_cmd_print_wkd_url (const char *userid); ++ ++ ++ /*-- wks-receive.c --*/ ++diff --git a/tools/wks-util.c b/tools/wks-util.c ++index fee46d6..29e9248 100644 ++--- a/tools/wks-util.c +++++ b/tools/wks-util.c ++@@ -1104,7 +1104,7 @@ wks_cmd_remove_key (const char *userid) ++ } ++ ++ ++-/* Print the WKD hash for the user ids to stdout. */ +++/* Print the WKD hash for the user id to stdout. */ ++ gpg_error_t ++ wks_cmd_print_wkd_hash (const char *userid) ++ { ++@@ -1121,3 +1121,28 @@ wks_cmd_print_wkd_hash (const char *userid) ++ xfree (addrspec); ++ return err; ++ } +++ +++ +++/* Print the WKD URL for the user id to stdout. */ +++gpg_error_t +++wks_cmd_print_wkd_url (const char *userid) +++{ +++ gpg_error_t err; +++ char *addrspec, *fname; +++ char *domain; +++ +++ err = wks_fname_from_userid (userid, 1, &fname, &addrspec); +++ if (err) +++ return err; +++ +++ domain = strchr (addrspec, '@'); +++ if (domain) +++ *domain++ = 0; +++ +++ es_printf ("https://openpgpkey.%s/.well-known/openpgpkey/%s/hu/%s?l=%s\n", +++ domain, domain, fname, addrspec); +++ +++ xfree (fname); +++ xfree (addrspec); +++ return err; +++} diff --cc debian/patches/from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch index 0000000,0000000..4a47f29 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch @@@ -1,0 -1,0 +1,31 @@@ ++From: NIIBE Yutaka ++Date: Tue, 21 May 2019 15:50:28 +0900 ++Subject: agent: For SSH key, don't put NUL-byte at the end. ++ ++* agent/command-ssh.c (ssh_key_to_protected_buffer): Update ++the length by the second call of gcry_sexp_sprint. ++ ++-- ++ ++GnuPG-bug-id: 4502 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 6e39541f4f488fe59eac399bad18c465f373a784) ++--- ++ agent/command-ssh.c | 4 ++-- ++ 1 file changed, 2 insertions(+), 2 deletions(-) ++ ++diff --git a/agent/command-ssh.c b/agent/command-ssh.c ++index 9255830..ce621f7 100644 ++--- a/agent/command-ssh.c +++++ b/agent/command-ssh.c ++@@ -3033,8 +3033,8 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase, ++ goto out; ++ } ++ ++- gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n); ++- /* FIXME: guarantee? */ +++ buffer_new_n = gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, +++ buffer_new, buffer_new_n); ++ ++ if (*passphrase) ++ err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1); diff --cc debian/patches/from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch index 0000000,0000000..9fb1f28 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch @@@ -1,0 -1,0 +1,61 @@@ ++From: NIIBE Yutaka ++Date: Thu, 23 May 2019 10:15:18 +0900 ++Subject: agent: Stop scdaemon after reload when disable_scdaemon. ++ ++* agent/call-scd.c (agent_card_killscd): New. ++* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd. ++ ++-- ++ ++GnuPG-bug-id: 4326 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd) ++--- ++ agent/agent.h | 1 + ++ agent/call-scd.c | 9 +++++++++ ++ agent/gpg-agent.c | 3 +++ ++ 3 files changed, 13 insertions(+) ++ ++diff --git a/agent/agent.h b/agent/agent.h ++index b07ea57..f047757 100644 ++--- a/agent/agent.h +++++ b/agent/agent.h ++@@ -598,6 +598,7 @@ int agent_card_scd (ctrl_t ctrl, const char *cmdline, ++ int (*getpin_cb)(void *, const char *, ++ const char *, char*, size_t), ++ void *getpin_cb_arg, void *assuan_context); +++void agent_card_killscd (void); ++ ++ ++ /*-- learncard.c --*/ ++diff --git a/agent/call-scd.c b/agent/call-scd.c ++index e852c0d..ee69bb4 100644 ++--- a/agent/call-scd.c +++++ b/agent/call-scd.c ++@@ -1326,3 +1326,12 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, ++ ++ return unlock_scd (ctrl, 0); ++ } +++ +++void +++agent_card_killscd (void) +++{ +++ if (primary_scd_ctx == NULL) +++ return; +++ assuan_transact (primary_scd_ctx, "KILLSCD", +++ NULL, NULL, NULL, NULL, NULL, NULL); +++} ++diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c ++index d68b5ad..16aa0d4 100644 ++--- a/agent/gpg-agent.c +++++ b/agent/gpg-agent.c ++@@ -2452,6 +2452,9 @@ agent_sighup_action (void) ++ "pinentry" binary that one can be used in case the ++ "pinentry-basic" fallback was in use. */ ++ gnupg_module_name_flush_some (); +++ +++ if (opt.disable_scdaemon) +++ agent_card_killscd (); ++ } ++ ++ diff --cc debian/patches/from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch index 0000000,0000000..91b635d new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch @@@ -1,0 -1,0 +1,63 @@@ ++From: Daniel Kahn Gillmor ++Date: Tue, 14 May 2019 00:05:42 -0400 ++Subject: agent: correct length for uri and comment on 64-bit big-endian ++ platforms ++ ++* agent/findkey.c (agent_public_key_from_file): pass size_t as int to ++gcry_sexp_build_array's %b. ++ ++-- ++ ++This is only a problem on big-endian systems where size_t is not the ++same size as an int. It was causing failures on debian's s390x, ++powerpc64, and sparc64 platforms. ++ ++There may well be other failures with %b on those platforms in the ++codebase, and it probably needs an audit. ++ ++Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment ++or a uri of reasonable length associated with it, this fix can be ++tested with: ++ ++ gpg-agent --server <<<"READKEY $KEYGRIP" ++ ++On the failing platforms, the printed comment will be of length 0. ++ ++Gnupg-bug-id: 4501 ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit 110932925ba8e0169da18d7774440f8d1fd8a344) ++--- ++ agent/findkey.c | 7 +++++-- ++ 1 file changed, 5 insertions(+), 2 deletions(-) ++ ++diff --git a/agent/findkey.c b/agent/findkey.c ++index 89a18fa..bdb6ab4 100644 ++--- a/agent/findkey.c +++++ b/agent/findkey.c ++@@ -1230,6 +1230,7 @@ agent_public_key_from_file (ctrl_t ctrl, ++ gcry_sexp_t uri_sexp, comment_sexp; ++ const char *uri, *comment; ++ size_t uri_length, comment_length; +++ int uri_intlen, comment_intlen; ++ char *format, *p; ++ void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2 ++ for comment + end-of-list. */ ++@@ -1311,14 +1312,16 @@ agent_public_key_from_file (ctrl_t ctrl, ++ { ++ p = stpcpy (p, "(uri %b)"); ++ assert (argidx+1 < DIM (args)); ++- args[argidx++] = (void *)&uri_length; +++ uri_intlen = (int)uri_length; +++ args[argidx++] = (void *)&uri_intlen; ++ args[argidx++] = (void *)&uri; ++ } ++ if (comment) ++ { ++ p = stpcpy (p, "(comment %b)"); ++ assert (argidx+1 < DIM (args)); ++- args[argidx++] = (void *)&comment_length; +++ comment_intlen = (int)comment_length; +++ args[argidx++] = (void *)&comment_intlen; ++ args[argidx++] = (void*)&comment; ++ } ++ *p++ = ')'; diff --cc debian/patches/from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch index 0000000,0000000..93370e7 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch @@@ -1,0 -1,0 +1,43 @@@ ++From: Werner Koch ++Date: Thu, 9 May 2019 14:49:59 +0200 ++Subject: dirmngr: Add a CSRF expection for pm.me ++ ++-- ++ ++Also comment typo fix. ++ ++(cherry picked from commit 7c4029110ab45d02e746ddcc13a87952ca0099f5) ++--- ++ agent/command.c | 4 ++-- ++ dirmngr/http.c | 3 ++- ++ 2 files changed, 4 insertions(+), 3 deletions(-) ++ ++diff --git a/agent/command.c b/agent/command.c ++index 41fb394..cf8a2e4 100644 ++--- a/agent/command.c +++++ b/agent/command.c ++@@ -1231,8 +1231,8 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, ++ } ++ ++ ++-/* Entry int for the command KEYINFO. This function handles the ++- command option processing. For details see hlp_keyinfo above. */ +++/* Entry into the command KEYINFO. This function handles the +++ * command option processing. For details see hlp_keyinfo above. */ ++ static gpg_error_t ++ cmd_keyinfo (assuan_context_t ctx, char *line) ++ { ++diff --git a/dirmngr/http.c b/dirmngr/http.c ++index 7fdd06a..384f256 100644 ++--- a/dirmngr/http.c +++++ b/dirmngr/http.c ++@@ -3530,7 +3530,8 @@ same_host_p (parsed_uri_t a, parsed_uri_t b) ++ { "protonmail.com", "api.protonmail.com" }, ++ { NULL, "api.protonmail.ch" }, ++ { "protonmail.ch", "api.protonmail.com" }, ++- { NULL, "api.protonmail.ch" } +++ { NULL, "api.protonmail.ch" }, +++ { "pm.me", "api.protonmail.ch" } ++ }; ++ int i; ++ const char *from; diff --cc debian/patches/from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch index 0000000,0000000..ffe9825 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch @@@ -1,0 -1,0 +1,235 @@@ ++From: Werner Koch ++Date: Tue, 28 May 2019 12:27:00 +0200 ++Subject: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP. ++ ++* dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval, ++r_produced_at, and r_md. Get the hash algo from the signature and ++create the context here. ++(check_signature): Allow any hash algo. Print a diagnostic if the ++signature does not verify. ++-- ++ ++GnuPG-bug-id: 3966 ++Signed-off-by: Werner Koch ++(cherry picked from commit 5281ecbe3ae8364407d9831243b81d664b040805) ++--- ++ dirmngr/ocsp.c | 105 +++++++++++++++++++++++++++++++++++++++++++-------------- ++ 1 file changed, 80 insertions(+), 25 deletions(-) ++ ++diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c ++index 7edac80..13e6120 100644 ++--- a/dirmngr/ocsp.c +++++ b/dirmngr/ocsp.c ++@@ -116,10 +116,15 @@ read_response (estream_t fp, unsigned char **r_buffer, size_t *r_buflen) ++ ++ /* Construct an OCSP request, send it to the configured OCSP responder ++ and parse the response. On success the OCSP context may be used to ++- further process the response. */ +++ further process the response. The signature value and the +++ production date are returned at R_SIGVAL and R_PRODUCED_AT; they +++ may be NULL or an empty string if not available. A new hash +++ context is returned at R_MD. */ ++ static gpg_error_t ++-do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, ++- const char *url, ksba_cert_t cert, ksba_cert_t issuer_cert) +++do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, +++ const char *url, ksba_cert_t cert, ksba_cert_t issuer_cert, +++ ksba_sexp_t *r_sigval, ksba_isotime_t r_produced_at, +++ gcry_md_hd_t *r_md) ++ { ++ gpg_error_t err; ++ unsigned char *request, *response; ++@@ -132,6 +137,10 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, ++ ++ (void)ctrl; ++ +++ *r_sigval = NULL; +++ *r_produced_at = 0; +++ *r_md = NULL; +++ ++ if (dirmngr_use_tor ()) ++ { ++ /* For now we do not allow OCSP via Tor due to possible privacy ++@@ -263,6 +272,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, ++ xfree (free_this); ++ return err; ++ } +++ /* log_printhex (response, responselen, "ocsp response"); */ ++ ++ err = ksba_ocsp_parse_response (ocsp, response, responselen, ++ &response_status); ++@@ -290,11 +300,34 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, ++ } ++ if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS) ++ { +++ int hash_algo; +++ ++ if (opt.verbose) ++ log_info (_("OCSP responder at '%s' status: %s\n"), url, t); ++ +++ /* Get the signature value now because we can all this fucntion +++ * only once. */ +++ *r_sigval = ksba_ocsp_get_sig_val (ocsp, r_produced_at); +++ +++ hash_algo = hash_algo_from_sigval (*r_sigval); +++ if (!hash_algo) +++ { +++ if (opt.verbose) +++ log_info ("ocsp: using SHA-256 as fallback hash algo.\n"); +++ hash_algo = GCRY_MD_SHA256; +++ } +++ err = gcry_md_open (r_md, hash_algo, 0); +++ if (err) +++ { +++ log_error (_("failed to establish a hashing context for OCSP: %s\n"), +++ gpg_strerror (err)); +++ goto leave; +++ } +++ if (DBG_HASHING) +++ gcry_md_debug (*r_md, "ocsp"); +++ ++ err = ksba_ocsp_hash_response (ocsp, response, responselen, ++- HASH_FNC, md); +++ HASH_FNC, *r_md); ++ if (err) ++ log_error (_("hashing the OCSP response for '%s' failed: %s\n"), ++ url, gpg_strerror (err)); ++@@ -305,8 +338,17 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, ++ err = gpg_error (GPG_ERR_GENERAL); ++ } ++ +++ leave: ++ xfree (response); ++ xfree (free_this); +++ if (err) +++ { +++ xfree (*r_sigval); +++ *r_sigval = NULL; +++ *r_produced_at = 0; +++ gcry_md_close (*r_md); +++ *r_md = NULL; +++ } ++ return err; ++ } ++ ++@@ -391,7 +433,7 @@ check_signature_core (ctrl_t ctrl, ksba_cert_t cert, gcry_sexp_t s_sig, ++ ++ /* We simply ignore all errors. */ ++ gcry_sexp_release (s_pkey); ++- return -1; +++ return err; ++ } ++ ++ ++@@ -410,18 +452,27 @@ check_signature (ctrl_t ctrl, ++ int algo, cert_idx; ++ gcry_sexp_t s_hash; ++ ksba_cert_t cert; +++ const char *s; ++ ++ /* Create a suitable S-expression with the hash value of our response. */ ++ gcry_md_final (md); ++ algo = gcry_md_get_algo (md); ++- if (algo != GCRY_MD_SHA1 ) +++ s = gcry_md_algo_name (algo); +++ if (algo && s && strlen (s) < 16) ++ { ++- log_error (_("only SHA-1 is supported for OCSP responses\n")); ++- return gpg_error (GPG_ERR_DIGEST_ALGO); +++ char hashalgostr[16+1]; +++ int i; +++ +++ for (i=0; s[i]; i++) +++ hashalgostr[i] = ascii_tolower (s[i]); +++ hashalgostr[i] = 0; +++ err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))", +++ hashalgostr, +++ (int)gcry_md_get_algo_dlen (algo), +++ gcry_md_read (md, algo)); ++ } ++- err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash sha1 %b))", ++- gcry_md_get_algo_dlen (algo), ++- gcry_md_read (md, algo)); +++ else +++ err = gpg_error (GPG_ERR_DIGEST_ALGO); ++ if (err) ++ { ++ log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err)); ++@@ -465,6 +516,7 @@ check_signature (ctrl_t ctrl, ++ { ++ cert_ref_t cref; ++ +++ /* dump_cert ("from ocsp response", cert); */ ++ cref = xtrymalloc (sizeof *cref); ++ if (!cref) ++ log_error (_("allocating list item failed: %s\n"), ++@@ -500,8 +552,6 @@ check_signature (ctrl_t ctrl, ++ } ++ log_printf ("not found\n"); ++ } ++- ksba_free (name); ++- ksba_free (keyid); ++ ++ if (cert) ++ { ++@@ -510,10 +560,24 @@ check_signature (ctrl_t ctrl, ++ ksba_cert_release (cert); ++ if (!err) ++ { +++ ksba_free (name); +++ ksba_free (keyid); ++ gcry_sexp_release (s_hash); ++ return 0; /* Successfully verified the signature. */ ++ } +++ log_error ("responder certificate "); +++ if (name) +++ log_printf ("'/%s' ", name); +++ if (keyid) +++ { +++ log_printf ("{"); +++ dump_serial (keyid); +++ log_printf ("} "); +++ } +++ log_printf ("did not verify: %s\n", gpg_strerror (err)); ++ } +++ ksba_free (name); +++ ksba_free (keyid); ++ } ++ ++ gcry_sexp_release (s_hash); ++@@ -588,8 +652,6 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, ++ goto leave; ++ } ++ ++- ++- ++ /* Figure out the OCSP responder to use. ++ 1. Try to get the reponder from the certificate. ++ We do only take http and https style URIs into account. ++@@ -646,14 +708,8 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, ++ } ++ ++ /* Ask the OCSP responder. */ ++- err = gcry_md_open (&md, GCRY_MD_SHA1, 0); ++- if (err) ++- { ++- log_error (_("failed to establish a hashing context for OCSP: %s\n"), ++- gpg_strerror (err)); ++- goto leave; ++- } ++- err = do_ocsp_request (ctrl, ocsp, md, url, cert, issuer_cert); +++ err = do_ocsp_request (ctrl, ocsp, url, cert, issuer_cert, +++ &sigval, produced_at, &md); ++ if (err) ++ goto leave; ++ ++@@ -685,8 +741,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, ++ } ++ ++ /* We got a useful answer, check that the answer has a valid signature. */ ++- sigval = ksba_ocsp_get_sig_val (ocsp, produced_at); ++- if (!sigval || !*produced_at) +++ if (!sigval || !*produced_at || !md) ++ { ++ err = gpg_error (GPG_ERR_INV_OBJ); ++ goto leave; diff --cc debian/patches/from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch index 0000000,0000000..9c388b9 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch @@@ -1,0 -1,0 +1,62 @@@ ++From: Werner Koch ++Date: Fri, 29 Mar 2019 14:20:47 +0100 ++Subject: dirmngr: Better error code for http status 413. ++ ++* dirmngr/ks-engine-hkp.c (send_request): New case for 413. ++* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. ++* dirmngr/ocsp.c (do_ocsp_request): Ditto. ++-- ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 0a30ce036a615bc95382e0640d185b031f8c6a63) ++--- ++ dirmngr/ks-engine-hkp.c | 4 ++++ ++ dirmngr/ks-engine-http.c | 4 ++++ ++ dirmngr/ocsp.c | 4 ++++ ++ 3 files changed, 12 insertions(+) ++ ++diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c ++index 68d2064..8754a6b 100644 ++--- a/dirmngr/ks-engine-hkp.c +++++ b/dirmngr/ks-engine-hkp.c ++@@ -1266,6 +1266,10 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, ++ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); ++ goto leave; ++ +++ case 413: /* Payload too large */ +++ err = gpg_error (GPG_ERR_TOO_LARGE); +++ goto leave; +++ ++ default: ++ log_error (_("error accessing '%s': http status %u\n"), ++ request, http_get_status_code (http)); ++diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c ++index 1abb350..a9600db 100644 ++--- a/dirmngr/ks-engine-http.c +++++ b/dirmngr/ks-engine-http.c ++@@ -174,6 +174,10 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags, ++ } ++ goto once_more; ++ +++ case 413: /* Payload too large */ +++ err = gpg_error (GPG_ERR_TOO_LARGE); +++ goto leave; +++ ++ default: ++ log_error (_("error accessing '%s': http status %u\n"), ++ url, http_get_status_code (http)); ++diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c ++index 2067b7b..7edac80 100644 ++--- a/dirmngr/ocsp.c +++++ b/dirmngr/ocsp.c ++@@ -238,6 +238,10 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, ++ } ++ break; ++ +++ case 413: /* Payload too large */ +++ err = gpg_error (GPG_ERR_TOO_LARGE); +++ break; +++ ++ default: ++ log_error (_("error accessing '%s': http status %u\n"), ++ url, http_get_status_code (http)); diff --cc debian/patches/from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch index 0000000,0000000..7847e10 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch @@@ -1,0 -1,0 +1,82 @@@ ++From: Werner Koch ++Date: Wed, 15 May 2019 09:18:28 +0200 ++Subject: doc: Do not mention gpg's deprecated --keyserver option. ++ ++-- ++GnuPG-bug-id: 4466 ++ ++(cherry picked from commit 0d669a360c6e6729e2423534847a5ad47830bb9a) ++--- ++ doc/gpg.texi | 34 +++++++++++++++------------------- ++ 1 file changed, 15 insertions(+), 19 deletions(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index e3efb3d..7858baf 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -434,9 +434,8 @@ file given with option @option{--output}. Use together with ++ @item --send-keys @var{keyIDs} ++ @opindex send-keys ++ Similar to @option{--export} but sends the keys to a keyserver. ++-Fingerprints may be used instead of key IDs. Option ++-@option{--keyserver} must be used to give the name of this ++-keyserver. Don't send your complete keyring to a keyserver --- select +++Fingerprints may be used instead of key IDs. +++Don't send your complete keyring to a keyserver --- select ++ only those keys which are new or changed by you. If no @var{keyIDs} ++ are given, @command{@gpgname} does nothing. ++ ++@@ -491,27 +490,25 @@ signatures, user-IDs and subkeys. ++ @opindex receive-keys ++ @itemx --recv-keys @var{keyIDs} ++ @opindex recv-keys ++-Import the keys with the given @var{keyIDs} from a keyserver. Option ++-@option{--keyserver} must be used to give the name of this keyserver. +++Import the keys with the given @var{keyIDs} from a keyserver. ++ ++ @item --refresh-keys ++ @opindex refresh-keys ++ Request updates from a keyserver for keys that already exist on the ++ local keyring. This is useful for updating a key with the latest ++ signatures, user IDs, etc. Calling this with no arguments will refresh ++-the entire keyring. Option @option{--keyserver} must be used to give the ++-name of the keyserver for all keys that do not have preferred keyservers ++-set (see @option{--keyserver-options honor-keyserver-url}). +++the entire keyring. ++ ++ @item --search-keys @var{names} ++ @opindex search-keys ++-Search the keyserver for the given @var{names}. Multiple names given here will ++-be joined together to create the search string for the keyserver. ++-Option @option{--keyserver} must be used to give the name of this ++-keyserver. Keyservers that support different search methods allow using ++-the syntax specified in "How to specify a user ID" below. Note that ++-different keyserver types support different search methods. Currently ++-only LDAP supports them all. +++Search the keyserver for the given @var{names}. Multiple names given +++here will be joined together to create the search string for the +++keyserver. Note that keyservers search for @var{names} in a different +++and simpler way than gpg does. The best choice is to use a mail +++address. Due to data privacy reasons keyservers may even not even +++allow searching by user id or mail address and thus may only return +++results when being used with the @option{--recv-key} command to +++search by key fingerprint or keyid. ++ ++ @item --fetch-keys @var{URIs} ++ @opindex fetch-keys ++@@ -1766,12 +1763,11 @@ list. The default is "local,wkd". ++ PGP Universal method of checking @samp{ldap://keys.(thedomain)}. ++ ++ @item keyserver ++- Locate a key using whatever keyserver is defined using the ++- @option{--keyserver} option. +++ Locate a key using a keyserver. ++ ++ @item keyserver-URL ++- In addition, a keyserver URL as used in the @option{--keyserver} option ++- may be used here to query that particular keyserver. +++ In addition, a keyserver URL as used in the @command{dirmngr} +++ configuration may be used here to query that particular keyserver. ++ ++ @item local ++ Locate the key using the local keyrings. This mechanism allows the user to diff --cc debian/patches/from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch index 0000000,0000000..d22f9fa new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch @@@ -1,0 -1,0 +1,31 @@@ ++From: Werner Koch ++Date: Fri, 3 May 2019 16:15:04 +0200 ++Subject: doc: Minor doc fix to dirmngr. ++ ++-- ++ ++Reported-by: dkg ++(cherry picked from commit 781d2c5c8995b92e58fcf344fa8931523583f537) ++--- ++ doc/dirmngr.texi | 4 +--- ++ 1 file changed, 1 insertion(+), 3 deletions(-) ++ ++diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi ++index 742658e..8e6cbc6 100644 ++--- a/doc/dirmngr.texi +++++ b/doc/dirmngr.texi ++@@ -251,7 +251,7 @@ The option @option{--use-tor} switches Dirmngr and thus GnuPG into ++ ``Tor mode'' to route all network access via Tor (an anonymity ++ network). Certain other features are disabled in this mode. The ++ effect of @option{--use-tor} cannot be overridden by any other command ++-or even be reloading gpg-agent. The use of @option{--no-use-tor} +++or even by reloading dirmngr. The use of @option{--no-use-tor} ++ disables the use of Tor. The default is to use Tor if it is available ++ on startup or after reloading dirmngr. ++ ++@@ -1179,5 +1179,3 @@ as a binary blob. ++ @c used for this. The first one starts a search and the second one is ++ @c used to retrieve certificate after certificate. ++ @c ++- ++- diff --cc debian/patches/from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch index 0000000,0000000..df6741e new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch @@@ -1,0 -1,0 +1,27 @@@ ++From: Werner Koch ++Date: Tue, 14 May 2019 10:07:06 +0200 ++Subject: doc: Minor edit for a gpg option. ++ ++-- ++GnuPG-bug-id: 4507 ++ ++(cherry picked from commit 49a679eb3596ef273afacb49ef9044c4a063694b) ++--- ++ doc/gpg.texi | 4 ++-- ++ 1 file changed, 2 insertions(+), 2 deletions(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index 22813c7..e3efb3d 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -1330,8 +1330,8 @@ give the opposite meaning. The options are: ++ ++ @item show-only-fpr-mbox ++ @opindex list-options:show-only-fpr-mbox ++- For each valid user-id which also has a valid mail address print ++- only the fingerprint and the mail address. +++ For each user-id which has a valid mail address print +++ only the fingerprint followed by the mail address. ++ @end table ++ ++ @item --verify-options @var{parameters} diff --cc debian/patches/from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch index 0000000,0000000..a0dc31d new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch @@@ -1,0 -1,0 +1,35 @@@ ++From: Daniel Kahn Gillmor ++Date: Fri, 10 May 2019 12:39:45 -0400 ++Subject: doc: correct documentation for gpgconf --kill ++ ++* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill. ++ ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016) ++(cherry picked from commit be116f871dbf14dd44d3a7909c2a052f8979c480) ++--- ++ doc/tools.texi | 11 ++++++----- ++ 1 file changed, 6 insertions(+), 5 deletions(-) ++ ++diff --git a/doc/tools.texi b/doc/tools.texi ++index 6256c05..b1e8b0b 100644 ++--- a/doc/tools.texi +++++ b/doc/tools.texi ++@@ -352,11 +352,12 @@ may use this command to ensure that they are started. Using "all" for ++ ++ @item --kill [@var{component}] ++ @opindex kill ++-Kill the given component. Components which support killing are ++-@command{gpg-agent} and @command{scdaemon}. Components which don't ++-support reloading are ignored. Using "all" for @var{component} kills ++-all components running as daemons. Note that as of now reload and ++-kill have the same effect for @command{scdaemon}. +++Kill the given component that runs as a daemon, including +++@command{gpg-agent}, @command{dirmngr}, and @command{scdaemon}. A +++@command{component} which does not run as a daemon will be ignored. +++Using "all" for @var{component} kills all components running as +++daemons. Note that as of now reload and kill have the same effect for +++@command{scdaemon}. ++ ++ @item --create-socketdir ++ @opindex create-socketdir diff --cc debian/patches/from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch index 0000000,0000000..959e2df new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch @@@ -1,0 -1,0 +1,44 @@@ ++From: Andre Heinecke ++Date: Thu, 18 Apr 2019 13:19:05 +0200 ++Subject: g10: Fix double free when locating by mbox ++ ++* g10/getkey.c (get_best_pubkey_byname): Set new.uid always ++to NULL after use. ++ ++-- ++pubkey_cmp is not guranteed to set new.uid. ++So if the diff < 0 case is reached best is set to new. ++ ++If then diff > 0 is reached without modifying new.uid ++e.g. if the key has no matching mboxes. new.uid is ++free'd even though the uid is still referenced in ++best. ++ ++GnuPG-Bug-Id: T4462 ++(cherry picked from commit e57954ed278cb5e6e725005b1ecaf7ce70006ce0) ++(cherry picked from commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1) ++--- ++ g10/getkey.c | 3 +-- ++ 1 file changed, 1 insertion(+), 2 deletions(-) ++ ++diff --git a/g10/getkey.c b/g10/getkey.c ++index c4afe45..1b699a4 100644 ++--- a/g10/getkey.c +++++ b/g10/getkey.c ++@@ -1495,15 +1495,14 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk, ++ /* Old key is better. */ ++ release_public_key_parts (&new.key); ++ free_user_id (new.uid); ++- new.uid = NULL; ++ } ++ else ++ { ++ /* A tie. Keep the old key. */ ++ release_public_key_parts (&new.key); ++ free_user_id (new.uid); ++- new.uid = NULL; ++ } +++ new.uid = NULL; ++ } ++ getkey_end (ctrl, ctx); ++ ctx = NULL; diff --cc debian/patches/from-2.2.16/g10-Fix-possible-null-dereference.patch index 0000000,0000000..200f891 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/g10-Fix-possible-null-dereference.patch @@@ -1,0 -1,0 +1,35 @@@ ++From: NIIBE Yutaka ++Date: Tue, 14 May 2019 11:20:07 +0900 ++Subject: g10: Fix possible null dereference. ++ ++* g10/armor.c (armor_filter): Access ->d in the internal loop. ++ ++-- ++ ++Cherry-picked master commit of: ++ 802a2aa300bad3d4385d17a2deeb0966da4e737d ++ ++GnuPG-bug-id: 4494 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3) ++--- ++ g10/armor.c | 4 ++-- ++ 1 file changed, 2 insertions(+), 2 deletions(-) ++ ++diff --git a/g10/armor.c b/g10/armor.c ++index cc80968..36215a3 100644 ++--- a/g10/armor.c +++++ b/g10/armor.c ++@@ -1156,10 +1156,10 @@ armor_filter( void *opaque, int control, ++ } ++ ++ /* write the comment strings */ ++- for(s=comment->d;comment;comment=comment->next,s=comment->d) +++ for(;comment;comment=comment->next) ++ { ++ iobuf_writestr(a, "Comment: " ); ++- for( ; *s; s++ ) +++ for( s=comment->d; *s; s++ ) ++ { ++ if( *s == '\n' ) ++ iobuf_writestr(a, "\\n" ); diff --cc debian/patches/from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch index 0000000,0000000..bbd5401 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch @@@ -1,0 -1,0 +1,46 @@@ ++From: NIIBE Yutaka ++Date: Wed, 13 Mar 2019 09:12:14 +0900 ++Subject: g10: Fix symmetric cipher algo constant for ECDH. ++ ++* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for ++ECC strength 384, according to RFC-6637. ++ ++-- ++ ++Reported-by: Trevor Bentley ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c) ++(cherry picked from commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e) ++--- ++ g10/ecdh.c | 2 +- ++ scd/app-openpgp.c | 4 ++-- ++ 2 files changed, 3 insertions(+), 3 deletions(-) ++ ++diff --git a/g10/ecdh.c b/g10/ecdh.c ++index 6c2a56b..dcb3cde 100644 ++--- a/g10/ecdh.c +++++ b/g10/ecdh.c ++@@ -39,7 +39,7 @@ static const struct ++ /* Note: Must be sorted by ascending values for QBITS. */ ++ { ++ { 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES }, ++- { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 }, +++ { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES192 }, ++ ++ /* Note: 528 is 521 rounded to the 8 bit boundary */ ++ { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } ++diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c ++index fa23fbe..e4a1fba 100644 ++--- a/scd/app-openpgp.c +++++ b/scd/app-openpgp.c ++@@ -1442,8 +1442,8 @@ ecdh_params (const char *curve) ++ /* See RFC-6637 for those constants. ++ 0x03: Number of bytes ++ 0x01: Version for this parameter format ++- KDF algo ++- KEK algo +++ KDF hash algo +++ KEK symmetric cipher algo ++ */ ++ if (nbits <= 256) ++ return (const unsigned char*)"\x03\x01\x08\x07"; diff --cc debian/patches/from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch index 0000000,0000000..f347305 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch @@@ -1,0 -1,0 +1,33 @@@ ++From: Werner Koch ++Date: Thu, 11 Apr 2019 09:54:28 +0200 ++Subject: gpg: Accept also armored data from the WKD. ++ ++* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR. ++-- ++ ++We may even adjust the specs to allow that. It should not be a ++problem for any OpenPGP implementation because armored keys are very ++common and de-armoring code is de-facto a mandatory feature. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455) ++--- ++ g10/keyserver.c | 5 +++-- ++ 1 file changed, 3 insertions(+), 2 deletions(-) ++ ++diff --git a/g10/keyserver.c b/g10/keyserver.c ++index 8509d83..865e1e9 100644 ++--- a/g10/keyserver.c +++++ b/g10/keyserver.c ++@@ -2072,8 +2072,9 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick, ++ int armor_status = opt.no_armor; ++ import_filter_t save_filt; ++ ++- /* Keys returned via WKD are in binary format. */ ++- opt.no_armor = 1; +++ /* Keys returned via WKD are in binary format. However, we +++ * relax that requirement and allow also for armored data. */ +++ opt.no_armor = 0; ++ save_filt = save_and_clear_import_filter (); ++ if (!save_filt) ++ err = gpg_error_from_syserror (); diff --cc debian/patches/from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch index 0000000,0000000..aa34d0a new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch @@@ -1,0 -1,0 +1,279 @@@ ++From: Werner Koch ++Date: Mon, 27 May 2019 10:40:38 +0200 ++Subject: gpg: Allow deletion of subkeys with --delete-[secret-]key. ++ ++* common/userids.c (classify_user_id): Do not set the EXACT flag in ++the default case. ++* g10/export.c (exact_subkey_match_p): Make static, ++* g10/delkey.c (do_delete_key): Implement subkey only deleting. ++-- ++ ++GnuPG-bug-id: 4457 ++(cherry picked from commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a) ++--- ++ common/userids.c | 7 ++-- ++ doc/gpg.texi | 10 ++++-- ++ g10/delkey.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++---- ++ g10/export.c | 4 +-- ++ g10/main.h | 2 ++ ++ 5 files changed, 113 insertions(+), 13 deletions(-) ++ ++diff --git a/common/userids.c b/common/userids.c ++index 01f2cd8..00f26b7 100644 ++--- a/common/userids.c +++++ b/common/userids.c ++@@ -351,8 +351,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) ++ } ++ else if (!hexprefix) ++ { ++- /* The fingerprint in an X.509 listing is often delimited by ++- colons, so we try to single this case out. */ +++ /* The fingerprint of an X.509 listing is often delimited by +++ * colons, so we try to single this case out. Note that the +++ * OpenPGP bang suffix is not supported here. */ +++ desc->exact = 0; ++ mode = 0; ++ hexlength = strspn (s, ":0123456789abcdefABCDEF"); ++ if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) ++@@ -414,7 +416,6 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) ++ } ++ if (!mode) /* Default to substring search. */ ++ { ++- desc->exact = 0; ++ desc->u.name = s; ++ mode = KEYDB_SEARCH_MODE_SUBSTR; ++ } ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index 7858baf..9853f69 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -404,7 +404,10 @@ functionality is also available as the subcommand "passwd" with the ++ @opindex delete-keys ++ Remove key from the public keyring. In batch mode either @option{--yes} is ++ required or the key must be specified by fingerprint. This is a ++-safeguard against accidental deletion of multiple keys. +++safeguard against accidental deletion of multiple keys. If the +++exclamation mark syntax is used with the fingerprint of a subkey only +++that subkey is deleted; if the exclamation mark is used with the +++fingerprint of the primary key the entire public key is deleted. ++ ++ @item --delete-secret-keys @var{name} ++ @opindex delete-secret-keys ++@@ -413,7 +416,10 @@ specified by fingerprint. The option @option{--yes} can be used to ++ advice gpg-agent not to request a confirmation. This extra ++ pre-caution is done because @command{@gpgname} can't be sure that the ++ secret key (as controlled by gpg-agent) is only used for the given ++-OpenPGP public key. +++OpenPGP public key. If the exclamation mark syntax is used with the +++fingerprint of a subkey only the secret part of that subkey is +++deleted; if the exclamation mark is used with the fingerprint of the +++primary key only the secret part of the primary key is deleted. ++ ++ ++ @item --delete-secret-and-public-key @var{name} ++diff --git a/g10/delkey.c b/g10/delkey.c ++index 461a2c8..e91acb0 100644 ++--- a/g10/delkey.c +++++ b/g10/delkey.c ++@@ -1,7 +1,7 @@ ++ /* delkey.c - delete keys ++ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, ++ * 2005, 2006 Free Software Foundation, Inc. ++- * Copyright (C) 2014 Werner Koch +++ * Copyright (C) 2014, 2019 Werner Koch ++ * ++ * This file is part of GnuPG. ++ * ++@@ -53,13 +53,15 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ gpg_error_t err; ++ kbnode_t keyblock = NULL; ++ kbnode_t node, kbctx; +++ kbnode_t targetnode; ++ KEYDB_HANDLE hd; ++ PKT_public_key *pk = NULL; ++ u32 keyid[2]; ++ int okay=0; ++ int yes; ++ KEYDB_SEARCH_DESC desc; ++- int exactmatch; +++ int exactmatch; /* True if key was found by fingerprint. */ +++ int thiskeyonly; /* 0 = false, 1 = is primary key, 2 = is a subkey. */ ++ ++ *r_sec_avail = 0; ++ ++@@ -72,6 +74,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR ++ || desc.mode == KEYDB_SEARCH_MODE_FPR16 ++ || desc.mode == KEYDB_SEARCH_MODE_FPR20); +++ thiskeyonly = desc.exact; ++ if (!err) ++ err = keydb_search (hd, &desc, 1, NULL); ++ if (err) ++@@ -97,7 +100,35 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ err = gpg_error (GPG_ERR_GENERAL); ++ goto leave; ++ } ++- pk = node->pkt->pkt.public_key; +++ +++ /* If an operation only on a subkey is requested, find that subkey +++ * now. */ +++ if (thiskeyonly) +++ { +++ kbnode_t tmpnode; +++ +++ for (kbctx=NULL; (tmpnode = walk_kbnode (keyblock, &kbctx, 0)); ) +++ { +++ if (!(tmpnode->pkt->pkttype == PKT_PUBLIC_KEY +++ || tmpnode->pkt->pkttype == PKT_PUBLIC_SUBKEY)) +++ continue; +++ if (exact_subkey_match_p (&desc, tmpnode)) +++ break; +++ } +++ if (!tmpnode) +++ { +++ log_error ("Oops; requested subkey not found anymore!\n"); +++ err = gpg_error (GPG_ERR_GENERAL); +++ goto leave; +++ } +++ /* Set NODE to this specific subkey or primary key. */ +++ thiskeyonly = node == tmpnode? 1 : 2; +++ targetnode = tmpnode; +++ } +++ else +++ targetnode = node; +++ +++ pk = targetnode->pkt->pkt.public_key; ++ keyid_from_pk (pk, keyid); ++ ++ if (!secret && !force) ++@@ -143,6 +174,32 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ print_pubkey_info (ctrl, NULL, pk ); ++ tty_printf( "\n" ); ++ +++ if (thiskeyonly == 1 && !secret) +++ { +++ /* We need to delete the entire public key despite the use +++ * of the thiskeyonly request. */ +++ tty_printf (_("Note: The public primary key and all its subkeys" +++ " will be deleted.\n")); +++ } +++ else if (thiskeyonly == 2 && !secret) +++ { +++ tty_printf (_("Note: Only the shown public subkey" +++ " will be deleted.\n")); +++ } +++ if (thiskeyonly == 1 && secret) +++ { +++ tty_printf (_("Note: Only the secret part of the shown primary" +++ " key will be deleted.\n")); +++ } +++ else if (thiskeyonly == 2 && secret) +++ { +++ tty_printf (_("Note: Only the secret part of the shown subkey" +++ " will be deleted.\n")); +++ } +++ +++ if (thiskeyonly) +++ tty_printf ("\n"); +++ ++ yes = cpr_get_answer_is_yes ++ (secret? "delete_key.secret.okay": "delete_key.okay", ++ _("Delete this key from the keyring? (y/N) ")); ++@@ -178,6 +235,9 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)) ++ continue; ++ +++ if (thiskeyonly && targetnode != node) +++ continue; +++ ++ if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key)) ++ continue; /* No secret key for that public (sub)key. */ ++ ++@@ -219,9 +279,38 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ if (firsterr) ++ goto leave; ++ } +++ else if (thiskeyonly == 2) +++ { +++ int selected = 0; +++ +++ /* Delete the specified public subkey. */ +++ for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) +++ { +++ if (thiskeyonly && targetnode != node) +++ continue; +++ +++ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) +++ { +++ selected = targetnode == node; +++ if (selected) +++ delete_kbnode (node); +++ } +++ else if (selected && node->pkt->pkttype == PKT_SIGNATURE) +++ delete_kbnode (node); +++ else +++ selected = 0; +++ } +++ commit_kbnode (&keyblock); +++ err = keydb_update_keyblock (ctrl, hd, keyblock); +++ if (err) +++ { +++ log_error (_("update failed: %s\n"), gpg_strerror (err)); +++ goto leave; +++ } +++ } ++ else ++ { ++- err = opt.dry_run? 0 : keydb_delete_keyblock (hd); +++ err = keydb_delete_keyblock (hd); ++ if (err) ++ { ++ log_error (_("deleting keyblock failed: %s\n"), ++@@ -234,7 +323,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ revalidation_mark(). This makes sense - only deleting keys ++ that have ownertrust set should trigger this. */ ++ ++- if (!secret && pk && !opt.dry_run && clear_ownertrusts (ctrl, pk)) +++ if (!secret && pk && !opt.dry_run && thiskeyonly != 2 +++ && clear_ownertrusts (ctrl, pk)) ++ { ++ if (opt.verbose) ++ log_info (_("ownertrust information cleared\n")); ++@@ -247,7 +337,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ return err; ++ } ++ ++-/**************** +++ +++/* ++ * Delete a public or secret key from a keyring. ++ */ ++ gpg_error_t ++diff --git a/g10/export.c b/g10/export.c ++index 70f5261..4216a24 100644 ++--- a/g10/export.c +++++ b/g10/export.c ++@@ -428,8 +428,8 @@ new_subkey_list_item (KBNODE node) ++ (keyID or fingerprint) and does match the one at NODE. It is ++ assumed that the packet at NODE is either a public or secret ++ subkey. */ ++-static int ++-exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node) +++int +++exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node) ++ { ++ u32 kid[2]; ++ byte fpr[MAX_FINGERPRINT_LEN]; ++diff --git a/g10/main.h b/g10/main.h ++index d3d6060..e14fcbb 100644 ++--- a/g10/main.h +++++ b/g10/main.h ++@@ -396,6 +396,8 @@ void export_print_stats (export_stats_t stats); ++ int parse_export_options(char *str,unsigned int *options,int noisy); ++ gpg_error_t parse_and_set_export_filter (const char *string); ++ +++int exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node); +++ ++ int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, ++ export_stats_t stats); ++ int export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options, diff --cc debian/patches/from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch index 0000000,0000000..652f759 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch @@@ -1,0 -1,0 +1,39 @@@ ++From: Werner Koch ++Date: Mon, 13 May 2019 19:01:28 +0200 ++Subject: gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. ++ ++* g10/sign.c (update_keysig_packet): Convert digest algo when needed. ++-- ++ ++Several gpg commands try to keep most properties of a key signature ++when updating (i.e. creating a new version of a key signature). This ++included the use of the current hash-algorithm. This patch changes ++this so that SHA-1 or RMD160 are replaced by SHA-256 if ++possible (i.e. for RSA signatures). Affected commands are for example ++--quick-set-expire and --quick-set-primary-uid. ++ ++GnuPG-bug-id: 4508 ++Signed-off-by: Werner Koch ++(cherry picked from commit c1dc7a832921fdf5686d377f33db78707c0345e2) ++--- ++ g10/sign.c | 7 +++++++ ++ 1 file changed, 7 insertions(+) ++ ++diff --git a/g10/sign.c b/g10/sign.c ++index 095fa11..92ff361 100644 ++--- a/g10/sign.c +++++ b/g10/sign.c ++@@ -1593,6 +1593,13 @@ update_keysig_packet (ctrl_t ctrl, ++ ++ if ( opt.cert_digest_algo ) ++ digest_algo = opt.cert_digest_algo; +++ else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA +++ || pksk->pubkey_algo == PUBKEY_ALGO_ECDSA +++ || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA) +++ digest_algo = orig_sig->digest_algo; +++ else if (orig_sig->digest_algo == DIGEST_ALGO_SHA1 +++ || orig_sig->digest_algo == DIGEST_ALGO_RMD160) +++ digest_algo = DEFAULT_DIGEST_ALGO; ++ else ++ digest_algo = orig_sig->digest_algo; ++ diff --cc debian/patches/from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch index 0000000,0000000..9b0f9fe new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch @@@ -1,0 -1,0 +1,142 @@@ ++From: Werner Koch ++Date: Tue, 21 May 2019 16:25:56 +0200 ++Subject: gpg: Do not allow creation of user ids larger than our parser ++ allows. ++ ++* g10/parse-packet.c: Move max packet lengths constants to ... ++* g10/packet.h: ... here. ++* g10/build-packet.c (do_user_id): Return an error if too data is too ++large. ++* g10/keygen.c (write_uid): Return an error for too large data. ++-- ++ ++This can lead to keyring corruption becuase we expect that our parser ++is abale to parse packts created by us. Test case is ++ ++ gpg --batch --passphrase 'abc' -v \ ++ --quick-gen-key $(yes 'a'| head -4000|tr -d '\n') ++ ++GnuPG-bug-id: 4532 ++Signed-off-by: Werner Koch ++(cherry picked from commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651) ++--- ++ g10/build-packet.c | 8 +++++++- ++ g10/keygen.c | 35 ++++++++++++++++++++--------------- ++ g10/packet.h | 5 +++++ ++ g10/parse-packet.c | 6 ------ ++ 4 files changed, 32 insertions(+), 22 deletions(-) ++ ++diff --git a/g10/build-packet.c b/g10/build-packet.c ++index b83ea84..14e40a1 100644 ++--- a/g10/build-packet.c +++++ b/g10/build-packet.c ++@@ -424,15 +424,21 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) ++ * Without forcing HDRLEN to 2 in this case an indeterminate length ++ * packet would be written which is not allowed. Note that we are ++ * always called with a CTB indicating an old packet header format, ++- * so that forcing a 2 octet header works. */ +++ * so that forcing a 2 octet header works. We also check for the +++ * maximum allowed packet size by the parser using an arbitrary +++ * extra 10 bytes for header data. */ ++ if (uid->attrib_data) ++ { +++ if (uid->attrib_len > MAX_ATTR_PACKET_LENGTH - 10) +++ return gpg_error (GPG_ERR_TOO_LARGE); ++ hdrlen = uid->attrib_len? 0 : 2; ++ write_header2 (out, ctb, uid->attrib_len, hdrlen); ++ rc = iobuf_write( out, uid->attrib_data, uid->attrib_len ); ++ } ++ else ++ { +++ if (uid->len > MAX_UID_PACKET_LENGTH - 10) +++ return gpg_error (GPG_ERR_TOO_LARGE); ++ hdrlen = uid->len? 0 : 2; ++ write_header2 (out, ctb, uid->len, hdrlen); ++ rc = iobuf_write( out, uid->name, uid->len ); ++diff --git a/g10/keygen.c b/g10/keygen.c ++index 9edbdff..28ef898 100644 ++--- a/g10/keygen.c +++++ b/g10/keygen.c ++@@ -217,18 +217,22 @@ print_status_key_not_created (const char *handle) ++ ++ ++ ++-static void ++-write_uid( KBNODE root, const char *s ) +++static gpg_error_t +++write_uid (kbnode_t root, const char *s) ++ { ++- PACKET *pkt = xmalloc_clear(sizeof *pkt ); ++- size_t n = strlen(s); ++- ++- pkt->pkttype = PKT_USER_ID; ++- pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); ++- pkt->pkt.user_id->len = n; ++- pkt->pkt.user_id->ref = 1; ++- strcpy(pkt->pkt.user_id->name, s); ++- add_kbnode( root, new_kbnode( pkt ) ); +++ PACKET *pkt = xmalloc_clear (sizeof *pkt); +++ size_t n = strlen (s); +++ +++ if (n > MAX_UID_PACKET_LENGTH - 10) +++ return gpg_error (GPG_ERR_INV_USER_ID); +++ +++ pkt->pkttype = PKT_USER_ID; +++ pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); +++ pkt->pkt.user_id->len = n; +++ pkt->pkt.user_id->ref = 1; +++ strcpy (pkt->pkt.user_id->name, s); +++ add_kbnode (root, new_kbnode (pkt)); +++ return 0; ++ } ++ ++ static void ++@@ -4750,10 +4754,11 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, ++ ++ if (!err && (s = get_parameter_value (para, pUSERID))) ++ { ++- write_uid (pub_root, s ); ++- err = write_selfsigs (ctrl, pub_root, pri_psk, ++- get_parameter_uint (para, pKEYUSAGE), timestamp, ++- cache_nonce); +++ err = write_uid (pub_root, s ); +++ if (!err) +++ err = write_selfsigs (ctrl, pub_root, pri_psk, +++ get_parameter_uint (para, pKEYUSAGE), timestamp, +++ cache_nonce); ++ } ++ ++ /* Write the auth key to the card before the encryption key. This ++diff --git a/g10/packet.h b/g10/packet.h ++index 6d01b10..6e326b5 100644 ++--- a/g10/packet.h +++++ b/g10/packet.h ++@@ -33,6 +33,11 @@ ++ ++ #define DEBUG_PARSE_PACKET 1 ++ +++/* Maximum length of packets to avoid excessive memory allocation. */ +++#define MAX_KEY_PACKET_LENGTH (256 * 1024) +++#define MAX_UID_PACKET_LENGTH ( 2 * 1024) +++#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) +++#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) ++ ++ /* Constants to allocate static MPI arrays. */ ++ #define PUBKEY_MAX_NPKEY 5 ++diff --git a/g10/parse-packet.c b/g10/parse-packet.c ++index 3aa11a4..2d6ec92 100644 ++--- a/g10/parse-packet.c +++++ b/g10/parse-packet.c ++@@ -38,12 +38,6 @@ ++ #include "../common/mbox-util.h" ++ ++ ++-/* Maximum length of packets to avoid excessive memory allocation. */ ++-#define MAX_KEY_PACKET_LENGTH (256 * 1024) ++-#define MAX_UID_PACKET_LENGTH ( 2 * 1024) ++-#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) ++-#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) ++- ++ static int mpi_print_mode; ++ static int list_mode; ++ static estream_t listfp; diff --cc debian/patches/from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch index 0000000,0000000..40c1ce3 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch @@@ -1,0 -1,0 +1,49 @@@ ++From: Werner Koch ++Date: Tue, 21 May 2019 17:27:42 +0200 ++Subject: gpg: Do not bail on an invalid packet in the local keyring. ++ ++* g10/keydb.c (parse_keyblock_image): Treat invalid packet special. ++-- ++ ++This is in particular useful to run --list-keys on a keyring with ++corrupted packets. The extra flush is to keep the diagnostic close to ++the regular --list-key output. ++ ++Signed-off-by: Werner Koch ++ ++This is a backport from master with support for the unsupported v5 key ++handling. ++ ++(cherry picked from commit 30f44957ccd1433846709911798af3da4e437900) ++--- ++ g10/keydb.c | 15 +++++++++++---- ++ 1 file changed, 11 insertions(+), 4 deletions(-) ++ ++diff --git a/g10/keydb.c b/g10/keydb.c ++index 0475f85..670a8a1 100644 ++--- a/g10/keydb.c +++++ b/g10/keydb.c ++@@ -1249,12 +1249,19 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, ++ } ++ if (err) ++ { ++- if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) +++ es_fflush (es_stdout); +++ log_error ("parse_keyblock_image: read error: %s\n", +++ gpg_strerror (err)); +++ if (gpg_err_code (err) == GPG_ERR_INV_PACKET) ++ { ++- log_error ("parse_keyblock_image: read error: %s\n", ++- gpg_strerror (err)); ++- err = gpg_error (GPG_ERR_INV_KEYRING); +++ free_packet (pkt, &parsectx); +++ init_packet (pkt); +++ continue; ++ } +++ /* Unknown version maybe due to v5 keys - we treat this +++ * error different. */ +++ if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) +++ err = gpg_error (GPG_ERR_INV_KEYRING); ++ break; ++ } ++ diff --cc debian/patches/from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch index 0000000,0000000..d64fefd new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch @@@ -1,0 -1,0 +1,46 @@@ ++From: Werner Koch ++Date: Mon, 20 May 2019 12:31:55 +0200 ++Subject: gpg: Do not delete any keys if --dry-run is passed. ++ ++* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs. ++Do not clear the ownertrust. Do not let the agent delete the key. ++-- ++ ++Co-authored-by: Matheus Afonso Martins Moreira ++Signed-off-by: Werner Koch ++(cherry picked from commit 5c46c5f74540ad753b925b74593332ca92de47fa) ++--- ++ g10/delkey.c | 6 +++--- ++ 1 file changed, 3 insertions(+), 3 deletions(-) ++ ++diff --git a/g10/delkey.c b/g10/delkey.c ++index bf8c4e9..461a2c8 100644 ++--- a/g10/delkey.c +++++ b/g10/delkey.c ++@@ -190,7 +190,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ * pre-caution is that since 2.1 the secret key may also ++ * be used for other protocols and thus deleting it from ++ * the gpg would also delete the key for other tools. */ ++- if (!err) +++ if (!err && !opt.dry_run) ++ err = agent_delete_key (NULL, hexgrip, prompt, ++ opt.answer_yes); ++ xfree (prompt); ++@@ -221,7 +221,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ } ++ else ++ { ++- err = keydb_delete_keyblock (hd); +++ err = opt.dry_run? 0 : keydb_delete_keyblock (hd); ++ if (err) ++ { ++ log_error (_("deleting keyblock failed: %s\n"), ++@@ -234,7 +234,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, ++ revalidation_mark(). This makes sense - only deleting keys ++ that have ownertrust set should trigger this. */ ++ ++- if (!secret && pk && clear_ownertrusts (ctrl, pk)) +++ if (!secret && pk && !opt.dry_run && clear_ownertrusts (ctrl, pk)) ++ { ++ if (opt.verbose) ++ log_info (_("ownertrust information cleared\n")); diff --cc debian/patches/from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch index 0000000,0000000..01c9ccd new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch @@@ -1,0 -1,0 +1,35 @@@ ++From: Werner Koch ++Date: Tue, 14 May 2019 07:56:10 +0200 ++Subject: gpg: Do not print a hint to use the deprecated --keyserver option. ++ ++* g10/keyserver.c (keyserver_search): Remove a specialized error ++message. ++-- ++ ++Dirmngr comes with a default keyserver and the suggestion to use ++gpg --keyserver ++is not good because that option is deprecated. An error message ++"No keyserver available" is sufficient. ++ ++GnuPG-bug-id: 4512 ++Signed-off-by: Werner Koch ++(cherry picked from commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846) ++--- ++ g10/keyserver.c | 4 +--- ++ 1 file changed, 1 insertion(+), 3 deletions(-) ++ ++diff --git a/g10/keyserver.c b/g10/keyserver.c ++index 865e1e9..cadb71f 100644 ++--- a/g10/keyserver.c +++++ b/g10/keyserver.c ++@@ -1537,9 +1537,7 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens) ++ log_info (_("key not found on keyserver\n")); ++ } ++ ++- if (gpg_err_code (err) == GPG_ERR_NO_KEYSERVER) ++- log_error (_("no keyserver known (use option --keyserver)\n")); ++- else if (gpg_err_code (err) == GPG_ERR_NO_DATA) +++ if (gpg_err_code (err) == GPG_ERR_NO_DATA) ++ err = gpg_error (GPG_ERR_NOT_FOUND); ++ else if (err) ++ log_error ("error searching keyserver: %s\n", gpg_strerror (err)); diff --cc debian/patches/from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch index 0000000,0000000..af725c1 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch @@@ -1,0 -1,0 +1,56 @@@ ++From: Trevor Bentley ++Date: Mon, 25 Mar 2019 15:19:47 +0100 ++Subject: gpg: Don't use EdDSA algo ID for ECDSA curves. ++ ++* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from ++an EdDSA curve. ++ ++-- ++ ++(cherry picked from commit 4324560b2c0bb76a1769535c383424a042e505ae) ++ ++This change matters when it is called from ask_card_keyattr. ++ ++Some-comments-by: NIIBE Yutaka ++(cherry picked from commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf) ++--- ++ g10/keygen.c | 25 ++++++++++++++++++------- ++ 1 file changed, 18 insertions(+), 7 deletions(-) ++ ++diff --git a/g10/keygen.c b/g10/keygen.c ++index a8333b0..9edbdff 100644 ++--- a/g10/keygen.c +++++ b/g10/keygen.c ++@@ -2355,14 +2355,25 @@ ask_curve (int *algo, int *subkey_algo, const char *current) ++ else ++ { ++ /* If the user selected a signing algorithm and Curve25519 ++- we need to set the algo to EdDSA and update the curve name. */ ++- if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) ++- && curves[idx].eddsa_curve) +++ we need to set the algo to EdDSA and update the curve name. +++ If switching away from EdDSA, we need to set the algo back +++ to ECDSA. */ +++ if (*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) ++ { ++- if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) ++- *subkey_algo = PUBKEY_ALGO_EDDSA; ++- *algo = PUBKEY_ALGO_EDDSA; ++- result = curves[idx].eddsa_curve; +++ if (curves[idx].eddsa_curve) +++ { +++ if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) +++ *subkey_algo = PUBKEY_ALGO_EDDSA; +++ *algo = PUBKEY_ALGO_EDDSA; +++ result = curves[idx].eddsa_curve; +++ } +++ else +++ { +++ if (subkey_algo && *subkey_algo == PUBKEY_ALGO_EDDSA) +++ *subkey_algo = PUBKEY_ALGO_ECDSA; +++ *algo = PUBKEY_ALGO_ECDSA; +++ result = curves[idx].name; +++ } ++ } ++ else ++ result = curves[idx].name; diff --cc debian/patches/from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch index 0000000,0000000..66ced95 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch @@@ -1,0 -1,0 +1,74 @@@ ++From: Werner Koch ++Date: Thu, 11 Apr 2019 09:43:33 +0200 ++Subject: gpg: Set a limit of 5 to the number of keys imported from the WKD. ++ ++* g10/import.c (import): Limit the number of considered keys to 5. ++(import_one): Return the first fingerprint in case of WKD. ++-- ++ ++The Web Key Directory should carry only one key. However, some ++providers like to put old or expired keys also into the WKD. I don't ++thunk that this is a good idea but I heard claims that this is needed ++for them to migrate existing key data bases. ++ ++This patch puts a limit on 5 on it (we had none right now) and also ++fixes the issue that gpg could not work immediately with the requested ++key because the code uses the fingerprint of the key to use the ++imported key. Now the first key is used. On a second try (w/o ++accessing the WKD) the regular key selection mechanism would be in ++effect. I think this is the most conservative approach. Let's see ++whether it helps. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2) ++--- ++ g10/import.c | 25 +++++++++++++++++++++---- ++ 1 file changed, 21 insertions(+), 4 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index aeab4e0..3c8d0fe 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -665,6 +665,18 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, ++ ++ if (!(++stats->count % 100) && !opt.quiet) ++ log_info (_("%lu keys processed so far\n"), stats->count ); +++ +++ if (origin == KEYORG_WKD && stats->count >= 5) +++ { +++ /* We limit the number of keys _received_ from the WKD to 5. +++ * In fact there should be only one key but some sites want +++ * to store a few expired keys there also. gpg's key +++ * selection will later figure out which key to use. Note +++ * that for WKD we always return the fingerprint of the +++ * first imported key. */ +++ log_info ("import from WKD stopped after %d keys\n", 5); +++ break; +++ } ++ } ++ stats->v3keys += v3keys; ++ if (rc == -1) ++@@ -2183,14 +2195,19 @@ import_one (ctrl_t ctrl, ++ fingerprint of the key in all cases. */ ++ if (fpr) ++ { ++- xfree (*fpr); ++ /* Note that we need to compare against 0 here because ++ COUNT gets only incremented after returning from this ++ function. */ ++ if (!stats->count) ++- *fpr = fingerprint_from_pk (pk, NULL, fpr_len); ++- else ++- *fpr = NULL; +++ { +++ xfree (*fpr); +++ *fpr = fingerprint_from_pk (pk, NULL, fpr_len); +++ } +++ else if (origin != KEYORG_WKD) +++ { +++ xfree (*fpr); +++ *fpr = NULL; +++ } ++ } ++ } ++ diff --cc debian/patches/from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch index 0000000,0000000..b23b5b1 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch @@@ -1,0 -1,0 +1,52 @@@ ++From: Werner Koch ++Date: Fri, 3 May 2019 10:53:34 +0200 ++Subject: gpg: Use just the addrspec from the Signer's UID. ++ ++* g10/parse-packet.c (parse_signature): Take only the addrspec from a ++Signer's UID subpacket. ++-- ++ ++This is to address a problem in the currentr OpenKeychain which put ++the entire UID into the subpacket. For example our Tofu code can only ++use the addrspec and not the entire UID. ++ ++Reported-by: Wiktor Kwapisiewicz ++Signed-off-by: Werner Koch ++(cherry picked from commit 05204b72497db093f5d2da4a2446c0264a946296) ++--- ++ g10/parse-packet.c | 9 +++++++++ ++ 1 file changed, 9 insertions(+) ++ ++diff --git a/g10/parse-packet.c b/g10/parse-packet.c ++index 05f63e9..3aa11a4 100644 ++--- a/g10/parse-packet.c +++++ b/g10/parse-packet.c ++@@ -35,6 +35,7 @@ ++ #include "main.h" ++ #include "../common/i18n.h" ++ #include "../common/host2net.h" +++#include "../common/mbox-util.h" ++ ++ ++ /* Maximum length of packets to avoid excessive memory allocation. */ ++@@ -2064,12 +2065,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, ++ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len); ++ if (p && len) ++ { +++ char *mbox; +++ ++ sig->signers_uid = try_make_printable_string (p, len, 0); ++ if (!sig->signers_uid) ++ { ++ rc = gpg_error_from_syserror (); ++ goto leave; ++ } +++ mbox = mailbox_from_userid (sig->signers_uid); +++ if (mbox) +++ { +++ xfree (sig->signers_uid); +++ sig->signers_uid = mbox; +++ } ++ } ++ ++ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL); diff --cc debian/patches/from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch index 0000000,0000000..6fb5048 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch @@@ -1,0 -1,0 +1,38 @@@ ++From: Daniel Kahn Gillmor ++Date: Mon, 13 May 2019 21:22:38 -0400 ++Subject: gpg: enable OpenPGP export of cleartext keys with comments ++ ++* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing ++sublists in private-key S-expression. ++ ++-- ++ ++When gpg-agent learns about a private key from its ssh-agent ++interface, it stores its S-expression with the comment attached. The ++export mechanism for OpenPGP keys already in cleartext was too brittle ++because it would choke on these comments. This change lets it ignore ++any additional trailing sublists. ++ ++Signed-off-by: Daniel Kahn Gillmor ++Gnupg-Bug-Id: 4490 ++(cherry picked from commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec) ++--- ++ g10/export.c | 5 ++++- ++ 1 file changed, 4 insertions(+), 1 deletion(-) ++ ++diff --git a/g10/export.c b/g10/export.c ++index e94e959..70f5261 100644 ++--- a/g10/export.c +++++ b/g10/export.c ++@@ -596,7 +596,10 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk) ++ top_list = gcry_sexp_find_token (s_key, "private-key", 0); ++ if (!top_list) ++ goto bad_seckey; ++- if (gcry_sexp_length(top_list) != 2) +++ +++ /* ignore all S-expression after the first sublist -- we assume that +++ they are comments or otherwise irrelevant to OpenPGP */ +++ if (gcry_sexp_length(top_list) < 2) ++ goto bad_seckey; ++ key = gcry_sexp_nth (top_list, 1); ++ if (!key) diff --cc debian/patches/from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch index 0000000,0000000..4873c3b new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch @@@ -1,0 -1,0 +1,63 @@@ ++From: Werner Koch ++Date: Thu, 16 May 2019 12:24:08 +0200 ++Subject: gpgconf: Before --launch check that the config file is fine. ++ ++* tools/gpgconf-comp.c (gc_component_launch): Check the conf file. ++* tools/gpgconf.c (gpgconf_failure): Call log_flush. ++-- ++GnuPG-bug-id: 4497 ++Signed-off-by: Werner Koch ++(cherry picked from commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5) ++--- ++ tools/gpgconf-comp.c | 18 ++++++++++++++---- ++ tools/gpgconf.c | 1 + ++ 2 files changed, 15 insertions(+), 4 deletions(-) ++ ++diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c ++index adecfde..7f7440b 100644 ++--- a/tools/gpgconf-comp.c +++++ b/tools/gpgconf-comp.c ++@@ -1297,8 +1297,17 @@ gc_component_launch (int component) ++ if (!(component == GC_COMPONENT_GPG_AGENT ++ || component == GC_COMPONENT_DIRMNGR)) ++ { ++- es_fputs (_("Component not suitable for launching"), es_stderr); ++- es_putc ('\n', es_stderr); +++ log_error ("%s\n", _("Component not suitable for launching")); +++ gpgconf_failure (0); +++ } +++ +++ if (gc_component_check_options (component, NULL, NULL)) +++ { +++ log_error (_("Configuration file of component %s is broken\n"), +++ gc_component[component].name); +++ if (!opt.quiet) +++ log_info (_("Note: Use the command \"%s%s\" to get details.\n"), +++ "gpgconf --check-options ", gc_component[component].name); ++ gpgconf_failure (0); ++ } ++ ++@@ -1709,8 +1718,9 @@ collect_error_output (estream_t fp, const char *tag) ++ } ++ ++ ++-/* Check the options of a single component. Returns 0 if everything ++- is OK. */ +++/* Check the options of a single component. If CONF_FILE is NULL the +++ * standard config file is used. If OUT is not NULL the output is +++ * written to that stream. Returns 0 if everything is OK. */ ++ int ++ gc_component_check_options (int component, estream_t out, const char *conf_file) ++ { ++diff --git a/tools/gpgconf.c b/tools/gpgconf.c ++index 59085d8..bca6efb 100644 ++--- a/tools/gpgconf.c +++++ b/tools/gpgconf.c ++@@ -881,6 +881,7 @@ main (int argc, char **argv) ++ void ++ gpgconf_failure (gpg_error_t err) ++ { +++ log_flush (); ++ if (!err) ++ err = gpg_error (GPG_ERR_GENERAL); ++ gpgconf_write_status diff --cc debian/patches/from-2.2.16/gpgconf-Support-homedir-for-launch.patch index 0000000,0000000..f6a5e0d new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.16/gpgconf-Support-homedir-for-launch.patch @@@ -1,0 -1,0 +1,99 @@@ ++From: Werner Koch ++Date: Wed, 15 May 2019 08:50:15 +0200 ++Subject: gpgconf: Support --homedir for --launch. ++ ++* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because ++gnupg_homedir already returns abd absolute name. ++(scdaemon_runtime_change): Ditto. ++(dirmngr_runtime_change): Ditto. ++(gc_component_launch): Support --homedir. ++-- ++ ++GnuPG-bug-id: 4496 ++Signed-off-by: Werner Koch ++(cherry picked from commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6) ++--- ++ doc/tools.texi | 2 ++ ++ tools/gpgconf-comp.c | 25 +++++++++---------------- ++ 2 files changed, 11 insertions(+), 16 deletions(-) ++ ++diff --git a/doc/tools.texi b/doc/tools.texi ++index b1e8b0b..467fcdc 100644 ++--- a/doc/tools.texi +++++ b/doc/tools.texi ++@@ -393,6 +393,8 @@ extends numerical field values by human-readable descriptions. ++ @opindex quiet ++ Try to be as quiet as possible. ++ +++@include opt-homedir.texi +++ ++ @item -n ++ @itemx --dry-run ++ Do not actually change anything. This is currently only implemented ++diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c ++index b10b146..adecfde 100644 ++--- a/tools/gpgconf-comp.c +++++ b/tools/gpgconf-comp.c ++@@ -1180,12 +1180,8 @@ gpg_agent_runtime_change (int killflag) ++ pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); ++ if (!gnupg_default_homedir_p ()) ++ { ++- abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); ++- if (!abs_homedir) ++- err = gpg_error_from_syserror (); ++- ++ argv[i++] = "--homedir"; ++- argv[i++] = abs_homedir; +++ argv[i++] = gnupg_homedir (); ++ } ++ argv[i++] = "--no-autostart"; ++ argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT"; ++@@ -1223,12 +1219,8 @@ scdaemon_runtime_change (int killflag) ++ pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); ++ if (!gnupg_default_homedir_p ()) ++ { ++- abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); ++- if (!abs_homedir) ++- err = gpg_error_from_syserror (); ++- ++ argv[i++] = "--homedir"; ++- argv[i++] = abs_homedir; +++ argv[i++] = gnupg_homedir (); ++ } ++ argv[i++] = "-s"; ++ argv[i++] = "--no-autostart"; ++@@ -1267,12 +1259,8 @@ dirmngr_runtime_change (int killflag) ++ argv[3] = NULL; ++ else ++ { ++- abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); ++- if (!abs_homedir) ++- err = gpg_error_from_syserror (); ++- ++ argv[3] = "--homedir"; ++- argv[4] = abs_homedir; +++ argv[4] = gnupg_homedir (); ++ argv[5] = NULL; ++ } ++ ++@@ -1294,7 +1282,7 @@ gc_component_launch (int component) ++ { ++ gpg_error_t err; ++ const char *pgmname; ++- const char *argv[3]; +++ const char *argv[5]; ++ int i; ++ pid_t pid; ++ ++@@ -1316,6 +1304,11 @@ gc_component_launch (int component) ++ ++ pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); ++ i = 0; +++ if (!gnupg_default_homedir_p ()) +++ { +++ argv[i++] = "--homedir"; +++ argv[i++] = gnupg_homedir (); +++ } ++ if (component == GC_COMPONENT_DIRMNGR) ++ argv[i++] = "--dirmngr"; ++ argv[i++] = "NOP"; diff --cc debian/patches/from-2.2.17/Mention-sender-in-documentation.patch index 0000000,0000000..ce21dd2 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/Mention-sender-in-documentation.patch @@@ -1,0 -1,0 +1,30 @@@ ++From: Peter Lebbing ++Date: Tue, 2 Jul 2019 10:28:56 +0200 ++Subject: Mention --sender in documentation ++ ++(cherry picked from commit 37b549dfe0acd362399debd7c93794eb75937402) ++--- ++ doc/gpg.texi | 10 +++++----- ++ 1 file changed, 5 insertions(+), 5 deletions(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index ff2c0cf..5c3bd48 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -2609,11 +2609,11 @@ allows for this. ++ ++ @item --disable-signer-uid ++ @opindex disable-signer-uid ++-By default the user ID of the signing key is embedded in the data ++-signature. As of now this is only done if the signing key has been ++-specified with @option{local-user} using a mail address. This ++-information can be helpful for verifier to locate the key; see ++-option @option{--auto-key-retrieve}. +++By default the user ID of the signing key is embedded in the data signature. +++As of now this is only done if the signing key has been specified with +++@option{local-user} using a mail address, or with @option{sender}. This +++information can be helpful for verifier to locate the key; see option +++@option{--auto-key-retrieve}. ++ ++ @item --personal-cipher-preferences @var{string} ++ @opindex personal-cipher-preferences diff --cc debian/patches/from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch index 0000000,0000000..7077fa6 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch @@@ -1,0 -1,0 +1,86 @@@ ++From: Werner Koch ++Date: Mon, 3 Jun 2019 16:31:58 +0200 ++Subject: Return better error code for some getinfo IPC commands. ++ ++* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False. ++* g13/server.c (cmd_getinfo): Ditto. ++* sm/server.c (cmd_getinfo): Ditto. ++-- ++ ++GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require ++a later version for gnupg 2. Thus we can switch to this more ++descriptive code. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit f3251023750d6bd9023dbb8373c804d7d4540a56) ++--- ++ agent/command.c | 6 +++--- ++ g13/server.c | 2 +- ++ sm/server.c | 4 ++-- ++ 3 files changed, 6 insertions(+), 6 deletions(-) ++ ++diff --git a/agent/command.c b/agent/command.c ++index cf8a2e4..72b5973 100644 ++--- a/agent/command.c +++++ b/agent/command.c ++@@ -2887,7 +2887,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) ++ { ++ cmdopt = line; ++ if (!command_has_option (cmd, cmdopt)) ++- rc = gpg_error (GPG_ERR_GENERAL); +++ rc = gpg_error (GPG_ERR_FALSE); ++ } ++ } ++ } ++@@ -2901,7 +2901,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) ++ } ++ else if (!strcmp (line, "restricted")) ++ { ++- rc = ctrl->restricted? 0 : gpg_error (GPG_ERR_GENERAL); +++ rc = ctrl->restricted? 0 : gpg_error (GPG_ERR_FALSE); ++ } ++ else if (ctrl->restricted) ++ { ++@@ -2935,7 +2935,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) ++ } ++ else if (!strcmp (line, "scd_running")) ++ { ++- rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_GENERAL); +++ rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_FALSE); ++ } ++ else if (!strcmp (line, "std_env_names")) ++ { ++diff --git a/g13/server.c b/g13/server.c ++index defde6c..7802952 100644 ++--- a/g13/server.c +++++ b/g13/server.c ++@@ -530,7 +530,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) ++ { ++ cmdopt = line; ++ if (!command_has_option (cmd, cmdopt)) ++- err = gpg_error (GPG_ERR_GENERAL); +++ err = gpg_error (GPG_ERR_FALSE); ++ } ++ } ++ } ++diff --git a/sm/server.c b/sm/server.c ++index 98505e2..77ec07f 100644 ++--- a/sm/server.c +++++ b/sm/server.c ++@@ -1162,14 +1162,14 @@ cmd_getinfo (assuan_context_t ctx, char *line) ++ { ++ cmdopt = line; ++ if (!command_has_option (cmd, cmdopt)) ++- rc = gpg_error (GPG_ERR_GENERAL); +++ rc = gpg_error (GPG_ERR_FALSE); ++ } ++ } ++ } ++ } ++ else if (!strcmp (line, "offline")) ++ { ++- rc = ctrl->offline? 0 : gpg_error (GPG_ERR_GENERAL); +++ rc = ctrl->offline? 0 : gpg_error (GPG_ERR_FALSE); ++ } ++ else ++ rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); diff --cc debian/patches/from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch index 0000000,0000000..e0b828c new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch @@@ -1,0 -1,0 +1,143 @@@ ++From: Werner Koch ++Date: Wed, 3 Jul 2019 17:39:53 +0200 ++Subject: dirmngr: Avoid endless loop in case of HTTP error 503. ++ ++* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New. ++(handle_send_request_error): Use it for 503 and 504. ++(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for ++extra_tries. ++-- ++ ++This is a pretty stupid fix but one which works without much risk of ++regressions. We could have used the existing TRIES but in that case ++the fallback to other host would have been too limited. With the used ++value we can have several fallbacks to other hosts. Note that the ++TRIES is still cumulative and not per host. ++ ++GnuPG-bug-id: 4600 ++Signed-off-by: Werner Koch ++(cherry picked from commit 8b113bb148f273524682252233b3c65954e1419e) ++(cherry picked from commit d2e8d71251813e61b15a07637497fabe823b822c) ++--- ++ dirmngr/ks-engine-hkp.c | 43 +++++++++++++++++++++++++++++++++---------- ++ 1 file changed, 33 insertions(+), 10 deletions(-) ++ ++diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c ++index 8754a6b..3ebd651 100644 ++--- a/dirmngr/ks-engine-hkp.c +++++ b/dirmngr/ks-engine-hkp.c ++@@ -67,6 +67,10 @@ ++ /* Number of retries done for a dead host etc. */ ++ #define SEND_REQUEST_RETRIES 3 ++ +++/* Number of retries done in case of transient errors. */ +++#define SEND_REQUEST_EXTRA_RETRIES 5 +++ +++ ++ enum ks_protocol { KS_PROTOCOL_HKP, KS_PROTOCOL_HKPS, KS_PROTOCOL_MAX }; ++ ++ /* Objects used to maintain information about hosts. */ ++@@ -1306,10 +1310,12 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, ++ with REQUEST. The function returns true if the caller shall try ++ again. TRIES_LEFT points to a variable to track the number of ++ retries; this function decrements it and won't return true if it is ++- down to zero. */ +++ down to zero. EXTRA_TRIES_LEFT does the same but only for +++ transient http status codes. */ ++ static int ++ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request, ++- unsigned int http_status, unsigned int *tries_left) +++ unsigned int http_status, unsigned int *tries_left, +++ unsigned int *extra_tries_left) ++ { ++ int retry = 0; ++ ++@@ -1365,9 +1371,12 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request, ++ ++ case 503: /* Service Unavailable */ ++ case 504: /* Gateway Timeout */ ++- log_info ("selecting a different host due to a %u (%s)", ++- http_status, http_status2string (http_status)); ++- retry = 1; +++ if (*extra_tries_left) +++ { +++ log_info ("selecting a different host due to a %u (%s)", +++ http_status, http_status2string (http_status)); +++ retry = 2; +++ } ++ break; ++ } ++ } ++@@ -1377,8 +1386,16 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request, ++ break; ++ } ++ ++- if (*tries_left) ++- --*tries_left; +++ if (retry == 2) +++ { +++ if (*extra_tries_left) +++ --*extra_tries_left; +++ } +++ else +++ { +++ if (*tries_left) +++ --*tries_left; +++ } ++ ++ return retry; ++ } ++@@ -1403,6 +1420,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, ++ char *httphost = NULL; ++ unsigned int http_status; ++ unsigned int tries = SEND_REQUEST_RETRIES; +++ unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; ++ ++ *r_fp = NULL; ++ ++@@ -1484,7 +1502,8 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, ++ /* Send the request. */ ++ err = send_request (ctrl, request, hostport, httphost, httpflags, ++ NULL, NULL, &fp, &http_status); ++- if (handle_send_request_error (ctrl, err, request, http_status, &tries)) +++ if (handle_send_request_error (ctrl, err, request, http_status, +++ &tries, &extra_tries)) ++ { ++ reselect = 1; ++ goto again; ++@@ -1554,6 +1573,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) ++ unsigned int httpflags; ++ unsigned int http_status; ++ unsigned int tries = SEND_REQUEST_RETRIES; +++ unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; ++ ++ *r_fp = NULL; ++ ++@@ -1626,7 +1646,8 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) ++ /* Send the request. */ ++ err = send_request (ctrl, request, hostport, httphost, httpflags, ++ NULL, NULL, &fp, &http_status); ++- if (handle_send_request_error (ctrl, err, request, http_status, &tries)) +++ if (handle_send_request_error (ctrl, err, request, http_status, +++ &tries, &extra_tries)) ++ { ++ reselect = 1; ++ goto again; ++@@ -1702,6 +1723,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) ++ unsigned int httpflags; ++ unsigned int http_status; ++ unsigned int tries = SEND_REQUEST_RETRIES; +++ unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; ++ ++ parm.datastring = NULL; ++ ++@@ -1740,7 +1762,8 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) ++ /* Send the request. */ ++ err = send_request (ctrl, request, hostport, httphost, 0, ++ put_post_cb, &parm, &fp, &http_status); ++- if (handle_send_request_error (ctrl, err, request, http_status, &tries)) +++ if (handle_send_request_error (ctrl, err, request, http_status, +++ &tries, &extra_tries)) ++ { ++ reselect = 1; ++ goto again; diff --cc debian/patches/from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch index 0000000,0000000..411ea39 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch @@@ -1,0 -1,0 +1,55 @@@ ++From: Werner Koch ++Date: Wed, 3 Jul 2019 16:20:00 +0200 ++Subject: dirmngr: Do not rewrite the redirection for the "openpgpkey" ++ subdomain. ++ ++* dirmngr/http.c (same_host_p): Consider certain subdomains to be the ++same. ++-- ++ ++GnuPG-bug-id: 4603 ++Signed-off-by: Werner Koch ++(cherry picked from commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36) ++(cherry picked from commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9) ++--- ++ dirmngr/http.c | 20 ++++++++++++++++++++ ++ 1 file changed, 20 insertions(+) ++ ++diff --git a/dirmngr/http.c b/dirmngr/http.c ++index 384f256..d2456c6 100644 ++--- a/dirmngr/http.c +++++ b/dirmngr/http.c ++@@ -3533,6 +3533,10 @@ same_host_p (parsed_uri_t a, parsed_uri_t b) ++ { NULL, "api.protonmail.ch" }, ++ { "pm.me", "api.protonmail.ch" } ++ }; +++ static const char *subdomains[] = +++ { +++ "openpgpkey." +++ }; ++ int i; ++ const char *from; ++ ++@@ -3554,6 +3558,22 @@ same_host_p (parsed_uri_t a, parsed_uri_t b) ++ return 1; ++ } ++ +++ /* Also consider hosts the same if they differ only in a subdomain; +++ * in both direction. This allows to have redirection between the +++ * WKD advanced and direct lookup methods. */ +++ for (i=0; i < DIM (subdomains); i++) +++ { +++ const char *subdom = subdomains[i]; +++ size_t subdomlen = strlen (subdom); +++ +++ if (!ascii_strncasecmp (a->host, subdom, subdomlen) +++ && !ascii_strcasecmp (a->host + subdomlen, b->host)) +++ return 1; +++ if (!ascii_strncasecmp (b->host, subdom, subdomlen) +++ && !ascii_strcasecmp (b->host + subdomlen, a->host)) +++ return 1; +++ } +++ ++ return 0; ++ } ++ diff --cc debian/patches/from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch index 0000000,0000000..5518865 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch @@@ -1,0 -1,0 +1,143 @@@ ++From: Werner Koch ++Date: Wed, 3 Jul 2019 15:29:41 +0200 ++Subject: dirmngr: Support the new WKD draft with the openpgpkey subdomain. ++ ++* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain ++method. ++ ++-- ++Also includes actual backport fix from ++2c6d94702a676de9fadaaf003b9c80dc76c02f92 ++ ++GnuPG-bug-id: 4590 ++Signed-off-by: Werner Koch ++(cherry picked from commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd) ++(cherry picked from commit 458973f502b9a43ecf29e804a2c0c86e78f5927a) ++--- ++ dirmngr/server.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++------- ++ 1 file changed, 56 insertions(+), 8 deletions(-) ++ ++diff --git a/dirmngr/server.c b/dirmngr/server.c ++index 272b95a..5e8ea5e 100644 ++--- a/dirmngr/server.c +++++ b/dirmngr/server.c ++@@ -837,8 +837,11 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ gpg_error_t err = 0; ++ char *mbox = NULL; ++ char *domainbuf = NULL; ++- char *domain; /* Points to mbox or domainbuf. */ ++- char *domain_orig;/* Points to mbox. */ +++ char *domain; /* Points to mbox or domainbuf. This is used to +++ * connect to the host. */ +++ char *domain_orig;/* Points to mbox. This is the used for the +++ * query; i.e. the domain part of the +++ * addrspec. */ ++ char sha1buf[20]; ++ char *uri = NULL; ++ char *encodedhash = NULL; ++@@ -847,6 +850,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ int is_wkd_query; /* True if this is a real WKD query. */ ++ int no_log = 0; ++ char portstr[20] = { 0 }; +++ int subdomain_mode = 0; ++ ++ opt_submission_addr = has_option (line, "--submission-address"); ++ opt_policy_flags = has_option (line, "--policy-flags"); ++@@ -864,7 +868,8 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ *domain++ = 0; ++ domain_orig = domain; ++ ++- /* First check whether we already know that the domain does not +++ +++ /* Let's check whether we already know that the domain does not ++ * support WKD. */ ++ if (is_wkd_query) ++ { ++@@ -875,8 +880,41 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ } ++ } ++ ++- /* Check for SRV records. */ ++- if (1) +++ +++ /* First try the new "openpgp" subdomain. We check that the domain +++ * is valid because it is later used as an unescaped filename part +++ * of the URI. */ +++ if (is_valid_domain_name (domain_orig)) +++ { +++ dns_addrinfo_t aibuf; +++ +++ domainbuf = strconcat ( "openpgpkey.", domain_orig, NULL); +++ if (!domainbuf) +++ { +++ err = gpg_error_from_syserror (); +++ goto leave; +++ } +++ +++ /* FIXME: We should put a cache into dns-stuff because the same +++ * query (with a different port and socket type, though) will be +++ * done later by http function. */ +++ err = resolve_dns_name (domainbuf, 0, 0, 0, &aibuf, NULL); +++ if (err) +++ { +++ err = 0; +++ xfree (domainbuf); +++ domainbuf = NULL; +++ } +++ else /* Got a subdomain. */ +++ { +++ free_dns_addrinfo (aibuf); +++ subdomain_mode = 1; +++ domain = domainbuf; +++ } +++ } +++ +++ /* Check for SRV records unless we have a subdomain. */ +++ if (!subdomain_mode) ++ { ++ struct srventry *srvs; ++ unsigned int srvscount; ++@@ -931,6 +969,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ xfree (srvs); ++ } ++ +++ /* Prepare the hash of the local part. */ ++ gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox)); ++ encodedhash = zb32_encode (sha1buf, 8*20); ++ if (!encodedhash) ++@@ -944,7 +983,10 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ uri = strconcat ("https://", ++ domain, ++ portstr, ++- "/.well-known/openpgpkey/submission-address", +++ "/.well-known/openpgpkey/", +++ subdomain_mode? domain_orig : "", +++ subdomain_mode? "/" : "", +++ "submission-address", ++ NULL); ++ } ++ else if (opt_policy_flags) ++@@ -952,7 +994,10 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ uri = strconcat ("https://", ++ domain, ++ portstr, ++- "/.well-known/openpgpkey/policy", +++ "/.well-known/openpgpkey/", +++ subdomain_mode? domain_orig : "", +++ subdomain_mode? "/" : "", +++ "policy", ++ NULL); ++ } ++ else ++@@ -965,7 +1010,10 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) ++ uri = strconcat ("https://", ++ domain, ++ portstr, ++- "/.well-known/openpgpkey/hu/", +++ "/.well-known/openpgpkey/", +++ subdomain_mode? domain_orig : "", +++ subdomain_mode? "/" : "", +++ "hu/", ++ encodedhash, ++ "?l=", ++ escapedmbox, diff --cc debian/patches/from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch index 0000000,0000000..db0ab12 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch @@@ -1,0 -1,0 +1,46 @@@ ++From: Daniel Kahn Gillmor ++Date: Tue, 11 Jun 2019 08:25:46 +0100 ++Subject: dirmngr: fix handling of HTTPS redirections during HKP ++ ++* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when ++following a HTTP redirection. ++ ++-- ++inspired by patch from Damien Goutte-Gattat ++ ++GnuPG-Bug_id: 4566 ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6) ++--- ++ dirmngr/ks-engine-hkp.c | 4 +++- ++ 1 file changed, 3 insertions(+), 1 deletion(-) ++ ++diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c ++index 3ebd651..9ca1cae 100644 ++--- a/dirmngr/ks-engine-hkp.c +++++ b/dirmngr/ks-engine-hkp.c ++@@ -1174,6 +1174,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, ++ /* FIXME: I am not sure whey we allow a downgrade for hkp requests. ++ * Needs at least an explanation here.. */ ++ +++ once_more: ++ err = http_session_new (&session, httphost, ++ ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0) ++ | HTTP_FLAG_TRUST_DEF), ++@@ -1183,7 +1184,6 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, ++ http_session_set_log_cb (session, cert_log_cb); ++ http_session_set_timeout (session, ctrl->timeout); ++ ++- once_more: ++ err = http_open (&http, ++ post_cb? HTTP_REQ_POST : HTTP_REQ_GET, ++ request, ++@@ -1263,6 +1263,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, ++ request = request_buffer; ++ http_close (http, 0); ++ http = NULL; +++ http_session_release (session); +++ session = NULL; ++ } ++ goto once_more; ++ diff --cc debian/patches/from-2.2.17/doc-wks.texi-fix-typo.patch index 0000000,0000000..f47d09d new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/doc-wks.texi-fix-typo.patch @@@ -1,0 -1,0 +1,23 @@@ ++From: Daniel Kahn Gillmor ++Date: Tue, 28 May 2019 21:09:13 -0400 ++Subject: doc/wks.texi: fix typo ++ ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421) ++--- ++ doc/wks.texi | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++diff --git a/doc/wks.texi b/doc/wks.texi ++index ced418a..536f1fe 100644 ++--- a/doc/wks.texi +++++ b/doc/wks.texi ++@@ -61,7 +61,7 @@ Service provider. This is usuallay done to upload a key into a Web ++ Key Directory. ++ ++ With the @option{--supported} command the caller can test whether a ++-site supports the Web Key Service. The argument is an arbitray +++site supports the Web Key Service. The argument is an arbitrary ++ address in the to be tested domain. For example ++ @file{foo@@example.net}. The command returns success if the Web Key ++ Service is supported. The operation is silent; to get diagnostic diff --cc debian/patches/from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch index 0000000,0000000..f21f961 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch @@@ -1,0 -1,0 +1,59 @@@ ++From: Werner Koch ++Date: Thu, 4 Jul 2019 15:45:39 +0200 ++Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver ++ options. ++ ++* g10/gpg.c (main): Change default. ++-- ++ ++Due to the DoS attack on the keyeservers we do not anymore default to ++import key signatures. That makes the keyserver unsuable for getting ++keys for the WoT but it still allows to retriev keys - even if that ++takes long to download the large keyblocks. ++ ++To revert to the old behavior add ++ ++ keyserver-optiions no-self-sigs-only,no-import-clean ++ ++to gpg.conf. ++ ++GnuPG-bug-id: 4607 ++Signed-off-by: Werner Koch ++(cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93) ++(cherry picked from commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6) ++--- ++ doc/gpg.texi | 5 +++++ ++ g10/gpg.c | 4 +++- ++ 2 files changed, 8 insertions(+), 1 deletion(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index 5c3bd48..c8fb241 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -1907,6 +1907,11 @@ are available for all keyserver types, some common options are: ++ ++ @end table ++ +++The default list of options is: "self-sigs-only, import-clean, +++repair-keys, repair-pks-subkey-bug, export-attributes, +++honor-pka-record". +++ +++ ++ @item --completes-needed @var{n} ++ @opindex compliant-needed ++ Number of completely trusted users to introduce a new ++diff --git a/g10/gpg.c b/g10/gpg.c ++index 0e98c1a..6e5e901 100644 ++--- a/g10/gpg.c +++++ b/g10/gpg.c ++@@ -2373,7 +2373,9 @@ main (int argc, char **argv) ++ opt.import_options = IMPORT_REPAIR_KEYS; ++ opt.export_options = EXPORT_ATTRIBUTES; ++ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS ++- | IMPORT_REPAIR_PKS_SUBKEY_BUG); +++ | IMPORT_REPAIR_PKS_SUBKEY_BUG +++ | IMPORT_SELF_SIGS_ONLY +++ | IMPORT_CLEAN); ++ opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; ++ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; ++ opt.verify_options = (LIST_SHOW_UID_VALIDITY diff --cc debian/patches/from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch index 0000000,0000000..2327a8d new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch @@@ -1,0 -1,0 +1,27 @@@ ++From: Werner Koch ++Date: Tue, 9 Jul 2019 11:13:51 +0200 ++Subject: gpg: Do not try the import fallback if the options are already used. ++ ++* g10/import.c (import_one): Check options. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 3c2cf5ea952015a441ee5701c41dadc63be60d87) ++--- ++ g10/import.c | 4 +++- ++ 1 file changed, 3 insertions(+), 1 deletion(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index d509c8c..12f8f28 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -2310,7 +2310,9 @@ import_one (ctrl_t ctrl, ++ from_sk, silent, screener, screener_arg, ++ origin, url, r_valid); ++ if (gpg_err_code (err) == GPG_ERR_TOO_LARGE ++- && gpg_err_source (err) == GPG_ERR_SOURCE_KEYBOX) +++ && gpg_err_source (err) == GPG_ERR_SOURCE_KEYBOX +++ && ((options & (IMPORT_SELF_SIGS_ONLY | IMPORT_CLEAN)) +++ != (IMPORT_SELF_SIGS_ONLY | IMPORT_CLEAN))) ++ { ++ /* We hit the maximum image length. Ask the wrapper to do ++ * everything again but this time with some extra options. */ diff --cc debian/patches/from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch index 0000000,0000000..1f0c637 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch @@@ -1,0 -1,0 +1,222 @@@ ++From: Werner Koch ++Date: Mon, 1 Jul 2019 21:53:55 +0200 ++Subject: gpg: Fallback to import with self-sigs-only on too large keyblocks. ++ ++* g10/import.c (import_one): Rename to ... ++(import_one_real): this. Do not print and update stats on keyring ++write errors. ++(import_one): New. Add fallback code. ++-- ++ ++GnuPG-bug-id: 4591 ++Signed-off-by: Werner Koch ++(cherry picked from commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160) ++(cherry picked from commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800) ++--- ++ g10/import.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++----------- ++ 1 file changed, 102 insertions(+), 22 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index a5b68e9..91222d2 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -128,6 +128,7 @@ static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, ++ static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, ++ u32 *keyid, unsigned int options); ++ static int any_uid_left (kbnode_t keyblock); +++static void remove_all_non_self_sigs (kbnode_t *keyblock, u32 *keyid); ++ static int merge_blocks (ctrl_t ctrl, unsigned int options, ++ kbnode_t keyblock_orig, ++ kbnode_t keyblock, u32 *keyid, ++@@ -1765,12 +1766,12 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) ++ * has valid parts. ++ */ ++ static gpg_error_t ++-import_one (ctrl_t ctrl, ++- kbnode_t keyblock, struct import_stats_s *stats, ++- unsigned char **fpr, size_t *fpr_len, unsigned int options, ++- int from_sk, int silent, ++- import_screener_t screener, void *screener_arg, ++- int origin, const char *url, int *r_valid) +++import_one_real (ctrl_t ctrl, +++ kbnode_t keyblock, struct import_stats_s *stats, +++ unsigned char **fpr, size_t *fpr_len, unsigned int options, +++ int from_sk, int silent, +++ import_screener_t screener, void *screener_arg, +++ int origin, const char *url, int *r_valid) ++ { ++ gpg_error_t err = 0; ++ PKT_public_key *pk; ++@@ -1851,6 +1852,13 @@ import_one (ctrl_t ctrl, ++ return 0; ++ } ++ +++ /* Remove all non-self-sigs if requested. Noe that this is a NOP if +++ * that option has been globally set but we may also be called +++ * latter with the already parsed keyblock and a locally changed +++ * option. This is why we need to remove them here as well. */ +++ if ((options & IMPORT_SELF_SIGS_ONLY)) +++ remove_all_non_self_sigs (&keyblock, keyid); +++ ++ collapse_uids(&keyblock); ++ ++ /* Clean the key that we're about to import, to cut down on things ++@@ -2053,22 +2061,25 @@ import_one (ctrl_t ctrl, ++ hd = NULL; ++ ++ /* We are ready. */ ++- if (!opt.quiet && !silent) +++ if (!err && !opt.quiet && !silent) ++ { ++ char *p = get_user_id_byfpr_native (ctrl, fpr2); ++ log_info (_("key %s: public key \"%s\" imported\n"), ++ keystr(keyid), p); ++ xfree(p); ++ } ++- if (is_status_enabled()) +++ if (!err && is_status_enabled()) ++ { ++ char *us = get_long_user_id_string (ctrl, keyid); ++ write_status_text( STATUS_IMPORTED, us ); ++ xfree(us); ++ print_import_ok (pk, 1); ++ } ++- stats->imported++; ++- new_key = 1; +++ if (!err) +++ { +++ stats->imported++; +++ new_key = 1; +++ } ++ } ++ else /* Key already exists - merge. */ ++ { ++@@ -2138,8 +2149,10 @@ import_one (ctrl_t ctrl, ++ keydb_release (hd); ++ hd = NULL; ++ ++- /* We are ready. */ ++- if (!opt.quiet && !silent) +++ /* We are ready. Print and update stats if we got no error. +++ * An error here comes from writing the keyblock and thus +++ * very likely means that no update happened. */ +++ if (!err && !opt.quiet && !silent) ++ { ++ char *p = get_user_id_byfpr_native (ctrl, fpr2); ++ if (n_uids == 1 ) ++@@ -2175,14 +2188,17 @@ import_one (ctrl_t ctrl, ++ xfree(p); ++ } ++ ++- stats->n_uids +=n_uids; ++- stats->n_sigs +=n_sigs; ++- stats->n_subk +=n_subk; ++- stats->n_sigs_cleaned +=n_sigs_cleaned; ++- stats->n_uids_cleaned +=n_uids_cleaned; ++- ++- if (is_status_enabled () && !silent) ++- print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0))); +++ if (!err) +++ { +++ stats->n_uids +=n_uids; +++ stats->n_sigs +=n_sigs; +++ stats->n_subk +=n_subk; +++ stats->n_sigs_cleaned +=n_sigs_cleaned; +++ stats->n_uids_cleaned +=n_uids_cleaned; +++ +++ if (is_status_enabled () && !silent) +++ print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0))); +++ } ++ } ++ else ++ { ++@@ -2269,6 +2285,39 @@ import_one (ctrl_t ctrl, ++ } ++ ++ +++/* Wrapper around import_one_real to retry the import in some cases. */ +++static gpg_error_t +++import_one (ctrl_t ctrl, +++ kbnode_t keyblock, struct import_stats_s *stats, +++ unsigned char **fpr, size_t *fpr_len, unsigned int options, +++ int from_sk, int silent, +++ import_screener_t screener, void *screener_arg, +++ int origin, const char *url, int *r_valid) +++{ +++ gpg_error_t err; +++ +++ err = import_one_real (ctrl, keyblock, stats, fpr, fpr_len, options, +++ from_sk, silent, screener, screener_arg, +++ origin, url, r_valid); +++ if (gpg_err_code (err) == GPG_ERR_TOO_LARGE +++ && gpg_err_source (err) == GPG_ERR_SOURCE_KEYBOX) +++ { +++ /* We hit the maximum image length. Ask the wrapper to do +++ * everything again but this time with some extra options. */ +++ u32 keyid[2]; +++ +++ keyid_from_pk (keyblock->pkt->pkt.public_key, keyid); +++ log_info ("key %s: keyblock too large, retrying with self-sigs-only\n", +++ keystr (keyid)); +++ options |= IMPORT_SELF_SIGS_ONLY | IMPORT_CLEAN; +++ err = import_one_real (ctrl, keyblock, stats, fpr, fpr_len, options, +++ from_sk, silent, screener, screener_arg, +++ origin, url, r_valid); +++ } +++ return err; +++} +++ +++ ++ /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The ++ * function prints diagnostics and returns an error code. If BATCH is ++ * true the secret keys are stored by gpg-agent in the transfer format ++@@ -2946,7 +2995,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ /* The secret keyblock may not have nodes which are deleted in ++ * the public keyblock. Otherwise we would import just the ++ * secret key without having the public key. That would be ++- * surprising and clutters out private-keys-v1.d. */ +++ * surprising and clutters our private-keys-v1.d. */ ++ err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock, &attic); ++ if (err) ++ goto leave; ++@@ -3759,8 +3808,39 @@ any_uid_left (kbnode_t keyblock) ++ } ++ ++ +++/* Delete all non-self-sigs from KEYBLOCK. +++ * Returns: True if the keyblock has changed. */ +++static void +++remove_all_non_self_sigs (kbnode_t *keyblock, u32 *keyid) +++{ +++ kbnode_t node; +++ unsigned int dropped = 0; ++ ++-/**************** +++ for (node = *keyblock; node; node = node->next) +++ { +++ if (is_deleted_kbnode (node)) +++ continue; +++ +++ if (node->pkt->pkttype != PKT_SIGNATURE) +++ continue; +++ +++ if (node->pkt->pkt.signature->keyid[0] == keyid[0] +++ && node->pkt->pkt.signature->keyid[1] == keyid[1]) +++ continue; +++ delete_kbnode (node); +++ dropped++; +++ } +++ +++ if (dropped) +++ commit_kbnode (keyblock); +++ +++ if (dropped && opt.verbose) +++ log_info ("key %s: number of dropped non-self-signatures: %u\n", +++ keystr (keyid), dropped); +++} +++ +++ +++/* ++ * It may happen that the imported keyblock has duplicated user IDs. ++ * We check this here and collapse those user IDs together with their ++ * sigs into one. diff --cc debian/patches/from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch index 0000000,0000000..5d34f80 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch @@@ -1,0 -1,0 +1,68 @@@ ++From: Werner Koch ++Date: Tue, 9 Jul 2019 11:07:35 +0200 ++Subject: gpg: Fix regression in option "self-sigs-only". ++ ++* g10/import.c (read_block): Make sure KEYID is availabale also on a ++pending packet. ++-- ++ ++Reported-by: Phil Pennock ++Fixes-commit: adb120e663fc5e78f714976c6e42ae233c1990b0 ++Signed-off-by: Werner Koch ++(cherry picked from commit b6effaf4669b2c3707932e3c5f2f57df886d759e) ++--- ++ g10/import.c | 12 +++++++++++- ++ 1 file changed, 11 insertions(+), 1 deletion(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index 91222d2..d509c8c 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -855,6 +855,7 @@ read_block( IOBUF a, unsigned int options, ++ kbnode_t root = NULL; ++ int in_cert, in_v3key, skip_sigs; ++ u32 keyid[2]; +++ int got_keyid = 0; ++ unsigned int dropped_nonselfsigs = 0; ++ ++ *r_v3keys = 0; ++@@ -863,7 +864,11 @@ read_block( IOBUF a, unsigned int options, ++ { ++ root = new_kbnode( *pending_pkt ); ++ *pending_pkt = NULL; +++ log_assert (root->pkt->pkttype == PKT_PUBLIC_KEY +++ || root->pkt->pkttype == PKT_SECRET_KEY); ++ in_cert = 1; +++ keyid_from_pk (root->pkt->pkt.public_key, keyid); +++ got_keyid = 1; ++ } ++ else ++ in_cert = 0; ++@@ -985,6 +990,7 @@ read_block( IOBUF a, unsigned int options, ++ goto x_default; ++ if (!(options & IMPORT_SELF_SIGS_ONLY)) ++ goto x_default; +++ log_assert (got_keyid); ++ if (pkt->pkt.signature->keyid[0] == keyid[0] ++ && pkt->pkt.signature->keyid[1] == keyid[1]) ++ { /* This is likely a self-signature. We import this one. ++@@ -1007,6 +1013,11 @@ read_block( IOBUF a, unsigned int options, ++ ++ case PKT_PUBLIC_KEY: ++ case PKT_SECRET_KEY: +++ if (!got_keyid) +++ { +++ keyid_from_pk (pkt->pkt.public_key, keyid); +++ got_keyid = 1; +++ } ++ if (in_cert) /* Store this packet. */ ++ { ++ *pending_pkt = pkt; ++@@ -1014,7 +1025,6 @@ read_block( IOBUF a, unsigned int options, ++ goto ready; ++ } ++ in_cert = 1; ++- keyid_from_pk (pkt->pkt.public_key, keyid); ++ goto x_default; ++ ++ default: diff --cc debian/patches/from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch index 0000000,0000000..fbfd648 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch @@@ -1,0 -1,0 +1,72 @@@ ++From: Werner Koch ++Date: Mon, 1 Jul 2019 14:01:08 +0200 ++Subject: gpg: Make read_block in import.c more flexible. ++ ++* g10/import.c: Change arg 'with_meta' to 'options'. Change callers. ++-- ++ ++This chnage allows to pass more options to read_block. ++ ++Signed-off-by: Werner Koch ++(cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0) ++--- ++ g10/import.c | 23 +++++++++++------------ ++ 1 file changed, 11 insertions(+), 12 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index 3c8d0fe..6215d2b 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -102,7 +102,7 @@ static int import (ctrl_t ctrl, ++ unsigned char **fpr, size_t *fpr_len, unsigned int options, ++ import_screener_t screener, void *screener_arg, ++ int origin, const char *url); ++-static int read_block (IOBUF a, int with_meta, +++static int read_block (IOBUF a, unsigned int options, ++ PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); ++ static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); ++ static gpg_error_t import_one (ctrl_t ctrl, ++@@ -585,8 +585,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, ++ release_armor_context (afx); ++ } ++ ++- while (!(rc = read_block (inp, !!(options & IMPORT_RESTORE), ++- &pending_pkt, &keyblock, &v3keys))) +++ while (!(rc = read_block (inp, options, &pending_pkt, &keyblock, &v3keys))) ++ { ++ stats->v3keys += v3keys; ++ if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) ++@@ -834,16 +833,16 @@ valid_keyblock_packet (int pkttype) ++ } ++ ++ ++-/**************** ++- * Read the next keyblock from stream A. ++- * Meta data (ring trust packets) are only considered of WITH_META is set. ++- * PENDING_PKT should be initialized to NULL and not changed by the caller. ++- * Return: 0 = okay, -1 no more blocks or another errorcode. ++- * The int at R_V3KEY counts the number of unsupported v3 ++- * keyblocks. +++/* Read the next keyblock from stream A. Meta data (ring trust +++ * packets) are only considered if OPTIONS has the IMPORT_RESTORE flag +++ * set. PENDING_PKT should be initialized to NULL and not changed by +++ * the caller. +++ * +++ * Returns 0 for okay, -1 no more blocks, or any other errorcode. The +++ * integer at R_V3KEY counts the number of unsupported v3 keyblocks. ++ */ ++ static int ++-read_block( IOBUF a, int with_meta, +++read_block( IOBUF a, unsigned int options, ++ PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) ++ { ++ int rc; ++@@ -866,7 +865,7 @@ read_block( IOBUF a, int with_meta, ++ pkt = xmalloc (sizeof *pkt); ++ init_packet (pkt); ++ init_parse_packet (&parsectx, a); ++- if (!with_meta) +++ if (!(options & IMPORT_RESTORE)) ++ parsectx.skip_meta = 1; ++ in_v3key = 0; ++ skip_sigs = 0; diff --cc debian/patches/from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch index 0000000,0000000..e06e9b8 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch @@@ -1,0 -1,0 +1,136 @@@ ++From: Werner Koch ++Date: Mon, 1 Jul 2019 15:14:59 +0200 ++Subject: gpg: New import and keyserver option "self-sigs-only" ++ ++* g10/options.h (IMPORT_SELF_SIGS_ONLY): New. ++* g10/import.c (parse_import_options): Add option "self-sigs-only". ++(read_block): Handle that option. ++-- ++ ++This option is intended to help against importing keys with many bogus ++key-signatures. It has obvious drawbacks and is not a bullet-proof ++solution because a self-signature can also be faked and would be ++detected only later. ++ ++GnuPG-bug-id: 4591 ++Signed-off-by: Werner Koch ++ ++(cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0) ++(cherry picked from commit adb120e663fc5e78f714976c6e42ae233c1990b0) ++--- ++ doc/gpg.texi | 8 ++++++++ ++ g10/import.c | 40 ++++++++++++++++++++++++++++++++++++++-- ++ g10/options.h | 1 + ++ 3 files changed, 47 insertions(+), 2 deletions(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index 9853f69..ff2c0cf 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -2322,6 +2322,14 @@ opposite meaning. The options are: ++ on the keyring. This option is the same as running the @option{--edit-key} ++ command "clean" after import. Defaults to no. ++ +++ @item self-sigs-only +++ Accept only self-signatures while importing a key. All other +++ key-signatures are skipped at an early import stage. This option +++ can be used with @code{keyserver-options} to mitigate attempts to +++ flood a key with bogus signatures from a keyserver. The drawback is +++ that all other valid key-signatures, as required by the Web of Trust +++ are also not imported. +++ ++ @item repair-keys ++ After import, fix various problems with the ++ keys. For example, this reorders signatures, and strips duplicate ++diff --git a/g10/import.c b/g10/import.c ++index 6215d2b..a5b68e9 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -188,6 +188,9 @@ parse_import_options(char *str,unsigned int *options,int noisy) ++ {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, ++ N_("remove as much as possible from key after import")}, ++ +++ {"self-sigs-only", IMPORT_SELF_SIGS_ONLY, NULL, +++ N_("ignore key-signatures which are not self-signatures")}, +++ ++ {"import-export", IMPORT_EXPORT, NULL, ++ N_("run import filters and export key immediately")}, ++ ++@@ -850,6 +853,8 @@ read_block( IOBUF a, unsigned int options, ++ PACKET *pkt; ++ kbnode_t root = NULL; ++ int in_cert, in_v3key, skip_sigs; +++ u32 keyid[2]; +++ unsigned int dropped_nonselfsigs = 0; ++ ++ *r_v3keys = 0; ++ ++@@ -974,16 +979,43 @@ read_block( IOBUF a, unsigned int options, ++ init_packet(pkt); ++ break; ++ +++ case PKT_SIGNATURE: +++ if (!in_cert) +++ goto x_default; +++ if (!(options & IMPORT_SELF_SIGS_ONLY)) +++ goto x_default; +++ if (pkt->pkt.signature->keyid[0] == keyid[0] +++ && pkt->pkt.signature->keyid[1] == keyid[1]) +++ { /* This is likely a self-signature. We import this one. +++ * Eventually we should use the ISSUER_FPR to compare +++ * self-signatures, but that will work only for v5 keys +++ * which are currently not even deployed. +++ * Note that we do not do any crypto verify here because +++ * that would defeat this very mitigation of DoS by +++ * importing a key with a huge amount of faked +++ * key-signatures. A verification will be done later in +++ * the processing anyway. Here we want a cheap an early +++ * way to drop non-self-signatures. */ +++ goto x_default; +++ } +++ /* Skip this signature. */ +++ dropped_nonselfsigs++; +++ free_packet (pkt, &parsectx); +++ init_packet(pkt); +++ break; +++ ++ case PKT_PUBLIC_KEY: ++ case PKT_SECRET_KEY: ++- if (in_cert ) /* Store this packet. */ +++ if (in_cert) /* Store this packet. */ ++ { ++ *pending_pkt = pkt; ++ pkt = NULL; ++ goto ready; ++ } ++ in_cert = 1; ++- /* fall through */ +++ keyid_from_pk (pkt->pkt.public_key, keyid); +++ goto x_default; +++ ++ default: ++ x_default: ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) ++@@ -1012,6 +1044,10 @@ read_block( IOBUF a, unsigned int options, ++ free_packet (pkt, &parsectx); ++ deinit_parse_packet (&parsectx); ++ xfree( pkt ); +++ if (!rc && dropped_nonselfsigs && opt.verbose) +++ log_info ("key %s: number of dropped non-self-signatures: %u\n", +++ keystr (keyid), dropped_nonselfsigs); +++ ++ return rc; ++ } ++ ++diff --git a/g10/options.h b/g10/options.h ++index 782c0cb..4877a71 100644 ++--- a/g10/options.h +++++ b/g10/options.h ++@@ -354,6 +354,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; ++ #define IMPORT_RESTORE (1<<10) ++ #define IMPORT_REPAIR_KEYS (1<<11) ++ #define IMPORT_DRY_RUN (1<<12) +++#define IMPORT_SELF_SIGS_ONLY (1<<14) ++ ++ #define EXPORT_LOCAL_SIGS (1<<0) ++ #define EXPORT_ATTRIBUTES (1<<1) diff --cc debian/patches/from-2.2.17/spelling-Fix-synchronize.patch index 0000000,0000000..45e42ac new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/spelling-Fix-synchronize.patch @@@ -1,0 -1,0 +1,88 @@@ ++From: Daniel Kahn Gillmor ++Date: Sun, 23 Jun 2019 20:17:05 -0400 ++Subject: spelling: Fix "synchronize" ++ ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit 520f5d70e4128b61c30da2a463f6c34ca24b628e) ++--- ++ NEWS | 2 +- ++ g10/cpr.c | 2 +- ++ kbx/keybox-blob.c | 4 ++-- ++ scd/app-openpgp.c | 2 +- ++ scd/ccid-driver.c | 2 +- ++ 5 files changed, 6 insertions(+), 6 deletions(-) ++ ++diff --git a/NEWS b/NEWS ++index 294709d..5728cdd 100644 ++--- a/NEWS +++++ b/NEWS ++@@ -2487,7 +2487,7 @@ Noteworthy changes in version 1.9.2 (2003-11-17) ++ command but from the menu provided by the new --card-edit command. ++ ++ * PINs are now properly cached and there are only 2 PINs visible. ++- The 3rd PIN (CHV2) is internally syncronized with the regular PIN. +++ The 3rd PIN (CHV2) is internally synchronized with the regular PIN. ++ ++ * All kind of other internal stuff. ++ ++diff --git a/g10/cpr.c b/g10/cpr.c ++index 4354426..d40e0a7 100644 ++--- a/g10/cpr.c +++++ b/g10/cpr.c ++@@ -62,7 +62,7 @@ progress_cb (void *ctx, const char *what, int printchar, ++ ++ ++ /* Return true if the status message NO may currently be issued. We ++- need this to avoid syncronisation problem while auto retrieving a +++ need this to avoid synchronization problem while auto retrieving a ++ key. There it may happen that a status NODATA is issued for a non ++ available key and the user may falsely interpret this has a missing ++ signature. */ ++diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c ++index 6874212..ac259ea 100644 ++--- a/kbx/keybox-blob.c +++++ b/kbx/keybox-blob.c ++@@ -116,7 +116,7 @@ ++ Note that this value matches TRUST_FLAG_REVOKED ++ - u16 RFU ++ - u32 Recheck_after ++- - u32 Latest timestamp in the keyblock (useful for KS syncronsiation?) +++ - u32 Latest timestamp in the keyblock (useful for KS synchronization?) ++ - u32 Blob created at ++ - u32 [NRES] Size of reserved space (not including this field) ++ - bN Reserved space of size NRES for future use. ++@@ -126,7 +126,7 @@ ++ - bN Space for the keyblock or certificate. ++ - bN RFU. This is the remaining space after keyblock and before ++ the checksum. It is not covered by the checksum. ++- - b20 SHA-1 checksum (useful for KS syncronisation?) +++ - b20 SHA-1 checksum (useful for KS synchronization?) ++ Note, that KBX versions before GnuPG 2.1 used an MD5 ++ checksum. However it was only created but never checked. ++ Thus we do not expect problems if we switch to SHA-1. If ++diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c ++index e4a1fba..a1f8603 100644 ++--- a/scd/app-openpgp.c +++++ b/scd/app-openpgp.c ++@@ -640,7 +640,7 @@ count_bits (const unsigned char *a, size_t len) ++ Where FLAGS is a plain hexadecimal number representing flag values. ++ The lsb is here the rightmost bit. Defined flags bits are: ++ ++- Bit 0 = CHV1 and CHV2 are not syncronized +++ Bit 0 = CHV1 and CHV2 are not synchronized ++ Bit 1 = CHV2 has been set to the default PIN of "123456" ++ (this implies that bit 0 is also set). ++ ++diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c ++index ae40f01..94cd8c2 100644 ++--- a/scd/ccid-driver.c +++++ b/scd/ccid-driver.c ++@@ -2952,7 +2952,7 @@ ccid_transceive_apdu_level (ccid_driver_t handle, ++ bit 7 1 ++ bit 6 1 ++ bit 5 clear=request,set=response ++- bit 4..0 0 = resyncronisation request +++ bit 4..0 0 = resynchronization request ++ 1 = information field size request ++ 2 = abort request ++ 3 = extension of BWT request diff --cc debian/patches/from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch index 0000000,0000000..51f4826 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch @@@ -1,0 -1,0 +1,39 @@@ ++From: NIIBE Yutaka ++Date: Mon, 1 Jul 2019 13:07:22 +0900 ++Subject: tools: gpgconf: Killing order is children-first. ++ ++* tools/gpgconf-comp.c (gc_component_kill): Reverse the order. ++ ++-- ++ ++Cherry-picked from master commit: ++ 7c877f942a344e7778005840ed7f3e20ace12f4a ++ ++The order matters in a corner case; On a busy machine, there was a ++race condition between gpg-agent's running KILLAGENT command and its ++accepting incoming request on the socket. If a request by ++gpg-connect-agent was accepted, it resulted an error by sudden ++shutdown. This change of the order can remove such a race. ++ ++Here, we know backend=0 is none. ++ ++GnuPG-bug-id: 4577 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 526714806da4e50c8e683b25d76460916d58ff41) ++--- ++ tools/gpgconf-comp.c | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c ++index 7f7440b..2875c92 100644 ++--- a/tools/gpgconf-comp.c +++++ b/tools/gpgconf-comp.c ++@@ -1367,7 +1367,7 @@ gc_component_kill (int component) ++ } ++ ++ /* Do the restart for the selected backends. */ ++- for (backend = 0; backend < GC_BACKEND_NR; backend++) +++ for (backend = GC_BACKEND_NR-1; backend; backend--) ++ { ++ if (runtime[backend] && gc_backend[backend].runtime_change) ++ (*gc_backend[backend].runtime_change) (1); diff --cc debian/patches/from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch index 0000000,0000000..97f8df1 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch @@@ -1,0 -1,0 +1,32 @@@ ++From: NIIBE Yutaka ++Date: Tue, 16 Jul 2019 10:10:52 +0900 ++Subject: dirmngr: Don't add system CAs for SKS HKPS pool. ++ ++* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear ++add_system_cas. ++ ++-- ++ ++Cherry-picking the master commit of: ++ 75e0ec65170b7053743406e3f3b605febcf7312a ++ ++GnuPG-bug-id: 4594 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 58e234fbeb6cc5908b69a73e50428f02e584e504) ++--- ++ dirmngr/http.c | 2 ++ ++ 1 file changed, 2 insertions(+) ++ ++diff --git a/dirmngr/http.c b/dirmngr/http.c ++index d2456c6..1ba8e79 100644 ++--- a/dirmngr/http.c +++++ b/dirmngr/http.c ++@@ -791,6 +791,8 @@ http_session_new (http_session_t *r_session, ++ pemname, gnutls_strerror (rc)); ++ xfree (pemname); ++ } +++ +++ add_system_cas = 0; ++ } ++ ++ /* Add configured certificates to the session. */ diff --cc debian/patches/from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch index 0000000,0000000..f129a23 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch @@@ -1,0 -1,0 +1,40 @@@ ++From: NIIBE Yutaka ++Date: Wed, 10 Jul 2019 15:06:54 +0900 ++Subject: gpg: Fix keyring retrieval. ++ ++* g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append. ++ ++-- ++ ++Cherry-picking the master commit of: ++ a7a043e82555a9da984c6fb01bfec4990d904690 ++ ++GnuPG-bug-id: 4592 ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit b7df72d3074b72cf8b537ac87416b6b719c1b1b7) ++--- ++ g10/keyring.c | 9 ++++++--- ++ 1 file changed, 6 insertions(+), 3 deletions(-) ++ ++diff --git a/g10/keyring.c b/g10/keyring.c ++index a8dd462..f424f94 100644 ++--- a/g10/keyring.c +++++ b/g10/keyring.c ++@@ -473,11 +473,14 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) ++ } ++ ++ in_cert = 1; ++- node = lastnode = new_kbnode (pkt); +++ node = new_kbnode (pkt); ++ if (!keyblock) ++- keyblock = node; +++ keyblock = lastnode = node; ++ else ++- add_kbnode (keyblock, node); +++ { +++ lastnode->next = node; +++ lastnode = node; +++ } ++ switch (pkt->pkttype) ++ { ++ case PKT_PUBLIC_KEY: diff --cc debian/patches/from-2.2.18-prerelease/gpg-Improve-import-slowness.patch index 0000000,0000000..0fcad16 new file mode 100644 --- /dev/null +++ b/debian/patches/from-2.2.18-prerelease/gpg-Improve-import-slowness.patch @@@ -1,0 -1,0 +1,77 @@@ ++From: NIIBE Yutaka ++Date: Wed, 10 Jul 2019 15:42:07 +0900 ++Subject: gpg: Improve import slowness. ++ ++* g10/import.c (read_block): Avoid O(N^2) append. ++(sec_to_pub_keyblock): Likewise. ++ ++-- ++ ++Cherry-picking the master commit of: ++ 33c17a8008c3ba3bb740069f9f97c7467f156b54 ++ ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit eb00a14f6d2de7c53487f39494c5cb9c0598fc96) ++--- ++ g10/import.c | 18 +++++++++++++----- ++ 1 file changed, 13 insertions(+), 5 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index 12f8f28..0a72a76 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -853,6 +853,7 @@ read_block( IOBUF a, unsigned int options, ++ struct parse_packet_ctx_s parsectx; ++ PACKET *pkt; ++ kbnode_t root = NULL; +++ kbnode_t lastnode = NULL; ++ int in_cert, in_v3key, skip_sigs; ++ u32 keyid[2]; ++ int got_keyid = 0; ++@@ -862,7 +863,7 @@ read_block( IOBUF a, unsigned int options, ++ ++ if (*pending_pkt) ++ { ++- root = new_kbnode( *pending_pkt ); +++ root = lastnode = new_kbnode( *pending_pkt ); ++ *pending_pkt = NULL; ++ log_assert (root->pkt->pkttype == PKT_PUBLIC_KEY ++ || root->pkt->pkttype == PKT_SECRET_KEY); ++@@ -1032,9 +1033,12 @@ read_block( IOBUF a, unsigned int options, ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) ++ { ++ if (!root ) ++- root = new_kbnode (pkt); +++ root = lastnode = new_kbnode (pkt); ++ else ++- add_kbnode (root, new_kbnode (pkt)); +++ { +++ lastnode->next = new_kbnode (pkt); +++ lastnode = lastnode->next; +++ } ++ pkt = xmalloc (sizeof *pkt); ++ } ++ else ++@@ -2636,6 +2640,7 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) ++ kbnode_t pub_keyblock = NULL; ++ kbnode_t ctx = NULL; ++ kbnode_t secnode, pubnode; +++ kbnode_t lastnode = NULL; ++ unsigned int tag = 0; ++ ++ /* Set a tag to all nodes. */ ++@@ -2675,9 +2680,12 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) ++ pubnode->tag = secnode->tag; ++ ++ if (!pub_keyblock) ++- pub_keyblock = pubnode; +++ pub_keyblock = lastnode = pubnode; ++ else ++- add_kbnode (pub_keyblock, pubnode); +++ { +++ lastnode->next = pubnode; +++ lastnode = pubnode; +++ } ++ } ++ ++ return pub_keyblock; diff --cc debian/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch index 0000000,0000000..ac1abb2 new file mode 100644 --- /dev/null +++ b/debian/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch @@@ -1,0 -1,0 +1,140 @@@ ++From: NIIBE Yutaka ++Date: Wed, 20 Sep 2017 10:42:28 +0900 ++Subject: agent: Fix cancellation handling for scdaemon. ++ ++* agent/call-scd.c (cancel_inquire): Remove. ++(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey) ++(agent_card_scd): Don't call cancel_inquire. ++ ++-- ++ ++Since libassuan 2.1.0, cancellation command "CAN" is handled within ++the library, by assuan_transact. So, cancel_inquire just caused ++spurious "CAN" command to scdaemon which resulted an error. ++ ++Signed-off-by: NIIBE Yutaka ++(cherry picked from commit 9f5e50e7c85aa8b847d38010241ed570ac114fc3) ++--- ++ agent/call-scd.c | 41 ----------------------------------------- ++ 1 file changed, 41 deletions(-) ++ ++diff --git a/agent/call-scd.c b/agent/call-scd.c ++index bf7732b..e852c0d 100644 ++--- a/agent/call-scd.c +++++ b/agent/call-scd.c ++@@ -89,7 +89,6 @@ struct inq_needpin_parm_s ++ const char *getpin_cb_desc; ++ assuan_context_t passthru; /* If not NULL, pass unknown inquiries ++ up to the caller. */ ++- int any_inq_seen; ++ ++ /* The next fields are used by inq_writekey_parm. */ ++ const unsigned char *keydata; ++@@ -729,7 +728,6 @@ inq_needpin (void *opaque, const char *line) ++ size_t pinlen; ++ int rc; ++ ++- parm->any_inq_seen = 1; ++ if ((s = has_leading_keyword (line, "NEEDPIN"))) ++ { ++ line = s; ++@@ -813,30 +811,6 @@ hash_algo_option (int algo) ++ } ++ ++ ++-static gpg_error_t ++-cancel_inquire (ctrl_t ctrl, gpg_error_t rc) ++-{ ++- gpg_error_t oldrc = rc; ++- ++- /* The inquire callback was called and transact returned a ++- cancel error. We assume that the inquired process sent a ++- CANCEL. The passthrough code is not able to pass on the ++- CANCEL and thus scdaemon would stuck on this. As a ++- workaround we send a CANCEL now. */ ++- rc = assuan_write_line (ctrl->scd_local->ctx, "CAN"); ++- if (!rc) { ++- char *line; ++- size_t len; ++- ++- rc = assuan_read_line (ctrl->scd_local->ctx, &line, &len); ++- if (!rc) ++- rc = oldrc; ++- } ++- ++- return rc; ++-} ++- ++- ++ /* Create a signature using the current card. MDALGO is either 0 or ++ * gives the digest algorithm. DESC_TEXT is an additional parameter ++ * passed to GETPIN_CB. */ ++@@ -877,7 +851,6 @@ agent_card_pksign (ctrl_t ctrl, ++ inqparm.getpin_cb_arg = getpin_cb_arg; ++ inqparm.getpin_cb_desc = desc_text; ++ inqparm.passthru = 0; ++- inqparm.any_inq_seen = 0; ++ inqparm.keydata = NULL; ++ inqparm.keydatalen = 0; ++ ++@@ -890,9 +863,6 @@ agent_card_pksign (ctrl_t ctrl, ++ put_membuf_cb, &data, ++ inq_needpin, &inqparm, ++ NULL, NULL); ++- if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || ++- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) ++- rc = cancel_inquire (ctrl, rc); ++ ++ if (rc) ++ { ++@@ -976,7 +946,6 @@ agent_card_pkdecrypt (ctrl_t ctrl, ++ inqparm.getpin_cb_arg = getpin_cb_arg; ++ inqparm.getpin_cb_desc = desc_text; ++ inqparm.passthru = 0; ++- inqparm.any_inq_seen = 0; ++ inqparm.keydata = NULL; ++ inqparm.keydatalen = 0; ++ snprintf (line, DIM(line), "PKDECRYPT %s", keyid); ++@@ -984,9 +953,6 @@ agent_card_pkdecrypt (ctrl_t ctrl, ++ put_membuf_cb, &data, ++ inq_needpin, &inqparm, ++ padding_info_cb, r_padding); ++- if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || ++- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) ++- rc = cancel_inquire (ctrl, rc); ++ ++ if (rc) ++ { ++@@ -1113,15 +1079,11 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, ++ parms.getpin_cb_arg = getpin_cb_arg; ++ parms.getpin_cb_desc= NULL; ++ parms.passthru = 0; ++- parms.any_inq_seen = 0; ++ parms.keydata = keydata; ++ parms.keydatalen = keydatalen; ++ ++ rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL, ++ inq_writekey_parms, &parms, NULL, NULL); ++- if (parms.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || ++- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) ++- rc = cancel_inquire (ctrl, rc); ++ return unlock_scd (ctrl, rc); ++ } ++ ++@@ -1346,7 +1308,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, ++ inqparm.getpin_cb_arg = getpin_cb_arg; ++ inqparm.getpin_cb_desc = NULL; ++ inqparm.passthru = assuan_context; ++- inqparm.any_inq_seen = 0; ++ inqparm.keydata = NULL; ++ inqparm.keydatalen = 0; ++ ++@@ -1356,8 +1317,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, ++ pass_data_thru, assuan_context, ++ inq_needpin, &inqparm, ++ pass_status_thru, assuan_context); ++- if (inqparm.any_inq_seen && gpg_err_code(rc) == GPG_ERR_ASS_CANCELED) ++- rc = cancel_inquire (ctrl, rc); ++ ++ assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag); ++ if (rc) diff --cc debian/patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch index 0000000,0000000..58207c2 new file mode 100644 --- /dev/null +++ b/debian/patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch @@@ -1,0 -1,0 +1,116 @@@ ++From: Daniel Kahn Gillmor ++Date: Thu, 7 Sep 2017 18:41:10 -0400 ++Subject: gpg: default to 3072-bit RSA keys. ++ ++* agent/command.c (hlp_genkey): update help text to suggest the use of ++3072 bits. ++* doc/wks.texi: Make example match default generation. ++* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to ++rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment, ++(gen_rsa, get_keysize_range): update default from 2048 to 3072). ++* g10/keyid.c (pubkey_string): update comment so that first example ++is the default 3072-bit RSA. ++ ++-- ++ ++3072-bit RSA is widely considered to be 128-bit-equivalent security. ++This is a sensible default in 2017. ++ ++Signed-off-by: Daniel Kahn Gillmor ++ ++(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c) ++--- ++ agent/command.c | 2 +- ++ doc/wks.texi | 4 ++-- ++ g10/keygen.c | 9 ++++----- ++ g10/keyid.c | 4 ++-- ++ 4 files changed, 9 insertions(+), 10 deletions(-) ++ ++diff --git a/agent/command.c b/agent/command.c ++index adb2c00..60eb6ad 100644 ++--- a/agent/command.c +++++ b/agent/command.c ++@@ -843,7 +843,7 @@ static const char hlp_genkey[] = ++ "\n" ++ " C: GENKEY\n" ++ " S: INQUIRE KEYPARAM\n" ++- " C: D (genkey (rsa (nbits 2048)))\n" +++ " C: D (genkey (rsa (nbits 3072)))\n" ++ " C: END\n" ++ " S: D (public-key\n" ++ " S: D (rsa (n 326487324683264) (e 10001)))\n" ++diff --git a/doc/wks.texi b/doc/wks.texi ++index d6798b1..5fe2a33 100644 ++--- a/doc/wks.texi +++++ b/doc/wks.texi ++@@ -404,10 +404,10 @@ the submission address: ++ The output of the last command looks similar to this: ++ ++ @example ++- sec rsa2048 2016-08-30 [SC] +++ sec rsa3072 2016-08-30 [SC] ++ C0FCF8642D830C53246211400346653590B3795B ++ uid [ultimate] key-submission@@example.net ++- ssb rsa2048 2016-08-30 [E] +++ ssb rsa3072 2016-08-30 [E] ++ @end example ++ ++ Take the fingerprint from that output and manually publish the key: ++diff --git a/g10/keygen.c b/g10/keygen.c ++index ed57d5d..492c65f 100644 ++--- a/g10/keygen.c +++++ b/g10/keygen.c ++@@ -46,11 +46,10 @@ ++ #include "../common/mbox-util.h" ++ ++ ++-/* The default algorithms. If you change them remember to change them ++- also in gpg.c:gpgconf_list. You should also check that the value +++/* The default algorithms. If you change them, you should ensure the value ++ is inside the bounds enforced by ask_keysize and gen_xxx. See also ++ get_keysize_range which encodes the allowed ranges. */ ++-#define DEFAULT_STD_KEY_PARAM "rsa2048/cert,sign+rsa2048/encr" +++#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr" ++ #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" ++ ++ /* When generating keys using the streamlined key generation dialog, ++@@ -1648,7 +1647,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, ++ ++ if (nbits < 1024) ++ { ++- nbits = 2048; +++ nbits = 3072; ++ log_info (_("keysize invalid; using %u bits\n"), nbits ); ++ } ++ else if (nbits > maxsize) ++@@ -2117,7 +2116,7 @@ get_keysize_range (int algo, unsigned int *min, unsigned int *max) ++ default: ++ *min = opt.compliance == CO_DE_VS ? 2048: 1024; ++ *max = 4096; ++- def = 2048; +++ def = 3072; ++ break; ++ } ++ ++diff --git a/g10/keyid.c b/g10/keyid.c ++index 5b868cd..af9be07 100644 ++--- a/g10/keyid.c +++++ b/g10/keyid.c ++@@ -73,7 +73,7 @@ pubkey_letter( int algo ) ++ is copied to the supplied buffer up a length of BUFSIZE-1. ++ Examples for the output are: ++ ++- "rsa2048" - RSA with 2048 bit +++ "rsa3072" - RSA with 3072 bit ++ "elg1024" - Elgamal with 1024 bit ++ "ed25519" - ECC using the curve Ed25519. ++ "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". ++@@ -83,7 +83,7 @@ pubkey_letter( int algo ) ++ If the option --legacy-list-mode is active, the output use the ++ legacy format: ++ ++- "2048R" - RSA with 2048 bit +++ "3072R" - RSA with 3072 bit ++ "1024g" - Elgamal with 1024 bit ++ "256E" - ECDSA using a curve with 256 bit ++ diff --cc debian/patches/from-master/gpg-default-to-AES-256.patch index 0000000,0000000..4b93103 new file mode 100644 --- /dev/null +++ b/debian/patches/from-master/gpg-default-to-AES-256.patch @@@ -1,0 -1,0 +1,35 @@@ ++From: Daniel Kahn Gillmor ++Date: Thu, 7 Sep 2017 19:04:00 -0400 ++Subject: gpg: default to AES-256. ++ ++* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default. ++ ++-- ++ ++It's 2017, and pretty much everyone has AES-256 available. Symmetric ++crypto is also rarely the bottleneck (asymmetric crypto is much more ++expensive). AES-256 provides some level of protection against ++large-scale decryption efforts, and longer key lengths provide a hedge ++against unforseen cryptanalysis. ++ ++Signed-off-by: Daniel Kahn Gillmor ++(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa) ++--- ++ g10/main.h | 4 +++- ++ 1 file changed, 3 insertions(+), 1 deletion(-) ++ ++diff --git a/g10/main.h b/g10/main.h ++index 389a557..6f93de9 100644 ++--- a/g10/main.h +++++ b/g10/main.h ++@@ -31,7 +31,9 @@ ++ (i.e. uncompressed) rather than 1 (zip). However, the real world ++ issues of speed and size come into play here. */ ++ ++-#if GPG_USE_AES128 +++#if GPG_USE_AES256 +++# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES256 +++#elif GPG_USE_AES128 ++ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES ++ #elif GPG_USE_CAST5 ++ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 diff --cc debian/patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch index 0000000,0000000..285241d new file mode 100644 --- /dev/null +++ b/debian/patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch @@@ -1,0 -1,0 +1,93 @@@ ++From: Daniel Kahn Gillmor ++Date: Tue, 1 Nov 2016 00:45:23 -0400 ++Subject: agent: Allow threads to interrupt main select loop with SIGCONT. ++ ++* agent/gpg-agent.c (interrupt_main_thread_loop): New function on ++non-windows platforms, allows other threads to interrupt the main loop ++if there's something that the main loop might be interested in. ++ ++-- ++ ++For example, the main loop might be interested in changes in program ++state that affect the timers it expects to see. ++ ++I don't know how to do this on Windows platforms, but i welcome any ++proposed improvements. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ agent/agent.h | 1 + ++ agent/gpg-agent.c | 18 +++++++++++++++++- ++ 2 files changed, 18 insertions(+), 1 deletion(-) ++ ++diff --git a/agent/agent.h b/agent/agent.h ++index 2b045f8..97ac15d 100644 ++--- a/agent/agent.h +++++ b/agent/agent.h ++@@ -361,6 +361,7 @@ void *get_agent_scd_notify_event (void); ++ #endif ++ void agent_sighup_action (void); ++ int map_pk_openpgp_to_gcry (int openpgp_algo); +++void interrupt_main_thread_loop (void); ++ ++ /*-- command.c --*/ ++ gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid, ++diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c ++index f9c0163..b2ce51f 100644 ++--- a/agent/gpg-agent.c +++++ b/agent/gpg-agent.c ++@@ -417,6 +417,9 @@ static int have_homedir_inotify; ++ * works reliable. */ ++ static int reliable_homedir_inotify; ++ +++/* Record the pid of the main thread, for easier signalling */ +++static pid_t main_thread_pid = (pid_t)(-1); +++ ++ /* Number of active connections. */ ++ static int active_connections; ++ ++@@ -2123,7 +2126,7 @@ get_agent_scd_notify_event (void) ++ GetCurrentProcess(), &h2, ++ EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) ++ { ++- log_error ("setting syncronize for scd notify event failed: %s\n", +++ log_error ("setting synchronize for scd notify event failed: %s\n", ++ w32_strerror (-1) ); ++ CloseHandle (h); ++ } ++@@ -2469,6 +2472,10 @@ handle_signal (int signo) ++ agent_sigusr2_action (); ++ break; ++ +++ /* nothing to do here, just take an extra cycle on the select loop */ +++ case SIGCONT: +++ break; +++ ++ case SIGTERM: ++ if (!shutdown_pending) ++ log_info ("SIGTERM received - shutting down ...\n"); ++@@ -2807,6 +2814,13 @@ start_connection_thread_ssh (void *arg) ++ } ++ ++ +++void interrupt_main_thread_loop (void) +++{ +++#ifndef HAVE_W32_SYSTEM +++ kill (main_thread_pid, SIGCONT); +++#endif +++} +++ ++ /* helper function for readability: test whether a given struct ++ timespec is set to all-zeros */ ++ static inline int ++@@ -2876,8 +2890,10 @@ handle_connections (gnupg_fd_t listen_fd, ++ npth_sigev_add (SIGUSR1); ++ npth_sigev_add (SIGUSR2); ++ npth_sigev_add (SIGINT); +++ npth_sigev_add (SIGCONT); ++ npth_sigev_add (SIGTERM); ++ npth_sigev_fini (); +++ main_thread_pid = getpid (); ++ #else ++ # ifdef HAVE_W32CE_SYSTEM ++ /* Use a dummy event. */ diff --cc debian/patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch index 0000000,0000000..b264457 new file mode 100644 --- /dev/null +++ b/debian/patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch @@@ -1,0 -1,0 +1,26 @@@ ++From: Daniel Kahn Gillmor ++Date: Tue, 1 Nov 2016 00:57:44 -0400 ++Subject: agent: Avoid scheduled checks on socket when inotify is working. ++ ++* agent/gpg-agent.c (handle_connections): When inotify is working, we ++do not need to schedule a timer to evaluate whether we control our own ++socket or not. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ agent/gpg-agent.c | 2 ++ ++ 1 file changed, 2 insertions(+) ++ ++diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c ++index 5bdbbbe..d68b5ad 100644 ++--- a/agent/gpg-agent.c +++++ b/agent/gpg-agent.c ++@@ -3043,6 +3043,8 @@ handle_connections (gnupg_fd_t listen_fd, ++ ++ /* avoid a fine-grained timer if we don't need one: */ ++ timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0; +++ /* avoid waking up to check sockets if we can count on inotify */ +++ timertbl[1].interval.tv_sec = (sock_inotify_fd == -1) ? CHECK_OWN_SOCKET_INTERVAL : 0; ++ ++ /* loop through all timers, fire any registered functions, and ++ plan next timer to trigger */ diff --cc debian/patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch index 0000000,0000000..8fe1f3a new file mode 100644 --- /dev/null +++ b/debian/patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch @@@ -1,0 -1,0 +1,101 @@@ ++From: Daniel Kahn Gillmor ++Date: Tue, 1 Nov 2016 00:14:10 -0400 ++Subject: agent: Avoid tight timer tick when possible. ++ ++* agent/gpg-agent.c (need_tick): Evaluate whether the short-phase ++handle_tick() is needed. ++(handle_connections): On each cycle of the select loop, adjust whether ++we should call handle_tick() or not. ++(start_connection_thread_ssh, do_start_connection_thread): Signal the ++main loop when the child terminates. ++* agent/call-scd.c (start_scd): Call interrupt_main_thread_loop() once ++the scdaemon thread context has started up. ++ ++-- ++ ++With this change, an idle gpg-agent that has no scdaemon running only ++wakes up once a minute (to check_own_socket). ++ ++Thanks to Ian Jackson and NIIBE Yutaka who helped me improve some of ++the blocking and corner cases. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ agent/call-scd.c | 2 ++ ++ agent/gpg-agent.c | 29 +++++++++++++++++++++++++++-- ++ 2 files changed, 29 insertions(+), 2 deletions(-) ++ ++diff --git a/agent/call-scd.c b/agent/call-scd.c ++index 16139fd..bf7732b 100644 ++--- a/agent/call-scd.c +++++ b/agent/call-scd.c ++@@ -415,6 +415,8 @@ start_scd (ctrl_t ctrl) ++ ++ primary_scd_ctx = ctx; ++ primary_scd_ctx_reusable = 0; +++ /* notify the main loop that something has changed */ +++ interrupt_main_thread_loop (); ++ ++ leave: ++ xfree (abs_homedir); ++diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c ++index b2ce51f..5bdbbbe 100644 ++--- a/agent/gpg-agent.c +++++ b/agent/gpg-agent.c ++@@ -2376,6 +2376,26 @@ create_directories (void) ++ } ++ ++ +++static int +++need_tick (void) +++{ +++#ifdef HAVE_W32_SYSTEM +++ /* We do not know how to interrupt the select loop on Windows, so we +++ always need a short tick there. */ +++ return 1; +++#else +++ /* if we were invoked like "gpg-agent cmd arg1 arg2" then we need to +++ watch our parent. */ +++ if (parent_pid != (pid_t)(-1)) +++ return 1; +++ /* if scdaemon is running, we need to check that it's alive */ +++ if (agent_scd_check_running ()) +++ return 1; +++ /* otherwise, nothing fine-grained to do. */ +++ return 0; +++#endif /*HAVE_W32_SYSTEM*/ +++} +++ ++ ++ /* This is the worker for the ticker. It is called every few seconds ++ and may only do fast operations. */ ++@@ -2729,7 +2749,8 @@ do_start_connection_thread (ctrl_t ctrl) ++ ++ agent_deinit_default_ctrl (ctrl); ++ xfree (ctrl); ++- active_connections--; +++ if (--active_connections == 0) +++ interrupt_main_thread_loop(); ++ return NULL; ++ } ++ ++@@ -2809,7 +2830,8 @@ start_connection_thread_ssh (void *arg) ++ ++ agent_deinit_default_ctrl (ctrl); ++ xfree (ctrl); ++- active_connections--; +++ if (--active_connections == 0) +++ interrupt_main_thread_loop(); ++ return NULL; ++ } ++ ++@@ -3019,6 +3041,9 @@ handle_connections (gnupg_fd_t listen_fd, ++ thus a simple assignment is fine to copy the entire set. */ ++ read_fdset = fdset; ++ +++ /* avoid a fine-grained timer if we don't need one: */ +++ timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0; +++ ++ /* loop through all timers, fire any registered functions, and ++ plan next timer to trigger */ ++ npth_clock_gettime (&curtime); diff --cc debian/patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch index 0000000,0000000..bb2c0c0 new file mode 100644 --- /dev/null +++ b/debian/patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch @@@ -1,0 -1,0 +1,191 @@@ ++From: Daniel Kahn Gillmor ++Date: Mon, 31 Oct 2016 21:27:36 -0400 ++Subject: agent: Create framework of scheduled timers. ++ ++agent/gpg-agent.c (handle_tick): Remove intermittent call to ++check_own_socket. ++(tv_is_set): Add inline helper function for readability. ++(handle_connections) Create general table of pending scheduled ++timeouts. ++ ++-- ++ ++handle_tick() does fine-grained, rapid activity. check_own_socket() ++is supposed to happen at a different interval. ++ ++Mixing the two of them makes it a requirement that one interval be a ++multiple of the other, which isn't ideal if there are different delay ++strategies that we might want in the future. ++ ++Creating an extensible regular timer framework in handle_connections ++should make it possible to have any number of cadenced timers fire ++regularly, without requiring that they happen in cadences related to ++each other. ++ ++It should also make it possible to dynamically change the cadence of ++any regularly-scheduled timeout. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ agent/gpg-agent.c | 84 +++++++++++++++++++++++++++++++++++++------------------ ++ 1 file changed, 57 insertions(+), 27 deletions(-) ++ ++diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c ++index 591f4fd..f9c0163 100644 ++--- a/agent/gpg-agent.c +++++ b/agent/gpg-agent.c ++@@ -2379,12 +2379,8 @@ create_directories (void) ++ static void ++ handle_tick (void) ++ { ++- static time_t last_minute; ++ struct stat statbuf; ++ ++- if (!last_minute) ++- last_minute = time (NULL); ++- ++ /* Check whether the scdaemon has died and cleanup in this case. */ ++ agent_scd_check_aliveness (); ++ ++@@ -2404,15 +2400,6 @@ handle_tick (void) ++ } ++ #endif /*HAVE_W32_SYSTEM*/ ++ ++- /* Code to be run from time to time. */ ++-#if CHECK_OWN_SOCKET_INTERVAL > 0 ++- if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL)) ++- { ++- check_own_socket (); ++- last_minute = time (NULL); ++- } ++-#endif ++- ++ /* Need to check for expired cache entries. */ ++ agent_cache_housekeeping (); ++ ++@@ -2820,6 +2807,15 @@ start_connection_thread_ssh (void *arg) ++ } ++ ++ +++/* helper function for readability: test whether a given struct +++ timespec is set to all-zeros */ +++static inline int +++tv_is_set (struct timespec tv) +++{ +++ return tv.tv_sec || tv.tv_nsec; +++} +++ +++ ++ /* Connection handler loop. Wait for connection requests and spawn a ++ thread after accepting a connection. */ ++ static void ++@@ -2837,9 +2833,11 @@ handle_connections (gnupg_fd_t listen_fd, ++ gnupg_fd_t fd; ++ int nfd; ++ int saved_errno; +++ int idx; ++ struct timespec abstime; ++ struct timespec curtime; ++ struct timespec timeout; +++ struct timespec *select_timeout; ++ #ifdef HAVE_W32_SYSTEM ++ HANDLE events[2]; ++ unsigned int events_set; ++@@ -2856,6 +2854,14 @@ handle_connections (gnupg_fd_t listen_fd, ++ { "browser", start_connection_thread_browser }, ++ { "ssh", start_connection_thread_ssh } ++ }; +++ struct { +++ struct timespec interval; +++ void (*func) (void); +++ struct timespec next; +++ } timertbl[] = { +++ { { TIMERTICK_INTERVAL, 0 }, handle_tick }, +++ { { CHECK_OWN_SOCKET_INTERVAL, 0 }, check_own_socket } +++ }; ++ ++ ++ ret = npth_attr_init(&tattr); ++@@ -2963,9 +2969,6 @@ handle_connections (gnupg_fd_t listen_fd, ++ listentbl[2].l_fd = listen_fd_browser; ++ listentbl[3].l_fd = listen_fd_ssh; ++ ++- npth_clock_gettime (&abstime); ++- abstime.tv_sec += TIMERTICK_INTERVAL; ++- ++ for (;;) ++ { ++ /* Shutdown test. */ ++@@ -3000,18 +3003,46 @@ handle_connections (gnupg_fd_t listen_fd, ++ thus a simple assignment is fine to copy the entire set. */ ++ read_fdset = fdset; ++ +++ /* loop through all timers, fire any registered functions, and +++ plan next timer to trigger */ ++ npth_clock_gettime (&curtime); ++- if (!(npth_timercmp (&curtime, &abstime, <))) ++- { ++- /* Timeout. */ ++- handle_tick (); ++- npth_clock_gettime (&abstime); ++- abstime.tv_sec += TIMERTICK_INTERVAL; ++- } ++- npth_timersub (&abstime, &curtime, &timeout); +++ abstime.tv_sec = abstime.tv_nsec = 0; +++ for (idx=0; idx < DIM(timertbl); idx++) +++ { +++ /* schedule any unscheduled timers */ +++ if ((!tv_is_set (timertbl[idx].next)) && tv_is_set (timertbl[idx].interval)) +++ npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next); +++ /* if a timer is due, fire it ... */ +++ if (tv_is_set (timertbl[idx].next)) +++ { +++ if (!(npth_timercmp (&curtime, &timertbl[idx].next, <))) +++ { +++ timertbl[idx].func (); +++ npth_clock_gettime (&curtime); +++ /* ...and reschedule it, if desired: */ +++ if (tv_is_set (timertbl[idx].interval)) +++ npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next); +++ else +++ timertbl[idx].next.tv_sec = timertbl[idx].next.tv_nsec = 0; +++ } +++ } +++ /* accumulate next timer to come due in abstime: */ +++ if (tv_is_set (timertbl[idx].next) && +++ ((!tv_is_set (abstime)) || +++ (npth_timercmp (&abstime, &timertbl[idx].next, >)))) +++ abstime = timertbl[idx].next; +++ } +++ /* choose a timeout for the select loop: */ +++ if (tv_is_set (abstime)) +++ { +++ npth_timersub (&abstime, &curtime, &timeout); +++ select_timeout = &timeout; +++ } +++ else +++ select_timeout = NULL; ++ ++ #ifndef HAVE_W32_SYSTEM ++- ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, +++ ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, select_timeout, ++ npth_sigev_sigmask ()); ++ saved_errno = errno; ++ ++@@ -3021,7 +3052,7 @@ handle_connections (gnupg_fd_t listen_fd, ++ handle_signal (signo); ++ } ++ #else ++- ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, +++ ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, select_timeout, ++ events, &events_set); ++ saved_errno = errno; ++ ++@@ -3066,7 +3097,6 @@ handle_connections (gnupg_fd_t listen_fd, ++ ++ if (!shutdown_pending) ++ { ++- int idx; ++ ctrl_t ctrl; ++ npth_t thread; ++ diff --cc debian/patches/import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch index 0000000,0000000..ced7570 new file mode 100644 --- /dev/null +++ b/debian/patches/import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@@ -1,0 -1,0 +1,32 @@@ ++From: Vincent Breitmoser ++Date: Thu, 13 Jun 2019 21:27:43 +0200 ++Subject: gpg: accept subkeys with a good revocation but no self-sig during ++ import ++ ++* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we ++encounter a valid revocation signature. This allows import of subkey ++revocation signatures, even in the absence of a corresponding subkey ++binding signature. ++ ++-- ++ ++This fixes the remaining test in import-incomplete.scm. ++ ++GnuPG-Bug-id: 4393 ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ g10/import.c | 1 + ++ 1 file changed, 1 insertion(+) ++ ++diff --git a/g10/import.c b/g10/import.c ++index cddb7c2..cf978e8 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -3619,6 +3619,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) ++ /* It's valid, so is it newer? */ ++ if (sig->timestamp >= rsdate) ++ { +++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ ++ if (rsnode) ++ { ++ /* Delete the last revocation sig since diff --cc debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch index 0000000,0000000..4b82a7f new file mode 100644 --- /dev/null +++ b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch @@@ -1,0 -1,0 +1,106 @@@ ++From: Vincent Breitmoser ++Date: Thu, 13 Jun 2019 21:27:42 +0200 ++Subject: gpg: allow import of previously known keys, even without UIDs ++ ++* g10/import.c (import_one): Accept an incoming OpenPGP certificate that ++has no user id, as long as we already have a local variant of the cert ++that matches the primary key. ++ ++-- ++ ++This fixes two of the three broken tests in import-incomplete.scm. ++ ++GnuPG-Bug-id: 4393 ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ g10/import.c | 44 +++++++++++--------------------------------- ++ 1 file changed, 11 insertions(+), 33 deletions(-) ++ ++diff --git a/g10/import.c b/g10/import.c ++index 0a72a76..cddb7c2 100644 ++--- a/g10/import.c +++++ b/g10/import.c ++@@ -1801,7 +1801,6 @@ import_one_real (ctrl_t ctrl, ++ size_t an; ++ char pkstrbuf[PUBKEY_STRING_SIZE]; ++ int merge_keys_done = 0; ++- int any_filter = 0; ++ KEYDB_HANDLE hd = NULL; ++ ++ if (r_valid) ++@@ -1838,14 +1837,6 @@ import_one_real (ctrl_t ctrl, ++ log_printf ("\n"); ++ } ++ ++- ++- if (!uidnode ) ++- { ++- if (!silent) ++- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); ++- return 0; ++- } ++- ++ if (screener && screener (keyblock, screener_arg)) ++ { ++ log_error (_("key %s: %s\n"), keystr_from_pk (pk), ++@@ -1920,17 +1911,10 @@ import_one_real (ctrl_t ctrl, ++ } ++ } ++ ++- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) ++- { ++- if (!silent) ++- { ++- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); ++- if (!opt.quiet ) ++- log_info(_("this may be caused by a missing self-signature\n")); ++- } ++- stats->no_user_id++; ++- return 0; ++- } +++ /* Delete invalid parts, and note if we have any valid ones left. +++ * We will later abort import if this key is new but contains +++ * no valid uids. */ +++ delete_inv_parts (ctrl, keyblock, keyid, options); ++ ++ /* Get rid of deleted nodes. */ ++ commit_kbnode (&keyblock); ++@@ -1940,24 +1924,11 @@ import_one_real (ctrl_t ctrl, ++ { ++ apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); ++ commit_kbnode (&keyblock); ++- any_filter = 1; ++ } ++ if (import_filter.drop_sig) ++ { ++ apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); ++ commit_kbnode (&keyblock); ++- any_filter = 1; ++- } ++- ++- /* If we ran any filter we need to check that at least one user id ++- * is left in the keyring. Note that we do not use log_error in ++- * this case. */ ++- if (any_filter && !any_uid_left (keyblock)) ++- { ++- if (!opt.quiet ) ++- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); ++- stats->no_user_id++; ++- return 0; ++ } ++ ++ /* The keyblock is valid and ready for real import. */ ++@@ -2015,6 +1986,13 @@ import_one_real (ctrl_t ctrl, ++ err = 0; ++ stats->skipped_new_keys++; ++ } +++ else if (err && !any_uid_left (keyblock)) +++ { +++ if (!silent) +++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); +++ err = 0; +++ stats->no_user_id++; +++ } ++ else if (err) /* Insert this key. */ ++ { ++ /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --cc debian/patches/import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch index 0000000,0000000..37ddeea new file mode 100644 --- /dev/null +++ b/debian/patches/import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch @@@ -1,0 -1,0 +1,201 @@@ ++From: Vincent Breitmoser ++Date: Thu, 13 Jun 2019 21:27:41 +0200 ++Subject: tests: add test cases for import without uid ++ ++This commit adds a test case that does the following, in order: ++- Import of a primary key plus user id ++- Check that import of a subkey works, without a user id present in the ++imported key ++- Check that import of a subkey revocation works, without a user id or ++subkey binding signature present in the imported key ++- Check that import of a primary key revocation works, without a user id ++present in the imported key ++ ++-- ++ ++Note that this test currently fails. The following changesets will ++fix gpg so that the tests pass. ++ ++GnuPG-Bug-id: 4393 ++Signed-Off-By: Daniel Kahn Gillmor ++--- ++ tests/openpgp/Makefile.am | 1 + ++ tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ ++ .../import-incomplete/primary+revocation.asc | 9 +++ ++ .../primary+subkey+sub-revocation.asc | 10 ++++ ++ .../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ ++ .../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ ++ tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ ++ 7 files changed, 118 insertions(+) ++ create mode 100755 tests/openpgp/import-incomplete.scm ++ create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc ++ create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc ++ create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc ++ create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc ++ create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc ++ ++diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am ++index f6014c9..6423da1 100644 ++--- a/tests/openpgp/Makefile.am +++++ b/tests/openpgp/Makefile.am ++@@ -78,6 +78,7 @@ XTESTS = \ ++ gpgv-forged-keyring.scm \ ++ armor.scm \ ++ import.scm \ +++ import-incomplete.scm \ ++ import-revocation-certificate.scm \ ++ ecc.scm \ ++ 4gb-packet.scm \ ++diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm ++new file mode 100755 ++index 0000000..727a027 ++--- /dev/null +++++ b/tests/openpgp/import-incomplete.scm ++@@ -0,0 +1,68 @@ +++#!/usr/bin/env gpgscm +++ +++;; Copyright (C) 2016 g10 Code GmbH +++;; +++;; This file is part of GnuPG. +++;; +++;; GnuPG is free software; you can redistribute it and/or modify +++;; it under the terms of the GNU General Public License as published by +++;; the Free Software Foundation; either version 3 of the License, or +++;; (at your option) any later version. +++;; +++;; GnuPG is distributed in the hope that it will be useful, +++;; but WITHOUT ANY WARRANTY; without even the implied warranty of +++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +++;; GNU General Public License for more details. +++;; +++;; You should have received a copy of the GNU General Public License +++;; along with this program; if not, see . +++ +++(load (in-srcdir "tests" "openpgp" "defs.scm")) +++(setup-environment) +++ +++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) +++ +++(info "Test import of new subkey, from a certificate without uid") +++(define keyid "573EA710367356BB") +++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) +++(tr:do +++ (tr:pipe-do +++ (pipe:gpg `(--list-keys --with-colons ,keyid))) +++ (tr:call-with-content +++ (lambda (c) +++ ;; XXX we do not have a regexp library +++ (unless (any (lambda (line) +++ (and (string-prefix? line "sub:") +++ (string-contains? line "573EA710367356BB"))) +++ (string-split-newlines c)) +++ (exit 1))))) +++ +++(info "Test import of a subkey revocation, from a certificate without uid") +++(define keyid "573EA710367356BB") +++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) +++(tr:do +++ (tr:pipe-do +++ (pipe:gpg `(--list-keys --with-colons ,keyid))) +++ (tr:call-with-content +++ (lambda (c) +++ ;; XXX we do not have a regexp library +++ (unless (any (lambda (line) +++ (and (string-prefix? line "sub:r:") +++ (string-contains? line "573EA710367356BB"))) +++ (string-split-newlines c)) +++ (exit 1))))) +++ +++(info "Test import of revocation, from a certificate without uid") +++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) +++(tr:do +++ (tr:pipe-do +++ (pipe:gpg `(--list-keys --with-colons ,keyid))) +++ (tr:call-with-content +++ (lambda (c) +++ ;; XXX we do not have a regexp library +++ (unless (any (lambda (line) +++ (and (string-prefix? line "pub:r:") +++ (string-contains? line "0843DA969AA8DAFB"))) +++ (string-split-newlines c)) +++ (exit 1))))) +++ ++diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc ++new file mode 100644 ++index 0000000..6b7b608 ++--- /dev/null +++++ b/tests/openpgp/import-incomplete/primary+revocation.asc ++@@ -0,0 +1,9 @@ +++-----BEGIN PGP PUBLIC KEY BLOCK----- +++Comment: [E] primary key, revocation signature over primary (no user ID) +++ +++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ +++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ +++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 +++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== +++=tM90 +++-----END PGP PUBLIC KEY BLOCK----- ++diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc ++new file mode 100644 ++index 0000000..83a51a5 ++--- /dev/null +++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc ++@@ -0,0 +1,10 @@ +++-----BEGIN PGP PUBLIC KEY BLOCK----- +++Comment: [D] primary key, subkey, subkey revocation (no user ID) +++ +++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ +++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK +++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC +++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ +++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= +++=dwx2 +++-----END PGP PUBLIC KEY BLOCK----- ++diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc ++new file mode 100644 ++index 0000000..dc47a02 ++--- /dev/null +++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc ++@@ -0,0 +1,10 @@ +++-----BEGIN PGP PUBLIC KEY BLOCK----- +++Comment: [B] primary key, subkey, subkey binding sig (no user ID) +++ +++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ +++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK +++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC +++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR +++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= +++=xuDu +++-----END PGP PUBLIC KEY BLOCK----- ++diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc ++new file mode 100644 ++index 0000000..134607d ++--- /dev/null +++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc ++@@ -0,0 +1,10 @@ +++-----BEGIN PGP PUBLIC KEY BLOCK----- +++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) +++ +++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ +++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 +++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu +++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN +++9ohXOEBWvdJgVv2YAg== +++=KWIK +++-----END PGP PUBLIC KEY BLOCK----- ++diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc ++new file mode 100644 ++index 0000000..055f300 ++--- /dev/null +++++ b/tests/openpgp/import-incomplete/primary+uid.asc ++@@ -0,0 +1,10 @@ +++-----BEGIN PGP PUBLIC KEY BLOCK----- +++Comment: [A] primary key, user ID, and self-sig expiring in 2021 +++ +++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ +++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC +++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja ++++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI +++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= +++=1eII +++-----END PGP PUBLIC KEY BLOCK----- diff --cc debian/patches/keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch index 0000000,0000000..1ee45e9 new file mode 100644 --- /dev/null +++ b/debian/patches/keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch @@@ -1,0 -1,0 +1,69 @@@ ++From: Daniel Kahn Gillmor ++Date: Thu, 11 Jul 2019 21:52:11 -0400 ++Subject: Use hkps://keys.openpgp.org as the default keyserver ++ ++As of 2.2.17, GnuPG will refuse to accept any third-party ++certifications from OpenPGP certificates pulled from the keyserver ++network. ++ ++The SKS keyserver network currently has at least a dozen popular ++certificates which are flooded with enough unusable third-party ++certifications that they cannot be retrieved in any reasonable amount ++of time. ++ ++The hkps://keys.openpgp.org keyserver installation offers HKPS, ++performs cryptographic validation, and by policy does not distribute ++third-party certifications anyway. ++ ++It is not distributed or federated yet, unfortunately, but it is ++functional, which is more than can be said for the dying SKS pool. ++And given that GnuPG is going to reject all the third-party ++certifications anyway, there is no clear "web of trust" rationale for ++relying on the SKS pool. ++ ++One sticking point is that keys.openpgp.org does not distribute user ++IDs unless the user has proven control of the associated e-mail ++address. This means that on standard upstream GnuPG, retrieving ++revocations or subkey updates of those certificates will fail, because ++upstream GnuPG ignores any incoming certificate without a user ID, ++even if it knows a user ID in the local copy of the certificate (see ++https://dev.gnupg.org/T4393). ++ ++However, we have three patches in ++debian/patches/import-merge-without-userid/ that together fix that ++bug. ++ ++Signed-off-by: Daniel Kahn Gillmor ++ ++(cherry picked from commit 59e8aac9d6f2ee322a753373013032bbb13e3eb3) ++--- ++ configure.ac | 2 +- ++ doc/dirmngr.texi | 2 +- ++ 2 files changed, 2 insertions(+), 2 deletions(-) ++ ++diff --git a/configure.ac b/configure.ac ++index 8c68cb8..d601356 100644 ++--- a/configure.ac +++++ b/configure.ac ++@@ -1870,7 +1870,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon", ++ AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr", ++ [The name of the dirmngr socket]) ++ AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER, ++- "hkps://hkps.pool.sks-keyservers.net", +++ "hkps://keys.openpgp.org", ++ [The default keyserver for dirmngr to use, if none is explicitly given]) ++ ++ AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix]) ++diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi ++index 8e6cbc6..d79447f 100644 ++--- a/doc/dirmngr.texi +++++ b/doc/dirmngr.texi ++@@ -328,7 +328,7 @@ whether Tor is locally running or not. The check for a running Tor is ++ done for each new connection. ++ ++ If no keyserver is explicitly configured, dirmngr will use the ++-built-in default of hkps://hkps.pool.sks-keyservers.net. +++built-in default of hkps://keys.openpgp.org. ++ ++ @item --nameserver @var{ipaddr} ++ @opindex nameserver diff --cc debian/patches/keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch index 0000000,0000000..32a4945 new file mode 100644 --- /dev/null +++ b/debian/patches/keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch @@@ -1,0 -1,0 +1,31 @@@ ++From: Daniel Kahn Gillmor ++Date: Sun, 30 Jun 2019 11:54:35 -0400 ++Subject: dirmngr: Only use SKS pool CA for SKS pool ++ ++* dirmngr/http.c (http_session_new): when checking whether the ++keyserver is the HKPS pool, check specifically against the pool name, ++as ./configure might have been used to select a different default ++keyserver. It makes no sense to apply Kristian's certificate ++authority to anything other than the literal host ++hkps.pool.sks-keyservers.net. ++ ++Signed-off-by: Daniel Kahn Gillmor ++ ++(cherry picked from commit 3233382068b7c477907daac697164b81ae45a7f4) ++--- ++ dirmngr/http.c | 2 +- ++ 1 file changed, 1 insertion(+), 1 deletion(-) ++ ++diff --git a/dirmngr/http.c b/dirmngr/http.c ++index 1ba8e79..869e146 100644 ++--- a/dirmngr/http.c +++++ b/dirmngr/http.c ++@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, ++ ++ is_hkps_pool = (intended_hostname ++ && !ascii_strcasecmp (intended_hostname, ++- get_default_keyserver (1))); +++ "hkps.pool.sks-keyservers.net")); ++ ++ /* If the user has not specified a CA list, and they are looking ++ * for the hkps pool from sks-keyservers.net, then default to diff --cc debian/patches/keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch index 0000000,0000000..5c74ab3 new file mode 100644 --- /dev/null +++ b/debian/patches/keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch @@@ -1,0 -1,0 +1,51 @@@ ++From: Daniel Kahn Gillmor ++Date: Mon, 15 Jul 2019 16:24:35 -0400 ++Subject: gpg: drop import-clean from default keyserver import options ++ ++* g10/gpg.c (main): drop IMPORT_CLEAN from the ++default opt.keyserver_options.import_options ++* doc/gpg.texi: reflect this change in the documentation ++ ++Given that SELF_SIGS_ONLY is already set, it's not clear what ++additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN ++means that receiving an OpenPGP certificate from a keyserver will ++potentially delete data that is otherwise held in the local keyring, ++which is surprising to users who expect retrieval from the keyservers ++to be purely additive. ++ ++GnuPG-Bug-Id: 4628 ++Signed-off-by: Daniel Kahn Gillmor ++ ++(cherry picked from commit 84bce011aaa2db19f10c1f763110e840c7b7019f) ++--- ++ doc/gpg.texi | 2 +- ++ g10/gpg.c | 3 +-- ++ 2 files changed, 2 insertions(+), 3 deletions(-) ++ ++diff --git a/doc/gpg.texi b/doc/gpg.texi ++index c8fb241..0f13589 100644 ++--- a/doc/gpg.texi +++++ b/doc/gpg.texi ++@@ -1907,7 +1907,7 @@ are available for all keyserver types, some common options are: ++ ++ @end table ++ ++-The default list of options is: "self-sigs-only, import-clean, +++The default list of options is: "self-sigs-only, ++ repair-keys, repair-pks-subkey-bug, export-attributes, ++ honor-pka-record". ++ ++diff --git a/g10/gpg.c b/g10/gpg.c ++index 6e5e901..f05a493 100644 ++--- a/g10/gpg.c +++++ b/g10/gpg.c ++@@ -2374,8 +2374,7 @@ main (int argc, char **argv) ++ opt.export_options = EXPORT_ATTRIBUTES; ++ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS ++ | IMPORT_REPAIR_PKS_SUBKEY_BUG ++- | IMPORT_SELF_SIGS_ONLY ++- | IMPORT_CLEAN); +++ | IMPORT_SELF_SIGS_ONLY); ++ opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; ++ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; ++ opt.verify_options = (LIST_SHOW_UID_VALIDITY diff --cc debian/patches/series index 0000000,0000000..d59aace new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,99 @@@ ++debian-packaging/avoid-beta-warning.patch ++debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch ++block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch ++dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch ++dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch ++dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch ++gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch ++gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch ++gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch ++gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch ++from-master/gpg-default-to-3072-bit-RSA-keys.patch ++from-master/gpg-default-to-AES-256.patch ++from-master/agent-Fix-cancellation-handling-for-scdaemon.patch ++update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch ++update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch ++Make-gpg-zip-use-tar-from-PATH.patch ++fix-spelling.patch ++from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch ++from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch ++from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch ++from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch ++from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch ++from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch ++from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch ++from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch ++from-2.2.14/common-Fix-gnupg_wait_processes.patch ++from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch ++from-2.2.14/gpg-Fix-comparison.patch ++from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch ++from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch ++from-2.2.14/gpgsm-default-to-3072-bit-keys.patch ++from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch ++from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch ++from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch ++from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch ++from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch ++from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch ++from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch ++from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch ++from-2.2.14/tests-Add-sample-secret-key-w-o-binding-signatures.patch ++from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch ++from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch ++from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch ++from-2.2.15/doc-fix-formatting-error.patch ++from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch ++from-2.2.15/doc-Clarify-option-no-keyring.patch ++from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch ++from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch ++from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch ++from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch ++from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch ++from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch ++from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch ++from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch ++from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch ++from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch ++from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch ++from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch ++from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch ++from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch ++from-2.2.16/g10-Fix-possible-null-dereference.patch ++from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch ++from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch ++from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch ++from-2.2.16/gpgconf-Support-homedir-for-launch.patch ++from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch ++from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch ++from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch ++from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch ++from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch ++from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch ++from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch ++from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch ++from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch ++from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch ++from-2.2.17/doc-wks.texi-fix-typo.patch ++from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch ++from-2.2.17/spelling-Fix-synchronize.patch ++from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch ++from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch ++from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch ++from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch ++from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch ++from-2.2.17/Mention-sender-in-documentation.patch ++from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch ++from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch ++from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch ++from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch ++from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch ++from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch ++from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch ++from-2.2.18-prerelease/gpg-Improve-import-slowness.patch ++from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch ++keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch ++keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch ++keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch ++import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch ++import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch ++import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch diff --cc debian/patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch index 0000000,0000000..97580e8 new file mode 100644 --- /dev/null +++ b/debian/patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch @@@ -1,0 -1,0 +1,64 @@@ ++From: Daniel Kahn Gillmor ++Date: Thu, 7 Sep 2017 18:49:35 -0400 ++Subject: gpg: Default to SHA-512 for all signature types on RSA keys. ++ ++* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in ++--gnupg mode (leave strict RFC and PGP modes alone). ++* configure.ac: Do not allow disabling sha512. ++* g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512. ++ ++-- ++ ++SHA512 is more performant on most 64-bit platforms than SHA256, and ++offers a better security margin. It is also widely implemented. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ configure.ac | 2 +- ++ g10/main.h | 2 +- ++ g10/misc.c | 5 +---- ++ 3 files changed, 3 insertions(+), 6 deletions(-) ++ ++diff --git a/configure.ac b/configure.ac ++index b5a72e6..8c68cb8 100644 ++--- a/configure.ac +++++ b/configure.ac ++@@ -317,7 +317,7 @@ GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash]) ++ GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash]) ++ # SHA256 is a MUST algorithm for GnuPG. ++ GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash]) ++-GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash]) +++# SHA512 is a MUST algorithm for GnuPG. ++ ++ ++ # Allow disabling of zip support. ++diff --git a/g10/main.h b/g10/main.h ++index 6f93de9..dcd3767 100644 ++--- a/g10/main.h +++++ b/g10/main.h ++@@ -41,7 +41,7 @@ ++ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES ++ #endif ++ ++-#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) +++#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA512:DIGEST_ALGO_SHA1) ++ #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 ++ #ifdef HAVE_ZIP ++ # define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP ++diff --git a/g10/misc.c b/g10/misc.c ++index 9780969..86baff9 100644 ++--- a/g10/misc.c +++++ b/g10/misc.c ++@@ -743,11 +743,8 @@ map_md_openpgp_to_gcry (digest_algo_t algo) ++ case DIGEST_ALGO_SHA384: return 0; ++ #endif ++ ++-#ifdef GPG_USE_SHA512 ++ case DIGEST_ALGO_SHA512: return GCRY_MD_SHA512; ++-#else ++- case DIGEST_ALGO_SHA512: return 0; ++-#endif +++ ++ default: return 0; ++ } ++ } diff --cc debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch index 0000000,0000000..fb7bdba new file mode 100644 --- /dev/null +++ b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch @@@ -1,0 -1,0 +1,46 @@@ ++From: Daniel Kahn Gillmor ++Date: Wed, 3 Jan 2018 12:34:26 -0500 ++Subject: gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences. ++ ++* g10/keygen.c (keygen_set_std_prefs): prefer SHA-512 ++and SHA-384 by default. ++ ++-- ++ ++In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the ++defaults for --default-preference-list to advertise a preference for ++SHA-512, without touching --personal-digest-preferences. This makes ++the same change for --personal-digest-preferences, since every modern ++OpenPGP library supports them all. ++ ++Signed-off-by: Daniel Kahn Gillmor ++--- ++ g10/keygen.c | 10 +++++----- ++ 1 file changed, 5 insertions(+), 5 deletions(-) ++ ++diff --git a/g10/keygen.c b/g10/keygen.c ++index 492c65f..a8333b0 100644 ++--- a/g10/keygen.c +++++ b/g10/keygen.c ++@@ -386,16 +386,16 @@ keygen_set_std_prefs (const char *string,int personal) ++ if (personal) ++ { ++ /* The default internal hash algo order is: ++- * SHA-256, SHA-384, SHA-512, SHA-224, SHA-1. +++ * SHA-512, SHA-384, SHA-256, SHA-224, SHA-1. ++ */ ++- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) ++- strcat (dummy_string, "H8 "); +++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) +++ strcat (dummy_string, "H10 "); ++ ++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) ++ strcat (dummy_string, "H9 "); ++ ++- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) ++- strcat (dummy_string, "H10 "); +++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) +++ strcat (dummy_string, "H8 "); ++ } ++ else ++ { diff --cc debian/rules index 0000000,0000000..30f22d9 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,89 @@@ ++#!/usr/bin/make -f ++# debian/rules file - for GnuPG ++# Copyright 1994,1995 by Ian Jackson. ++# Copyright 1998-2003 by James Troup. ++# Copyright 2003-2004 by Matthias Urlichs. ++# ++# I hereby give you perpetual unlimited permission to copy, ++# modify and relicense this file, provided that you do not remove ++# my name from the file itself. (I assert my moral right of ++# paternity under the Copyright, Designs and Patents Act 1988.) ++# This file may have to be extensively modified ++ ++include /usr/share/dpkg/architecture.mk ++ ++export DEB_BUILD_MAINT_OPTIONS = hardening=+all ++ ++# avoid -pie for gpgv-static on kfreebsd-amd64, and x32 ++# platforms, which cannot support it by default: ++ifeq (,$(filter $(DEB_HOST_ARCH), kfreebsd-amd64 x32)) ++GPGV_STATIC_HARDENING = "-pie" ++else ++GPGV_STATIC_HARDENING = "" ++endif ++ ++# Avoid parallel tests on hppa and riscv64 architecture. ++# Parallel tests generates high load on machine which causes timeouts and thus ++# triggers unexpected failures. ++ifeq (,$(filter $(DEB_HOST_ARCH), hppa riscv64)) ++AUTOTEST_FLAGS = "--parallel" ++else ++AUTOTEST_FLAGS = "--no-parallel" ++endif ++ ++%: ++ dh $@ --with=autoreconf --builddirectory=build ++ ++GPGV_UDEB_UNNEEDED = gpgtar bzip2 gpgsm scdaemon dirmngr doc tofu exec ldap gnutls sqlite libdns ++ ++WIN32_FLAGS=LDFLAGS="-Xlinker --no-insert-timestamp -static" CFLAGS="-g -Os" CPPFLAGS= ++ ++override_dh_auto_configure: ++ dh_auto_configure --builddirectory=build-gpgv-udeb -- \ ++ $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) ++ dh_auto_configure --builddirectory=build-maintainer -- \ ++ --enable-maintainer-mode \ ++ $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) ++ dh_auto_configure --builddirectory=build -- --libexecdir=\$${prefix}/lib/gnupg \ ++ --enable-wks-tools \ ++ --enable-all-tests \ ++ --with-agent-s2k-calibration=300 \ ++ --enable-symcryptrun --enable-large-secmem ++ ++override_dh_auto_build-arch: ++ dh_auto_build --builddirectory=build-gpgv-udeb ++ dh_auto_build --builddirectory=build ++ dh_auto_build --builddirectory=build-maintainer ++ cp -a build-gpgv-udeb build-gpgv-static ++ rm -f build-gpgv-static/g10/gpgv ++ cd build-gpgv-static/g10 && $(MAKE) LDFLAGS="$$LDFLAGS $(GPGV_STATIC_HARDENING) -static" gpgv ++ mv build-gpgv-static/g10/gpgv build-gpgv-static/g10/gpgv-static ++ ++override_dh_auto_build-indep: ++ mkdir -p build-gpgv-win32 ++ cd build-gpgv-win32 && $(WIN32_FLAGS) ../configure \ ++ $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) \ ++ $(foreach x, libgpg-error libgcrypt libassuan ksba npth, --with-$x-prefix=/usr/i686-w64-mingw32) \ ++ --enable-gpg2-is-gpg \ ++ --with-zlib=/usr/i686-w64-mingw \ ++ --prefix=/usr/i686-w64-mingw32 \ ++ --host i686-w64-mingw32 ++ cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libcommon.a ++ cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libgpgrl.a ++ cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libsimple-pwquery.a ++ cd build-gpgv-win32/kbx && $(WIN32_FLAGS) $(MAKE) libkeybox.a ++ cd build-gpgv-win32/g10 && $(WIN32_FLAGS) $(MAKE) gpgv.exe ++ strip build-gpgv-win32/g10/gpgv.exe ++ ++ ++override_dh_auto_test: ++ dh_auto_test --builddirectory=build -- verbose=3 TESTFLAGS=$(AUTOTEST_FLAGS) ++ ++override_dh_shlibdeps: ++# Make ldap a recommends rather than a hard dependency. ++ dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr* ++ dh_shlibdeps -Ndirmngr ++ ++# visualizations of package dependencies: ++debian/%.png: debian/%.dot ++ dot -T png -o $@ $< diff --cc debian/scdaemon.examples index 0000000,0000000..29f41a8 new file mode 100644 --- /dev/null +++ b/debian/scdaemon.examples @@@ -1,0 -1,0 +1,1 @@@ ++doc/examples/scd-event diff --cc debian/scdaemon.install index 0000000,0000000..5b7bd35 new file mode 100644 --- /dev/null +++ b/debian/scdaemon.install @@@ -1,0 -1,0 +1,2 @@@ ++debian/org.gnupg.scdaemon.metainfo.xml usr/share/metainfo ++debian/tmp/usr/lib/gnupg/scdaemon diff --cc debian/scdaemon.manpages index 0000000,0000000..9efee23 new file mode 100644 --- /dev/null +++ b/debian/scdaemon.manpages @@@ -1,0 -1,0 +1,1 @@@ ++debian/tmp/usr/share/man/man1/scdaemon.1 diff --cc debian/scdaemon.udev index 0000000,0000000..c992e4a new file mode 100644 --- /dev/null +++ b/debian/scdaemon.udev @@@ -1,0 -1,0 +1,65 @@@ ++# do not edit this file, it will be overwritten on update ++ ++SUBSYSTEM!="usb", GOTO="gnupg_rules_end" ++ACTION!="add", GOTO="gnupg_rules_end" ++ ++# USB SmartCard Readers ++## Cherry GmbH (XX33, ST2000) ++SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and SPR532) ++SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Omnikey AG (CardMan 3821, CardMan 6121) ++SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Gemalto ++SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Reiner (SCT cyberJack) ++SUBSYSTEM=="usb", ATTR{idVendor}=="0c4b", ATTR{idProduct}=="0500", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Kobil (KAAN) ++SUBSYSTEM=="usb", ATTR{idVendor}=="0d46", ATTR{idProduct}=="2012", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## VASCO (DIGIPASS 920) ++SUBSYSTEM=="usb", ATTR{idVendor}=="1a44", ATTR{idProduct}=="0920", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Crypto Stick ++SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Nitrokey ++SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Gnuk Token ++SUBSYSTEM=="usb", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Alcor Micro Corp cardreader (in ThinkPad X250) ++SUBSYSTEM=="usb", ATTR{idVendor}=="058f", ATTR{idProduct}=="9540", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Fujitsu Siemens ++SUBSYSTEM=="usb", ATTR{idVendor}=="0bf8", ATTR{idProduct}=="1006", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Yubico ++# Yubikey NEO OTP+CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++# Yubikey NEO CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0112", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++# Yubikey NEO U2F+CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++# Yubikey NEO OTP+U2F+CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++# Yubikey 4 CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0404", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++# Yubikey 4 OTP+CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0405", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++# Yubikey 4 U2F+CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++# Yubikey 4 OTP+U2F+CCID ++SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0407", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++## Trustica Cryptoucan ++SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", ATTR{idProduct}=="81e6", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" ++ ++LABEL="gnupg_rules_end" diff --cc debian/simplified-package-dependencies.dot index 0000000,0000000..2edb3fb new file mode 100644 --- /dev/null +++ b/debian/simplified-package-dependencies.dot @@@ -1,0 -1,0 +1,43 @@@ ++#!/usr/bin/dot ++ ++# interrelationships between binary packages produced by gnupg2 source ++# package, if we were to move to the simplified package structure: ++ ++# it would be good to graph the external dependencies as well. ++ ++digraph gnupg2 { ++ # odd-duck packages: ++ node [shape=box]; ++ gpgv_udeb [label="gpgv-udeb"]; ++ gpgv_static [label="gpgv-static"]; ++ gpgv_win32 [label="gpgv-win32"]; ++ ++ # meta-packages, transitional packages: ++ node [shape=diamond]; ++ gnupg_agent [label="gnupg-agent"]; ++ gnupg2; ++ gpgv2; ++ gpgsm; ++ dirmngr; ++ ++ node [shape=ellipse]; ++ gnupg_l10n [label="gnupg-l10n"]; ++ ++ # depends: ++ edge [color=black]; ++ scdaemon -> gnupg; ++ gnupg2 -> gnupg; ++ gnupg_agent -> gnupg; ++ gpgsm -> gnupg; ++ dirmngr -> gnupg; ++ gpgv2 -> gpgv; ++ ++ # recommends: ++ edge [color=red]; ++ gnupg -> gnupg_l10n; ++ gnupg -> gpgv; ++ ++ # suggests: ++ edge [color=blue]; ++ gpgv -> gnupg; ++} diff --cc debian/source/format index 0000000,0000000..163aaf8 new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/source/lintian-overrides index 0000000,0000000..14caca0 new file mode 100644 --- /dev/null +++ b/debian/source/lintian-overrides @@@ -1,0 -1,0 +1,2 @@@ ++# doc merely references / cites IETF RFC: ++gnupg2 source: license-problem-non-free-RFC doc/OpenPGP diff --cc debian/systemd-environment-generator/90gpg-agent index 0000000,0000000..38fea9c new file mode 100755 --- /dev/null +++ b/debian/systemd-environment-generator/90gpg-agent @@@ -1,0 -1,0 +1,10 @@@ ++#!/bin/bash ++ ++# Author: rufo ++# See https://bugs.debian.org/855868 ++ ++if [ -n "$(gpgconf --list-options gpg-agent | \ ++ awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then ++ echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) ++ echo GSM_SKIP_SSH_AGENT_WORKAROUND=true ++fi diff --cc debian/tests/control index 0000000,0000000..7f84c8b new file mode 100644 --- /dev/null +++ b/debian/tests/control @@@ -1,0 -1,0 +1,11 @@@ ++Tests: gpgv-win32 ++Depends: gpgv-win32, gnupg2, gpgv2, wine32, diffutils ++Restrictions: allow-stderr, skip-not-installable ++ ++Tests: simple-tests ++Depends: gnupg2, gpgv2 ++Restrictions: allow-stderr ++ ++Tests: migration ++Depends: gpg, gnupg1, gnupg-utils, debian-archive-keyring, diffutils ++Restrictions: allow-stderr diff --cc debian/tests/gpgv-win32 index 0000000,0000000..035c060 new file mode 100755 --- /dev/null +++ b/debian/tests/gpgv-win32 @@@ -1,0 -1,0 +1,34 @@@ ++#!/bin/bash ++ ++set -e ++ ++export GNUPGHOME=$(mktemp -d) ++gpgargs=(--batch --quiet --pinentry-mode=loopback --passphrase '' --with-colons) ++ ++# Generate a minimal signing key: ++gpg "${gpgargs[@]}" --quick-gen-key 'Test key for gpgv-win32 ' ++ ++gpg "${gpgargs[@]}" -o "$GNUPGHOME/key.gpg" --export test-key@example.com ++ ++# Sign this very script ++rm -f "${0}.gpg" ++gpg "${gpgargs[@]}" --output "${0}.gpg" --detach-sign "${0}" ++ ++# Verify using gpgv ++gpgv --quiet --status-fd 3 3> native.status --keyring "$GNUPGHOME/key.gpg" "${0}.gpg" "${0}" ++ ++WINE=/usr/lib/wine/wine ++export WINESERVER=/usr/lib/wine/wineserver32 ++ ++# Verify using gpgv.exe (using --status-fd 1 because i don't know how ++# to pass a non-standard file descriptor into wine) ++"$WINE" /usr/share/win32/gpgv.exe --quiet --status-fd 1 > win32.status --keyring "Z://${GNUPGHOME}/key.gpg" "${0}.gpg" "${0}" ++ ++# convert to unix newlines if necessary: ++sed -i 's/\r$//' win32.status ++ ++diff -u native.status win32.status ++ ++head -v win32.status ++ ++rm -rf "$GNUPGHOME" diff --cc debian/tests/migration index 0000000,0000000..b676999 new file mode 100755 --- /dev/null +++ b/debian/tests/migration @@@ -1,0 -1,0 +1,20 @@@ ++#!/bin/bash ++ ++set -e ++set -x ++ ++DIR=$(mktemp -d) ++GPG_HOME="$DIR/gnupg" ++gpg=(gpg --homedir "$GPG_HOME" --batch --quiet --with-colons) ++gpg1=(gpg1 --homedir "$GPG_HOME" --batch --quiet --with-colons) ++ ++mkdir "$GPG_HOME" ++chmod 700 "$GPG_HOME" ++ ++cat /usr/share/keyrings/debian-archive-*.gpg | "${gpg1[@]}" --import ++"${gpg1[@]}" --list-keys ++"${gpg[@]}" --list-keys > "$DIR/key.list.before" ++migrate-pubring-from-classic-gpg "$GPG_HOME" ++"${gpg[@]}" --list-keys > "$DIR/key.list.after" ++ ++diff -u "$DIR/key.list.before" "$DIR/key.list.after" diff --cc debian/tests/simple-tests index 0000000,0000000..97d4ab4 new file mode 100755 --- /dev/null +++ b/debian/tests/simple-tests @@@ -1,0 -1,0 +1,34 @@@ ++#!/bin/sh ++ ++set -e ++set -x ++ ++DIR=$(mktemp -d) ++GPG_HOME=$DIR/gnupg ++gpg="gpg --homedir $GPG_HOME" ++ ++mkdir $GPG_HOME ++chmod 700 $GPG_HOME ++ ++#trap "cd $HOME && rm -rf $DIR" EXIT ++ ++cd $DIR ++ ++cat > key-batch << EOF ++Key-Type: default ++Subkey-Type: default ++Name-Real: test case ++Name-Email: example@example.com ++Expire-Date: 0 ++%no-protection ++%commit ++EOF ++ ++$gpg --batch --generate-key key-batch ++$gpg -abs < $GPG_HOME/pubring.kbx > pubring.kbx.asc ++$gpg --verify pubring.kbx.asc $GPG_HOME/pubring.kbx ++gpgv --keyring $GPG_HOME/pubring.kbx pubring.kbx.asc $GPG_HOME/pubring.kbx ++ ++# Encrypt ++$gpg -e -r example@example.com < $GPG_HOME/pubring.kbx > pubring.kbx.gpg ++$gpg -d -r example@example.com < pubring.kbx.gpg > pubring.kbx.gpg.dec diff --cc debian/upstream/signing-key.asc index 0000000,0000000..4cefd75 new file mode 100644 --- /dev/null +++ b/debian/upstream/signing-key.asc @@@ -1,0 -1,0 +1,112 @@@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++ ++mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I ++Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg ++jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 ++KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u ++qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB ++1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk ++aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW ++AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s ++hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8 ++5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8 ++Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc ++WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC ++E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2L ++gQEIAKHwucgbaRj0V7Ht0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX ++1bDVwr/iTPaPPEtpi7oQoHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHUL ++hzKsGg5FC6pRYcEyzRXHtv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7 ++nJdwG1cGQOZOIDQQM41gBzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOM ++EJwlo0+NYx2Yn75x66bYwdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6J ++sPmXEyeAyLiCWSh7Rwq8uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2f ++AgAKCRAkmznSTyXjtrsSCACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU ++3BO8iQ0Koy+m0QKY1kWjaHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4Mep ++TgpxNiw4+XmykCkN1AfVhvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu ++1GGTTOH0r12Ochc/um+QGAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1 ++Lku4bIVG1Huwo1/0WHc2vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacut ++ZXQQ2PPCIY7LlpuS/45CXWbT5Y+mxY3y7dbz4aF+8uyCmQENBFRQXwcBCACHWajy ++v6RVZVM2w2XK6uba11kqJBt15WCkGBwOeojd8BXnwLecLwNW4rmpUZk8H+Nu7jaN ++zwFcY/WXpQ/7nXktAvkalO1XSlFZQ7TZY65MtkFVByrne/NuDXFWjfWtZX3qaoYA +++zyUZQKbT1+m6JUpCiM7r8iGSDv9ufN5JtxfleT14ouHIHu2dqS5gl5FibhuOz5g ++MCkrwgVDJ69gXymNNxstNI0k9b1YsKyjOzLXWvjF19FxNaMBFXPlXNOdD4/Hxi2y ++eNDerA0kGmyowsJ0M3tgaGH+aXA+OB2r9QV/n5tjp/d7DS+yEGoicFDJwFKZjKhf ++Rh7ewBL85Hie7llpABEBAAG0PkRhdmlkIFNoYXcgKEdudVBHIFJlbGVhc2UgU2ln ++bmluZyBLZXkpIDxkc2hhd0BqYWJiZXJ3b2NreS5jb20+iQEfBDABAgAJBQJYn3pR ++Ah0gAAoJEAQ3bz7ghWlZdmsH/ApwZWbcBg2zYE3+psWhZpiVNyTbePiglJlhjbUf ++77cCfFsVhim5WG+YrTu8hcaf5/G9kZrsb4SvyMnqR2RXierKS6rBrE6TZHixb3Kh ++6z2QqkC5ftGo/7lruMnW61cmDvt4sEUuUJviSTxTTBvnw0ct1zfgLvRWVzWdqQXU ++w82oM8AOg0zQ0Ix/LoxwoX2hFNNThxLQHyitYdHlMdPhkO8/k92cei+n2fWbwtb5 ++VOxXhoCWYAxOmr0JSiqYJhzBYakLhkqcPS8s8uAbt+jEaYot0NdQemUeJPJIy/rl ++LWYdPNnPf9Ma5pGlNVDIQ9A6iC5JniFnmrmyI6McqdtQAui0JkRhdmlkIFNoYXcg ++KEdudVBHIFJlbGVhc2UgU2lnbmluZyBLZXkpiQE+BBMBAgAoBQJYn3oyAhsDBQkJ ++unbuBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAEN28+4IVpWcUJB/46snb+ +++ypPIhQjUPHVHb9U8r92QSh/XLi6xxJcqokzpif7fCvh+DrenlLOQznwB1PDPBmT ++lffv2p7XvEAPMoaEOA/i67phDzsjaUrHkevsv0fAIqX8yHmVKQ773hhD+VbuO29o ++J7h7LIQ5yrJScpmNmE2FjnjcHGHnr9UaoU4RQVqA9jyHEVt+aRvKvQEzMtFlSIkn ++6rBNeU5HHh6oHhlzkNUP9hExRPBorodWEH0r7E2C+CORloR9ZG/EK4rU+Fkp1mdV ++Stt2maNfG5QxaFgseT9X+QMeD7ktht5I/t05coSL/1dKyUjiHp84K8uZIfi09LPI ++2dT9ikq5JHN8zHXZuQENBFRQXwcBCACh1PSJ34Lo8xXsLwnETw84a9fbADpAvDb0 ++RI7Razz4mr0Q9DfXXiYf6wL6QOzB4IMzJpjfiLyC+HqFbEb0l9mZKRFS/RBfbO+V ++zCvxI5n11fOtXuKn5CCnM7bZ5hGcf9EH4pZ8XOpKinnWx3VSWzjWoqmEMSb9kCed ++PDFhZfqMSU4Kki56ZMCJLGmq2M9dV+1yFITLTr9sNEW4LgV699TlpZODcVJkRmmT ++QoXlFkF3O859f0/Ad/YXGGBC0uQCx2+9bMNOhgPSo55wz8wa3V2ivIGjwiQCIcn5 ++NE3JWLr98Cr+uKDdusXkRMY3tbkhFEagt61j77hg77WBjsRr7W1nABEBAAGJASUE ++GAECAA8FAlRQXwcCGyAFCQm6du4ACgkQBDdvPuCFaVno8Af+JMwLn4f9iePsbUo6 ++OHKi58+gz6P6DgRzxGYQDq9g5YiLwXgBTzqJLpKrYeRldIrEuABhta6x4UdLpAD+ ++pk8M90i/xNx4TeMxbdkSaaacKxLpyaRCGmNEIq5YZ9o7JkgRXYFPoSt74xTmNT7B ++GqRskaTUFLybJAeRlE3/l2B+jmzIVgpjhPrhnsO+VtAXvRwIBGWwjCTiU3pAn+Kp ++odH1zaxa3Md/EC91y0Cl2DnDwZFwSl0MyJ56OFr+UExFNhVZjW+sSD76aSSG8I6Q ++GKUMUUJWiM6dJ1MnLt01mOIGUQXCWZyMur3zgLkVHCPn543QF6/mFmxahst5Gq3x ++A4YyUbkBDQRUUF8HAQgArhuRQ9LFKWYTwYcAjgU1AMD5BnMi8s+l/WnkmoVQukl5 ++6XB9W1uPqo588rBdW9qbTIc6LKsyd992Vn/r5BeM/rrlF1uw/MQM/EIf3vZ4aZ3D ++zJX3nCY8JVqjIFMf1cENNfbnaHS8+OBxts4tS9S5gFXwLviKvoRKgDbSD+uNgQaM ++n9QC2AEYh8yjRWTZBzr/vDEzeM0/FRz/qHmiKCBSSB1sVyDMLaw4BSPecnQJLTV0 ++08m4CUY9GOKD2jrX8+K6ZI5XL3x58B62yMstLTTKwCaPGPt4W7Gd/vdMk7IAi0pk +++/eLsrgsiAxlfAvvU7HTTNR3Obof78miZKiuq0uU5QARAQABiQElBBgBAgAPBQJU ++UF8HAhsMBQkJunbuAAoJEAQ3bz7ghWlZuTEH/RrOy+kD14k+vqg27cjDhoK8tCL0 ++jaOh0Zemw2DcY34BOnc8oyLbUqyd6qRhfPDFj7bscDA1JASYx7I6HfueQ9ckyUGA ++nT5pXsnacCPdqzfXSCdXeRgh3w1e8uL5gueCp9PJCnF50OEF5LJNgsA/3qYO1S4Y ++VD39NYEXTCNmQGoWWWeyaZQKz2UyZ1oVSTVxPX9HW/CIbPWYBpTPI/Y01SdeygTb ++lOR5eD4p/3lCTFLQLcL1L5wDiMIIdcS4YXEx7j7ohu5uxV6khQWuXNtRpilgHyXA ++VC62hInWotzaMVxbTRDLZnZI5VgnmjIyFk16LRkWyBD22nY+G0gKObkl+8+ZAQ0E ++VEOpUgEIALSTx5koOY2p2ZrA6Un+brYvaDy5dP/7+8AQZvXJqJvT3Ejq18ZfNuqU ++PCsshlwmxIhP+e39qMmchVtzfXfu9rhdvAzOwOkAwfiaaJOiqT6LMQKEabaSfOsv ++CGh+VHxoawovflChlP96t2N+A94JEu9/bl8ew3YlvRYgzMLnpWQx4WjNr70dnmGu ++R6aab6A+8i+ERSinELI5LyYrlaMHjPMh3IMl+SpWke9p80/Q3gsix50p3IdyP8re ++Rjgp6OX30ZbXPWycGA9qag3b97nY9/opPDYWOxIZnvahqVyuQFHjBpxSLMbEpxEP ++ZjpdrSD2bBOhZ00FAIggj65PM7OrUQMAEQEAAbQhV2VybmVyIEtvY2ggKFJlbGVh ++c2UgU2lnbmluZyBLZXkpiQE9BBMBCAAnBQJUQ6lSAhsDBQkLqgX1BQsJCAcCBhUI ++CQoLAgQWAgMBAh4BAheAAAoJEIqGGxx+/WDZofsH/AhbqZWZObNbbFzWrUxR2ywT ++FAGER442ttYn8eIZk/8xppuBD/7Bm5OFMDB8YznMVAE6+sE4ZRGEg1TqVhCVw6tW ++j5XxnWY1AoVZorElpjkq7VsHU65f0UcsSIyJuiAe7l+MkhcETxeue+556PIVDmD+ ++5fbFwaAJaUx7j2xHcr6USXef3fFOZI2E/navSBOMyNuopYpRogYnk5xZKu9rB1+o ++teTFHymGrYCUccR/Glxmw6n2ZmKtZhDmNyAaAU/QthdTD9GfEWk5yuPjmq5+bIQv ++1AkqMFXlFocluq6R5/BQic9C1VSYg2pDHO1KHlDFA/a2xQ8h4SLlECgLAslqbzOZ ++AQ0EVFA7IwEIAOYQcDfRdzqin/vZlwl1AyuJW+cDI3bYvesRtOIAJ+8FqOzp+nOZ ++7a4mULkXUeRh3HcO91wughXoR3qP3klWIlqgTQQHxPVM25BEvnGPuMA86lWnKoSs ++Xe9F5h0IMiu6aURvzMJC9VMgKwhhgCjejFf9n8zuiBkMN457Ubnt/9jxhpxmorDQ ++Cpb7bR1mfdbsuCmOXwTNfbkAoGXceL/P6z9PskKrFk8CVCr8pseRiHzWgib4Bfr/ ++mj68LKcQTH/Y6R16g154eC6PAvxrEDA+hgpVX0I7L781Byh9nqC+KDX5LvlGuQbg ++B2IvrgLs6lfU3aRfTwqUDMj37rmXJTDy3TMAEQEAAbQyTklJQkUgWXV0YWthIChH ++bnVQRyBSZWxlYXNlIEtleSkgPGduaWliZUBmc2lqLm9yZz6JATwEEwEIACYCGwMF ++CwcICQMEFQgJCgUWAgMBAAIeAQIXgAUCWA8UWQUJC0uQNgAKCRAgcbCKM70/Brxv ++CADASJRs/b6GHEklwHUDrr89oDNpDo7zB8zelZUvVT9OiI5089g53oxWcC5sScPH ++vJmY1KNI8NtrqNR0REIQ653t0tSGszzHk1AlDc6VhTMVzXOkgMq8PWqVmvIKLhlF ++ib9xzsFbPBBQNhPVHbQydrhuzGP/nguSv2njgMrnWRG70vK4GcqUxawbQXDSlFmY ++c+xUZ+tx8RJmCxN6eiNfWQ163NVk2sxdqM9fM8punLlEa+sGkW3UnplE7IaS5ygg ++WV8yfNm1wYFzZ33ZnN4LUtuGZjN2Xyv62M7RA5Ik5LNkdYMA8H+UbQ6Wn+Sw9rnx ++EnWy7k/vG5QJbHG4GCwXMA6ruQENBFRQOyMBCAC94CWuMHLmP1B7oFxU0FjKv3D6 ++RTpLSLqC/nqRWeKVdlSddR4LnO/r9ahRsGgekAEVyeD04SKAD7g3OWMhWvEsK6aY ++gmzc0cLJCJRTsLW+X7kRWo33KUAKIpKYO8VF8iErWejajvo5UgN3y1V/anqlBU45 ++DalLk/mu6JXOr6t7u83+IscTrFQTkW17wOxoc6i9zDOU1FoWZFyNU+hxpPCGndfn ++S25qzaEpb1qzxYoHpyttCkGX4R3siX6gAkRLIPhsYK4sZihBZhTBgHdAVYSYkCrK ++hRNWoSb3XpUhdT5l88uPozwxXruXmzk6WCv6ZdCJ+0rGShwJjU1j6g+Fksk9ABEB ++AAGJASUEGAEIAA8CGwwFAlgPFEYFCQtLkCMACgkQIHGwijO9PwYKDQf9HXQ1Rb4n ++eC/s//vRfwqpEsYTqGLgd/O8d/0BrHojE1d6iyidZIGX40Sgmq1OPUZE9GtW5l2W ++uwjychrIySR8NnQ8h9cN0agYjLfp+3sJFGYRGsL2J7EmJVPUd6+gHcq2L5+zhm3e ++98aaSxMlS5QGcE9IyDtdNeTUBya3kg6ltazSo9ztzGV6n585P2UiSQnL1fsvik5i ++QkD8k6DcygmhBnxfbny5jPaV7PTcpxwY8k6jHIL8Z144GYHZYbuHMQuwH357vRgv ++q0epdh+7JxJmtDtS8gpnR/U2kVhogSwPQnB06ztcPvXnwZznYGrw+Z3a57w+ef2M ++Z4bi8gOtEd0zhw== ++=3t3v ++-----END PGP PUBLIC KEY BLOCK----- diff --cc debian/watch index 0000000,0000000..e1c393d new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,5 @@@ ++version=4 ++ ++opts=pgpsigurlmangle=s/$/.sig/ \ ++ https://gnupg.org/ftp/gcrypt/gnupg/gnupg@ANY_VERSION@@ARCHIVE_EXT@ \ ++ debian