From ec0763923f968edf59d03e25d3714a049c4e78d4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 1 Jul 2022 17:06:43 +0100 Subject: [PATCH] Import gnupg2_2.2.12-1+deb10u2.debian.tar.xz [dgit import tarball gnupg2 2.2.12-1+deb10u2 gnupg2_2.2.12-1+deb10u2.debian.tar.xz] --- NEWS | 30 + Xsession.d/90gpg-agent | 22 + changelog | 2343 +++++++++++++++++ clean | 9 + compat | 1 + control | 502 ++++ copyright | 253 ++ dirmngr.NEWS | 49 + dirmngr.README.Debian | 47 + dirmngr.docs | 5 + dirmngr.install | 6 + dirmngr.links | 1 + dirmngr.maintscript | 5 + dirmngr.manpages | 2 + gbp.conf | 37 + gnupg-l10n.install | 2 + gnupg-utils.install | 12 + gnupg-utils.manpages | 12 + gnupg.README.Debian | 44 + gnupg.docs | 8 + gnupg.info | 3 + gnupg2.links | 2 + gpg-agent.NEWS | 19 + gpg-agent.README.Debian | 82 + gpg-agent.examples | 2 + gpg-agent.install | 11 + gpg-agent.links | 6 + gpg-agent.logcheck.ignore.server | 11 + gpg-agent.manpages | 3 + gpg-check-pattern.1 | 36 + gpg-wks-client.1 | 178 ++ gpg-wks-client.install | 1 + gpg-wks-client.manpages | 1 + gpg-wks-server.1 | 180 ++ gpg-wks-server.install | 1 + gpg-wks-server.manpages | 1 + gpg-zip.1 | 106 + gpg.install | 1 + gpg.manpages | 1 + gpgcompose.1 | 56 + gpgconf.examples | 1 + gpgconf.install | 3 + gpgconf.manpages | 2 + gpgsm.install | 1 + gpgsm.manpages | 1 + gpgsplit.1 | 41 + gpgv-static.1 | 32 + gpgv-static.install | 1 + gpgv-static.lintian-overrides | 3 + gpgv-static.manpages | 1 + gpgv-udeb.install | 1 + gpgv-win32.install | 1 + gpgv.install | 1 + gpgv.manpages | 1 + gpgv2.links | 2 + kbxutil.1 | 62 + lspgpot.1 | 22 + migrate-pubring-from-classic-gpg | 108 + migrate-pubring-from-classic-gpg.1 | 94 + org.gnupg.scdaemon.metainfo.xml | 51 + package-dependencies.dot | 73 + patches/Make-gpg-zip-use-tar-from-PATH.patch | 27 + ...Avoid-simple-memory-dumps-via-ptrace.patch | 89 + .../debian-packaging/avoid-beta-warning.patch | 44 + ...erating-defsincdate-use-shipped-file.patch | 37 + ...automatically-checking-upstream-swdb.patch | 47 + ...mngr-Avoid-need-for-hkp-housekeeping.patch | 226 ++ ...d-potential-race-condition-when-some.patch | 81 + patches/fix-spelling.patch | 39 + ...nce-compiler-warnings-new-with-gcc-8.patch | 98 + ...nentry-cache-when-it-causes-an-error.patch | 176 ++ ...initialization-of-assuan-s-nPth-hook.patch | 38 + ...tions-timeout-and-http-proxy-as-obso.patch | 54 + ...ing-Ed25519-key-from-an-existing-key.patch | 29 + ...tus-if-no-key-was-found-with-list-ke.patch | 26 + ...rying-to-create-a-primary-Elgamal-ke.patch | 38 + ...e-compression-for-the-encrypted-data.patch | 50 + ...gent-Fix-for-suggested-Libgcrypt-use.patch | 61 + ...mode-ssh-option-for-CLEAR_PASSPHRASE.patch | 63 + .../common-Fix-gnupg_wait_processes.patch | 82 + ...-protection-exception-for-protonmail.patch | 87 + ...-of-PGP-desktop-exported-secret-keys.patch | 658 +++++ ...ecret-keys-if-the-keyblock-is-not-va.patch | 367 +++ ...-out-on-v5-keys-in-the-local-keyring.patch | 121 + ...-key-import-print-sec-instead-of-pub.patch | 135 + patches/from-2.2.14/gpg-Fix-comparison.patch | 26 + ...ary-key-algos-obvious-in-key-listing.patch | 51 + ...cm-Build-well-even-if-NDEBUG-defined.patch | 45 + .../gpgsm-default-to-3072-bit-keys.patch | 131 + ...ve-documentation-for-keyring-choices.patch | 45 + ...sh-cancel-by-user-and-protocol-error.patch | 68 + ...as-de-vs-compliant-if-it-leads-to-SH.patch | 66 + ...ttestation-extensions-with-dump-cert.patch | 95 + ...d-disable-scdaemon-in-gpg-agent.conf.patch | 98 + ...le-secret-key-w-o-binding-signatures.patch | 100 + ...her-ssh-fingerprint-algos-in-KEYINFO.patch | 69 + .../doc-Clarify-option-no-keyring.patch | 27 + .../doc-fix-formatting-error.patch | 24 + ...ven-if-expired-other-keys-are-config.patch | 49 + ...nd-print-wkd-hash-for-gpg-wks-client.patch | 295 +++ ...and-print-wkd-url-for-gpg-wks-client.patch | 149 ++ ...SH-key-don-t-put-NUL-byte-at-the-end.patch | 31 + ...n-after-reload-when-disable_scdaemon.patch | 61 + ...for-uri-and-comment-on-64-bit-big-en.patch | 63 + ...rmngr-Add-a-CSRF-expection-for-pm.me.patch | 43 + ...er-hash-algorithms-than-SHA-1-in-OCS.patch | 235 ++ ...etter-error-code-for-http-status-413.patch | 62 + ...on-gpg-s-deprecated-keyserver-option.patch | 82 + .../doc-Minor-doc-fix-to-dirmngr.patch | 31 + .../doc-Minor-edit-for-a-gpg-option.patch | 27 + ...rrect-documentation-for-gpgconf-kill.patch | 35 + ...ix-double-free-when-locating-by-mbox.patch | 44 + .../g10-Fix-possible-null-dereference.patch | 35 + ...metric-cipher-algo-constant-for-ECDH.patch | 46 + ...ccept-also-armored-data-from-the-WKD.patch | 33 + ...on-of-subkeys-with-delete-secret-key.patch | 279 ++ ...sig_packet-to-replace-SHA-1-by-SHA-2.patch | 39 + ...tion-of-user-ids-larger-than-our-par.patch | 142 + ...-invalid-packet-in-the-local-keyring.patch | 49 + ...delete-any-keys-if-dry-run-is-passed.patch | 46 + ...nt-to-use-the-deprecated-keyserver-o.patch | 35 + ...t-use-EdDSA-algo-ID-for-ECDSA-curves.patch | 56 + ...to-the-number-of-keys-imported-from-.patch | 74 + ...t-the-addrspec-from-the-Signer-s-UID.patch | 52 + ...port-of-cleartext-keys-with-comments.patch | 38 + ...h-check-that-the-config-file-is-fine.patch | 63 + .../gpgconf-Support-homedir-for-launch.patch | 99 + .../Mention-sender-in-documentation.patch | 30 + ...r-code-for-some-getinfo-IPC-commands.patch | 86 + ...dless-loop-in-case-of-HTTP-error-503.patch | 143 + ...e-the-redirection-for-the-openpgpkey.patch | 55 + ...ew-WKD-draft-with-the-openpgpkey-sub.patch | 143 + ...ing-of-HTTPS-redirections-during-HKP.patch | 46 + .../from-2.2.17/doc-wks.texi-fix-typo.patch | 23 + ...y-and-import-clean-to-the-keyserver-.patch | 59 + ...port-fallback-if-the-options-are-alr.patch | 27 + ...t-with-self-sigs-only-on-too-large-k.patch | 222 ++ ...-regression-in-option-self-sigs-only.patch | 68 + ...read_block-in-import.c-more-flexible.patch | 72 + ...-and-keyserver-option-self-sigs-only.patch | 136 + .../spelling-Fix-synchronize.patch | 88 + ...conf-Killing-order-is-children-first.patch | 39 + ...n-t-add-system-CAs-for-SKS-HKPS-pool.patch | 32 + .../gpg-Fix-keyring-retrieval.patch | 40 + .../gpg-Improve-import-slowness.patch | 77 + ...x-cancellation-handling-for-scdaemon.patch | 140 + ...led-status-messages-in-NOTATION_DATA.patch | 47 + .../gpg-default-to-3072-bit-RSA-keys.patch | 116 + .../from-master/gpg-default-to-AES-256.patch | 35 + ...ads-to-interrupt-main-select-loop-wi.patch | 93 + ...duled-checks-on-socket-when-inotify-.patch | 26 + ...Avoid-tight-timer-tick-when-possible.patch | 101 + ...Create-framework-of-scheduled-timers.patch | 191 ++ ...th-a-good-revocation-but-no-self-sig.patch | 32 + ...reviously-known-keys-even-without-UI.patch | 106 + ...dd-test-cases-for-import-without-uid.patch | 201 ++ ...openpgp.org-as-the-default-keyserver.patch | 69 + ...gr-Only-use-SKS-pool-CA-for-SKS-pool.patch | 31 + ...-from-default-keyserver-import-optio.patch | 51 + patches/series | 100 + ...HA-512-for-all-signature-types-on-RS.patch | 64 + ...A-512-and-SHA-384-in-personal-digest.patch | 46 + rules | 89 + scdaemon.examples | 1 + scdaemon.install | 2 + scdaemon.manpages | 1 + scdaemon.udev | 65 + simplified-package-dependencies.dot | 43 + source/format | 1 + source/lintian-overrides | 2 + systemd-environment-generator/90gpg-agent | 10 + tests/control | 11 + tests/gpgv-win32 | 34 + tests/migration | 20 + tests/simple-tests | 34 + upstream/signing-key.asc | 112 + watch | 5 + 177 files changed, 13669 insertions(+) create mode 100644 NEWS create mode 100644 Xsession.d/90gpg-agent create mode 100644 changelog create mode 100644 clean create mode 100644 compat create mode 100644 control create mode 100644 copyright create mode 100644 dirmngr.NEWS create mode 100644 dirmngr.README.Debian create mode 100644 dirmngr.docs create mode 100644 dirmngr.install create mode 100644 dirmngr.links create mode 100644 dirmngr.maintscript create mode 100644 dirmngr.manpages create mode 100644 gbp.conf create mode 100644 gnupg-l10n.install create mode 100644 gnupg-utils.install create mode 100644 gnupg-utils.manpages create mode 100644 gnupg.README.Debian create mode 100644 gnupg.docs create mode 100644 gnupg.info create mode 100644 gnupg2.links create mode 100644 gpg-agent.NEWS create mode 100644 gpg-agent.README.Debian create mode 100644 gpg-agent.examples create mode 100644 gpg-agent.install create mode 100644 gpg-agent.links create mode 100644 gpg-agent.logcheck.ignore.server create mode 100644 gpg-agent.manpages create mode 100644 gpg-check-pattern.1 create mode 100644 gpg-wks-client.1 create mode 100644 gpg-wks-client.install create mode 100644 gpg-wks-client.manpages create mode 100644 gpg-wks-server.1 create mode 100644 gpg-wks-server.install create mode 100644 gpg-wks-server.manpages create mode 100644 gpg-zip.1 create mode 100644 gpg.install create mode 100644 gpg.manpages create mode 100644 gpgcompose.1 create mode 100644 gpgconf.examples create mode 100644 gpgconf.install create mode 100644 gpgconf.manpages create mode 100644 gpgsm.install create mode 100644 gpgsm.manpages create mode 100644 gpgsplit.1 create mode 100644 gpgv-static.1 create mode 100644 gpgv-static.install create mode 100644 gpgv-static.lintian-overrides create mode 100644 gpgv-static.manpages create mode 100644 gpgv-udeb.install create mode 100644 gpgv-win32.install create mode 100644 gpgv.install create mode 100644 gpgv.manpages create mode 100644 gpgv2.links create mode 100644 kbxutil.1 create mode 100644 lspgpot.1 create mode 100755 migrate-pubring-from-classic-gpg create mode 100644 migrate-pubring-from-classic-gpg.1 create mode 100644 org.gnupg.scdaemon.metainfo.xml create mode 100644 package-dependencies.dot create mode 100644 patches/Make-gpg-zip-use-tar-from-PATH.patch create mode 100644 patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch create mode 100644 patches/debian-packaging/avoid-beta-warning.patch create mode 100644 patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch create mode 100644 patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch create mode 100644 patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch create mode 100644 patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch create mode 100644 patches/fix-spelling.patch create mode 100644 patches/from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch create mode 100644 patches/from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch create mode 100644 patches/from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch create mode 100644 patches/from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch create mode 100644 patches/from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch create mode 100644 patches/from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch create mode 100644 patches/from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch create mode 100644 patches/from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch create mode 100644 patches/from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch create mode 100644 patches/from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch create mode 100644 patches/from-2.2.14/common-Fix-gnupg_wait_processes.patch create mode 100644 patches/from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch create mode 100644 patches/from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch create mode 100644 patches/from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch create mode 100644 patches/from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch create mode 100644 patches/from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch create mode 100644 patches/from-2.2.14/gpg-Fix-comparison.patch create mode 100644 patches/from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch create mode 100644 patches/from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch create mode 100644 patches/from-2.2.14/gpgsm-default-to-3072-bit-keys.patch create mode 100644 patches/from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch create mode 100644 patches/from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch create mode 100644 patches/from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch create mode 100644 patches/from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch create mode 100644 patches/from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch create mode 100644 patches/from-2.2.14/tests-Add-sample-secret-key-w-o-binding-signatures.patch create mode 100644 patches/from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch create mode 100644 patches/from-2.2.15/doc-Clarify-option-no-keyring.patch create mode 100644 patches/from-2.2.15/doc-fix-formatting-error.patch create mode 100644 patches/from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch create mode 100644 patches/from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch create mode 100644 patches/from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch create mode 100644 patches/from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch create mode 100644 patches/from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch create mode 100644 patches/from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch create mode 100644 patches/from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch create mode 100644 patches/from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch create mode 100644 patches/from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch create mode 100644 patches/from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch create mode 100644 patches/from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch create mode 100644 patches/from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch create mode 100644 patches/from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch create mode 100644 patches/from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch create mode 100644 patches/from-2.2.16/g10-Fix-possible-null-dereference.patch create mode 100644 patches/from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch create mode 100644 patches/from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch create mode 100644 patches/from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch create mode 100644 patches/from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch create mode 100644 patches/from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch create mode 100644 patches/from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch create mode 100644 patches/from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch create mode 100644 patches/from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch create mode 100644 patches/from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch create mode 100644 patches/from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch create mode 100644 patches/from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch create mode 100644 patches/from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch create mode 100644 patches/from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch create mode 100644 patches/from-2.2.16/gpgconf-Support-homedir-for-launch.patch create mode 100644 patches/from-2.2.17/Mention-sender-in-documentation.patch create mode 100644 patches/from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch create mode 100644 patches/from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch create mode 100644 patches/from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch create mode 100644 patches/from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch create mode 100644 patches/from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch create mode 100644 patches/from-2.2.17/doc-wks.texi-fix-typo.patch create mode 100644 patches/from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch create mode 100644 patches/from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch create mode 100644 patches/from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch create mode 100644 patches/from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch create mode 100644 patches/from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch create mode 100644 patches/from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch create mode 100644 patches/from-2.2.17/spelling-Fix-synchronize.patch create mode 100644 patches/from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch create mode 100644 patches/from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch create mode 100644 patches/from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch create mode 100644 patches/from-2.2.18-prerelease/gpg-Improve-import-slowness.patch create mode 100644 patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch create mode 100644 patches/from-master/g10-Fix-garbled-status-messages-in-NOTATION_DATA.patch create mode 100644 patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch create mode 100644 patches/from-master/gpg-default-to-AES-256.patch create mode 100644 patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch create mode 100644 patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch create mode 100644 patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch create mode 100644 patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch create mode 100644 patches/import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch create mode 100644 patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch create mode 100644 patches/import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch create mode 100644 patches/keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch create mode 100644 patches/keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch create mode 100644 patches/keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch create mode 100644 patches/series create mode 100644 patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch create mode 100644 patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch create mode 100755 rules create mode 100644 scdaemon.examples create mode 100644 scdaemon.install create mode 100644 scdaemon.manpages create mode 100644 scdaemon.udev create mode 100644 simplified-package-dependencies.dot create mode 100644 source/format create mode 100644 source/lintian-overrides create mode 100755 systemd-environment-generator/90gpg-agent create mode 100644 tests/control create mode 100755 tests/gpgv-win32 create mode 100755 tests/migration create mode 100755 tests/simple-tests create mode 100644 upstream/signing-key.asc create mode 100644 watch diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..3005e93 --- /dev/null +++ b/NEWS @@ -0,0 +1,30 @@ +gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium + + In this version we adopt GnuPG's upstream approach of making keyserver + access default to self-sigs-only. This defends against receiving + flooded OpenPGP certificates. To revert to the previous behavior (not + recommended!), add the following directive to ~/.gnupg/gpg.conf: + + keyserver-options no-self-sigs-only + + We also adopt keys.openpgp.org as the default keyserver, since it avoids + the associated bandwidth waste of fetching third-party certifications + that will not be used. To revert to the older SKS keyserver network (not + recommended!), add the following directive to ~/.gnupg/dirmngr.conf: + + keyserver hkps://hkps.pool.sks-keyservers.net + + Note: we do *not* adopt upstream's choice of import-clean for the + keyserver default, since it can lead to data loss, see + https://dev.gnupg.org/T4628 for more details. + + -- Daniel Kahn Gillmor Wed, 21 Aug 2019 14:53:47 -0400 + +gnupg2 (2.1.11-7+exp1) experimental; urgency=medium + + The gnupg package now provides the "modern" version of GnuPG. + + Please read /usr/share/doc/gnupg/README.Debian for details about the + transition from "classic" to "modern" + + -- Daniel Kahn Gillmor Wed, 30 Mar 2016 09:59:35 -0400 diff --git a/Xsession.d/90gpg-agent b/Xsession.d/90gpg-agent new file mode 100644 index 0000000..8b45b05 --- /dev/null +++ b/Xsession.d/90gpg-agent @@ -0,0 +1,22 @@ +# On systems with systemd running, we expect the agent to be launched +# via systemd's user mode (see +# /usr/lib/systemd/user/gpg-agent.{socket,service} and +# systemd.unit(5)). This allows systemd to clean up the agent +# automatically at logout. + +# If systemd is absent from your system, or you do not permit it to +# run in user mode, then you may need to manually launch gpg-agent +# from your session initialization with something like "gpgconf +# --launch gpg-agent" + +# Nonetheless, ssh and older versions of gpg require environment +# variables to be set in order to find the agent, so we will set those +# here. + +agent_sock=$(gpgconf --list-dirs agent-socket) +export GPG_AGENT_INFO=${agent_sock}:0:1 +if [ -n "$(gpgconf --list-options gpg-agent | \ + awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) +fi + diff --git a/changelog b/changelog new file mode 100644 index 0000000..0a8e558 --- /dev/null +++ b/changelog @@ -0,0 +1,2343 @@ +gnupg2 (2.2.12-1+deb10u2) buster-security; urgency=high + + [ Roger Shimizu ] + * d/control: Update Build-Depends: libgpg-error-dev (>= 1.35) + + [ Daniel Kahn Gillmor ] + * fix broken status line (Closes: #1014157) + + -- Daniel Kahn Gillmor Fri, 01 Jul 2022 12:06:43 -0400 + +gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium + + * drop unneeded patch for printing revocation certificates + * backport bugfix and stability patches from upstream 2.2.13 + * backport bugfix and stability patches from upstream 2.2.14 + * backport documentation, stability, ssh, and WKD patches from upstream 2.2.15 + * backport documentation and bugfix patches from upstream 2.2.16 + * import bugfixes and cleanup around secret key handling from 2.2.14 + * backport bugfixes, documentation, WKD, and keyserver fixes from 2.2.17 + * import efficiency and security fixes from upstream STABLE-BRANCH-2-2 + * avoid using SKS pool CA unless the keyserver is hkps.pool.sks-keyservers.net + * drop import-clean from default keyserver options, to avoid data loss + * use keys.openpgp.org as the default keyserver + * enable merging certificate updates even if update has no user ID + * update Vcs-Git: to point to debian/buster branch + * Adopt migrate-pubring-from-classic-gpg robustness fixes (Closes: #931385) + * add new CI test: debian/tests/simple-tests + * debian/tests/gpgv-win32: make arch-specific (Closes: #905563) + + -- Daniel Kahn Gillmor Thu, 22 Aug 2019 15:11:59 -0400 + +gnupg2 (2.2.12-1) unstable; urgency=medium + + * New upstream release + * refresh patches + + -- Daniel Kahn Gillmor Fri, 14 Dec 2018 20:17:16 -0500 + +gnupg2 (2.2.11-1) unstable; urgency=medium + + * new upstream release + * refresh patches + * refresh upstream/signing-key.asc + * deprecate gpg-zip + * gnupg-utils: ship gpgtar, since gpg-zip is deprecated + * Make gpg-zip use tar from $PATH (Closes: #913582) + * fix spelling mistakes in tools documentation + + -- Daniel Kahn Gillmor Sun, 18 Nov 2018 17:38:30 -0500 + +gnupg2 (2.2.10-3) unstable; urgency=medium + + [ Bjarni Ingi Gislason ] + * clean up nroff for gpg-check-pattern.1 (Closes: #900247) + + [ Daniel Kahn Gillmor ] + * backport fix for subkey binding sigs + + -- Daniel Kahn Gillmor Mon, 08 Oct 2018 11:36:01 -0400 + +gnupg2 (2.2.10-2) unstable; urgency=medium + + * import upstream minor bugfixes + * wrap-and-sort -ast + * actually ship gpgcompose in gnupg-utils + * drop debian/source/options (thanks, Lintian!) + + -- Daniel Kahn Gillmor Sun, 30 Sep 2018 11:40:42 -0500 + +gnupg2 (2.2.10-1) unstable; urgency=medium + + * new upstream maintenance release + * drop patches already upstream + * refresh patches + * Standards-Version: bump to 4.2.1 (no changes needed) + + -- Daniel Kahn Gillmor Thu, 30 Aug 2018 11:57:15 -0400 + +gnupg2 (2.2.9-2) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * spell Tor correctly (Closes: #895398) + * Standards-Version: bump to 4.2.0 (no changes needed) + * corrected license in AppStream file + * standardize udev rules for Yubikey USB devices and claim them in AppStream + * from upstream: s2k bugfix, support for Trustica Cryptoucan + * Claim Trustica Cryptoucan via AppStream + + [ Jiří Keresteš ] + * udev rule for Trustica Cryptoucan + + -- Daniel Kahn Gillmor Fri, 24 Aug 2018 09:48:15 -0400 + +gnupg2 (2.2.9-1) unstable; urgency=medium + + * New upstream release + * Standards-Version: bump to 4.1.5 (no changes needed) + * drop patches already upstream + * refresh patches + + -- Daniel Kahn Gillmor Thu, 19 Jul 2018 14:02:31 -0400 + +gnupg2 (2.2.8-3) unstable; urgency=medium + + * Ensure arch: all gnupg package supports binMNUs + + -- Daniel Kahn Gillmor Thu, 21 Jun 2018 12:18:14 -0400 + +gnupg2 (2.2.8-2) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * import bugfixes and improvements from upstream/STABLE-BRANCH-2-2 + * ensure that revocation certificates show up in --show-keys output + (see 7c79bf7f71aa594102cb684b0abd8331bdac4608) + * try passing not explicit paths to wine for the gpgv-win32 test + * d/copyright: clarify debian/* licensing + * convert gnupg metapackage to Architecture: all + + [ Giovanni Mascellani ] + * avoid parallel tests on riscv64 (Closes: #901646) + + -- Daniel Kahn Gillmor Wed, 20 Jun 2018 06:56:09 -0400 + +gnupg2 (2.2.8-1) unstable; urgency=medium + + * New upstream release + * refresh patches + + -- Daniel Kahn Gillmor Fri, 08 Jun 2018 10:08:36 -0400 + +gnupg2 (2.2.7-1) unstable; urgency=medium + + * new upstream release + * update/refresh patches, improve patch description + * bump standards-version to 4.1.4 (no changes needed) + + -- Daniel Kahn Gillmor Wed, 23 May 2018 11:50:27 -0400 + +gnupg2 (2.2.5-1) unstable; urgency=medium + + * New upstream release + * d/gbp.conf: use DEP-14 branch naming + * d/control: declare Rules-Requires-Root: no + * drop patches already applied upstream + * refresh patches + + -- Daniel Kahn Gillmor Thu, 22 Feb 2018 14:20:18 -0800 + +gnupg2 (2.2.4-3) unstable; urgency=medium + + * version build-deps on mingw library toolchain (Closes: #889921) + * drop misbehaving upstream scd patch (Closes: #889751) + + -- Daniel Kahn Gillmor Fri, 09 Feb 2018 13:51:35 -0500 + +gnupg2 (2.2.4-2) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * move to debhelper 11 + * d/control: move Vcs to salsa + * import more bugfixes and hardware from upstream + + [ Helge Deller ] + * Fix FTBFS on hppa (Closes: #887843) + + -- Daniel Kahn Gillmor Mon, 05 Feb 2018 23:07:21 -0500 + +gnupg2 (2.2.4-1) unstable; urgency=medium + + * New upstream release + * do not use uupdate (we use gbp-import-orig) + * dirmngr: cannot avoid idling in current arrangement + * adjusting fixes to gpgsm defaults + * prefer SHA-512 specifically on personal-digest-preferences. + * refresh patches + * Standards-Version: bump to 4.1.3 (no changes needed) + * drop unnecessary lintian override + * reflect actual requirement for libassuan + * import bugfixes from upstream + + -- Daniel Kahn Gillmor Wed, 03 Jan 2018 12:43:40 -0500 + +gnupg2 (2.2.3-1) unstable; urgency=medium + + * New upstream release + * refreshed patches + + -- Daniel Kahn Gillmor Thu, 30 Nov 2017 19:06:35 -0500 + +gnupg2 (2.2.2-1) unstable; urgency=medium + + * new upstream release. + * avoid testsuite delays from excess socket waiting + * clean up trailing whitespace in debian/{rules,changelog} + * drop patches already upstream + * refresh remaining patches + + -- Daniel Kahn Gillmor Wed, 08 Nov 2017 20:09:33 +0100 + +gnupg2 (2.2.1-5) unstable; urgency=medium + + * block ptrace on scdaemon as well as gpg-agent (Closes: #878952) + + -- Daniel Kahn Gillmor Fri, 27 Oct 2017 01:43:20 -0400 + +gnupg2 (2.2.1-4) unstable; urgency=medium + + * restore lintian override, because ftp-master isn't yet running lintian + 2.5.55 (see #877999 for more details) + + -- Daniel Kahn Gillmor Thu, 19 Oct 2017 02:33:36 -0400 + +gnupg2 (2.2.1-3) unstable; urgency=medium + + * bugfix for multiple keyrings (Closes: #878812) + * drop an unnecessary lintian override + + -- Daniel Kahn Gillmor Thu, 19 Oct 2017 00:23:41 -0400 + +gnupg2 (2.2.1-2) unstable; urgency=medium + + * adopt bugfixes and documentation improvements from upstream + * reorganize debian/patches for simpler maintenance + * move gnupg-l10n to Section: localization + * Standards-Version: bump to 4.1.1 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 10 Oct 2017 10:05:45 -0400 + +gnupg2 (2.2.1-1) unstable; urgency=medium + + * New upstream release + * drop patches already applied upstream + + -- Daniel Kahn Gillmor Tue, 19 Sep 2017 08:26:26 -0400 + +gnupg2 (2.2.0-3) unstable; urgency=medium + + * avoid FTBFS when TZ=UTC-12 (Closes: #874617) + + -- Daniel Kahn Gillmor Fri, 08 Sep 2017 02:10:02 -0400 + +gnupg2 (2.2.0-2) unstable; urgency=medium + + * dirmngr and gpgv-static are Multi-arch: foreign (Closes: #874111) + * update to stronger cryptographic defaults. + * use upstream gpg-agent-browser.socket systemd user service + * publish SSH_AUTH_SOCK for wayland users (Closes: #855868) + + -- Daniel Kahn Gillmor Thu, 07 Sep 2017 19:20:35 -0400 + +gnupg2 (2.2.0-1) unstable; urgency=medium + + * New upstream release. + * drop patches already upstream + * scdaemon: bugfix from upstream for large ECC keys + * Standards-Version: bump to 4.1.0 (no changes needed) + + -- Daniel Kahn Gillmor Wed, 06 Sep 2017 13:10:28 -0400 + +gnupg2 (2.1.23-2) unstable; urgency=medium + + * add openssh-client to build-deps for testing + + -- Daniel Kahn Gillmor Sun, 13 Aug 2017 22:48:23 -0400 + +gnupg2 (2.1.23-1) unstable; urgency=medium + + * New upstream release + * move to unstable + * refresh patches + * keep default --no-auto-key-retrieve + * Standards-Version: 4.0.1 (Priority: extra -> optional) + * run tests in parallel + + -- Daniel Kahn Gillmor Fri, 11 Aug 2017 09:56:05 -0400 + +gnupg2 (2.1.22-1) experimental; urgency=medium + + * New upstream release + * refreshed patches + * pulled a few bugfix patches from upstream + * simplify systemd user units + + -- Daniel Kahn Gillmor Mon, 07 Aug 2017 01:17:19 -0400 + +gnupg2 (2.1.21-4) experimental; urgency=medium + + * package reorganization: + - new package 'gpg' is just for public key operations + - 'gnupg' package is the full suite + - 'gnupg-agent' package is renamed to 'gpg-agent' + - 'gpgconf' is a base package, other packages depend on it + - 'gnupg-utils' are a grab-bag of helper tools that may be useful + * scdaemon: add AppStream metainfo about supported smartcards + + -- Daniel Kahn Gillmor Wed, 26 Jul 2017 12:50:55 -0400 + +gnupg2 (2.1.21-3) experimental; urgency=medium + + * include upstream bugfixes and improvements (Closes: #863221) + * build gpgcompose, ship new gpgcompose binary package + * upgrade to debhelper 10 + * upgrade to Standards-Version 4.0.0 (no changes needed) + + -- Daniel Kahn Gillmor Sun, 11 Jun 2017 01:50:30 +0200 + +gnupg2 (2.1.21-2) experimental; urgency=medium + + [ Stefan Bühler ] + * Create WKS server and client packages + + [ Daniel Kahn Gillmor ] + * minor packaging cleanups + * more upstream bugfix and cleanup patches + * rename WKS packages to match the tool names + + -- Daniel Kahn Gillmor Thu, 18 May 2017 18:02:46 -0400 + +gnupg2 (2.1.21-1) experimental; urgency=medium + + * new upstream release + * drop patches alread yupstream, refresh patches + * import post-release bugfixes from upstream + + -- Daniel Kahn Gillmor Tue, 16 May 2017 22:42:20 -0400 + +gnupg2 (2.1.20-4) experimental; urgency=medium + + * avoid shipping or trying to use .skel files + * more bugfixes from upstream + * skip missing signing keys (Closes: #834922) + * prefer available smartcard + + -- Daniel Kahn Gillmor Wed, 10 May 2017 14:59:02 -0400 + +gnupg2 (2.1.20-3) experimental; urgency=medium + + * more upstream bugfixes (Closes: #858400) + + -- Daniel Kahn Gillmor Fri, 07 Apr 2017 11:36:51 -0400 + +gnupg2 (2.1.20-2) experimental; urgency=medium + + * more bugfix patches from upstream + + -- Daniel Kahn Gillmor Thu, 06 Apr 2017 11:21:24 -0400 + +gnupg2 (2.1.20-1) experimental; urgency=medium + + * new upstream release + * drop patches already upstream, refresh patches + * import post-release bugfixes from upstream + + -- Daniel Kahn Gillmor Wed, 05 Apr 2017 11:43:09 -0400 + +gnupg2 (2.1.19-3) experimental; urgency=medium + + * more patches from usptream + - test suite should now use /tmp and not require /run/user/ + + -- Daniel Kahn Gillmor Tue, 21 Mar 2017 12:34:47 -0400 + +gnupg2 (2.1.19-2) experimental; urgency=medium + + * more patches from upstream (Closes: #854829) + * add verbose=3 to the test suite as requested by upstream + + -- Daniel Kahn Gillmor Mon, 20 Mar 2017 14:05:46 -0400 + +gnupg2 (2.1.19-1) experimental; urgency=medium + + * New upstream release (Closes: #854359) + * many post-release bugfixes from upstream + * add logcheck filters for gpg-agent (Closes: #856438) + * Upload to experimental due to the freeze + + -- Daniel Kahn Gillmor Thu, 16 Mar 2017 12:47:40 -0400 + +gnupg2 (2.1.18-6) unstable; urgency=medium + + [ NIIBE Yutaka ] + * scdaemon: Fix duplicated entries (Closes: #855056). + + -- Daniel Kahn Gillmor Mon, 13 Feb 2017 19:29:34 -0500 + +gnupg2 (2.1.18-5) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * Xsession.d/90gpg-agent: use simpler and more direct gpgconf + invocations for socket names. + + [ NIIBE Yutaka ] + * scdaemon.udev: Add Yubikey and Nitrokey (Closes: #648331, 734889). + * scdaemon fix for PC/SC (Closes: #852702, #854005, #854595, #854616). + + -- Daniel Kahn Gillmor Mon, 13 Feb 2017 09:15:07 -0500 + +gnupg2 (2.1.18-4) unstable; urgency=medium + + [ Daniel Kahn Gillmor ] + * document that debian disables --allow-version-check + * docs, debugging, and bugfix patches from upstream (Closes: #852979) + + [ NIIBE Yutaka ] + * scdaemon bugfixes + + -- Daniel Kahn Gillmor Sat, 04 Feb 2017 22:03:26 -0500 + +gnupg2 (2.1.18-3) unstable; urgency=medium + + * fix searches for keys with raw addr-spec + + -- Daniel Kahn Gillmor Wed, 25 Jan 2017 16:58:56 -0500 + +gnupg2 (2.1.18-2) unstable; urgency=medium + + * pull fixes from upstream (including a double-free in gpg-agent) + + -- Daniel Kahn Gillmor Wed, 25 Jan 2017 09:29:25 -0500 + +gnupg2 (2.1.18-1) unstable; urgency=medium + + * New upstream release. + + -- Daniel Kahn Gillmor Mon, 23 Jan 2017 23:12:35 -0500 + +gnupg2 (2.1.17-6) unstable; urgency=medium + + * Upstream patches, fixing unnecessary delay in gpg-agent (Closes: #851298) + * gpg-agent: avoid race in shutdown (Closes: #841143) + * improve dirmngr, gpg-agent README.Debian (Closes: #850982) + * clean up gpg-agent-idling patch + + -- Daniel Kahn Gillmor Wed, 18 Jan 2017 14:40:41 -0500 + +gnupg2 (2.1.17-5) unstable; urgency=medium + + * more fixes from upstream (improving but not yet closing: #849845) + * gpg-agent: actively poll when shutdown is pending. Thanks, NIIBE + Yutaka! (addresses but does not close #841143) + + -- Daniel Kahn Gillmor Wed, 11 Jan 2017 15:44:57 -0500 + +gnupg2 (2.1.17-4) unstable; urgency=medium + + * more patches from upstream, including dirmngr debugging + improvements + * resolve ambiguity in aliased options and commands (Closes: #850475) + * auto-enable gpg-agent and dirmngr for systemd user sessions + * enable easy reloads from systemd + + -- Daniel Kahn Gillmor Tue, 10 Jan 2017 17:30:08 -0500 + +gnupg2 (2.1.17-3) unstable; urgency=medium + + * more bugfixes from upstream (improving but not yet closing: #849845) + + -- Daniel Kahn Gillmor Tue, 03 Jan 2017 15:39:52 -0500 + +gnupg2 (2.1.17-2) unstable; urgency=medium + + * include patches from upstream to avoid build failures on 32-bit + arches. + + -- Daniel Kahn Gillmor Sat, 24 Dec 2016 18:11:51 -0500 + +gnupg2 (2.1.17-1) unstable; urgency=medium + + * new upstream release. + + -- Daniel Kahn Gillmor Sat, 24 Dec 2016 15:39:04 -0500 + +gnupg2 (2.1.16-3) unstable; urgency=medium + + * remove -pie from hppa, kfreebsd-amd64, and x32 builds of + gpgv-static (Closes: #846889) + * import several upstream bugfix patches (Closes: #846834, #846168) + * link gnupg-agent and scdaemon with Enhances/Suggests (Closes: #833518) + + -- Daniel Kahn Gillmor Mon, 05 Dec 2016 15:34:49 -0500 + +gnupg2 (2.1.16-2) unstable; urgency=medium + + * avoid using adns, due to lack of security support (Closes: #845078) + + -- Daniel Kahn Gillmor Mon, 21 Nov 2016 09:57:26 -0500 + +gnupg2 (2.1.16-1) unstable; urgency=medium + + * New upstream version + * dropped many patches already incorporated upstream + + -- Daniel Kahn Gillmor Sun, 20 Nov 2016 23:22:49 -0500 + +gnupg2 (2.1.15-9) unstable; urgency=medium + + * Introduce gpgv-static package (Closes: #806940) + * more patches from upstream + * use adns for better DNS resolution in dirmngr + * add some import-options to + migrate-pubring-from-classic-gpg for better migration + * reorganize patches to distinguish debian variations from upstream + * set simple and easy defaults for keyservers + * help dirmngr and gpg-agent idle better in the default case + + -- Daniel Kahn Gillmor Thu, 10 Nov 2016 07:28:16 -0800 + +gnupg2 (2.1.15-8) unstable; urgency=medium + + * rename gpg-agent-restricted.socket to gpg-agent-extra.socket + (for symmetry with option names and actual sockets created) + + -- Daniel Kahn Gillmor Thu, 27 Oct 2016 13:54:53 -0400 + +gnupg2 (2.1.15-7) unstable; urgency=medium + + * more upstream patches + * dirmngr systemd user service is now socket-activated. + + -- Daniel Kahn Gillmor Thu, 27 Oct 2016 12:48:15 -0400 + +gnupg2 (2.1.15-6) unstable; urgency=medium + + * more upstream patches (Closes: #841437, #840680) + + -- Daniel Kahn Gillmor Wed, 26 Oct 2016 17:44:20 -0400 + +gnupg2 (2.1.15-5) unstable; urgency=medium + + * added udev rules for Fujitsu Siemens cardreader (Closes: #840312) + * mark transitional packages Multi-Arch: Foreign (closes: #840258) + * make gnupg2 binNMU-safe + * more patches from upstream + * track upstream decision-making about gpg-agent socket names + + -- Daniel Kahn Gillmor Tue, 25 Oct 2016 21:30:06 -0400 + +gnupg2 (2.1.15-4) unstable; urgency=medium + + * update debian/tests/gpgv-win32 + * more patches from upstream (Closes: #838153) + * tighten dependencies between gnupg and dirmngr (Closes: #834602) + * updated systemd user gpg-agent units for socket activation + + -- Daniel Kahn Gillmor Tue, 04 Oct 2016 17:22:30 -0400 + +gnupg2 (2.1.15-3) unstable; urgency=medium + + * Use upstream fix to avoid touching homedir during test suite + * backward compatibility for preset-passphrase and protect-tool + * add Breaks: for python3-apt too (thanks, Harald Jenny!) + * Avoid network access during tests (Closes: #836259) + * more patches from upstream + - gpgv --output now works + - fingerprint display doesn't vary with --keyid-format + - minor cleanup to scdaemon dealing with removed cards + + -- Daniel Kahn Gillmor Wed, 14 Sep 2016 17:08:58 -0400 + +gnupg2 (2.1.15-2) unstable; urgency=medium + + * restore keyid output in gpgv (Closes: #836144) + * avoid test suite failures when HOME does not exist + + -- Daniel Kahn Gillmor Wed, 31 Aug 2016 12:37:48 -0400 + +gnupg2 (2.1.15-1) unstable; urgency=medium + + * new upstream release + - blocks signals during keyring updates (Closes: #293556) + * avoid libusb on hurd. Thanks, Pino Toscano! (Closes: #834533) + * permissions on test suite are already fixed + * drop patches applied upstream and refresh remaining patches + * make gnupg2 reproducible by not regenerating documentation date + * make autopkgtest work with modern wine (Closes: #835976) + * wrap-and-sort -ast for cleaner diffs + * add versioned Breaks: for affected packages (Closes: #835349) + - gpgv Breaks: python-debian << 0.1.29 (addresses: #782904) + - gnupg Breaks: php-crypt-gpg <= 1.4.1-1 (addresses #835592) + - gnupg Breaks: python-apt <= 1.1.0~beta4 (addresses: #835465) + - gnupg Breaks: python-gnupg << 0.3.8-3 (addresses: #834514, #834600) + - gnupg Breaks: libgnupg-interface-perl << 0.52-3 (addresses: #834281) + - gnupg Breaks: libmail-gnupg-perl <= 0.22-1 (addresses: #835075) + - gnupg Breaks: libgnupg-perl << 0.19-1 (addresses: #834522) + + -- Daniel Kahn Gillmor Tue, 30 Aug 2016 13:19:23 -0400 + +gnupg2 (2.1.14-5) unstable; urgency=medium + + * actually ship /usr/share/doc/gnupg/README.Debian + * Release to unstable. + + -- Daniel Kahn Gillmor Fri, 12 Aug 2016 16:27:22 -0400 + +gnupg2 (2.1.14-4) experimental; urgency=medium + + * add ZeitControl card (Closes: #814584) + * three more fixes from upstream + + -- Daniel Kahn Gillmor Mon, 08 Aug 2016 12:54:21 -0400 + +gnupg2 (2.1.14-3) experimental; urgency=medium + + * cleanup debian/copyright + * update debian/watch + + -- Daniel Kahn Gillmor Wed, 03 Aug 2016 11:09:05 -0400 + +gnupg2 (2.1.14-2) experimental; urgency=medium + + * mark the gpgv binary as Priority: important, since apt depends on it + * import a bunch of fixes from upstream + * include permissioning on patched-in tests + * Breaks: some packages that expect old gpg behavior (Closes: #831500) + * remove scdaemon.service; it will be managed by gpg-agent.service + * avoid bulleted items in debian/NEWS (thanks, Lintian!) + * debian/copyright: cleanup, fix URLs + * debian/control: use standard URL for Vcs-Browser + * fix spelling and grammar noticed by lintian + * avoid lintian notes about a misspelled "written" + * clean up gpgv2 Description + * break out arch-indep localization files into new gnupg-l10n package + + -- Daniel Kahn Gillmor Mon, 01 Aug 2016 17:54:59 -0400 + +gnupg2 (2.1.14-1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 15 Jul 2016 01:39:25 +0200 + +gnupg2 (2.1.13-5) experimental; urgency=medium + + * dependency cleanup! + - make Recommends: strictly versioned between gnupg and {gpg-agent,dirmngr} + - make gnupg Provide: gpg and mention it in the package description + - drop mention of newpg, which has not been in debian for many releases + - gnupg2 2.0.18 predates debian wheezy, which is oldstable; drop mention + in debian/control + - drop Suggests: gnupg-doc, which does not appear to be maintained + - drop all references to gpg-idea, which has not been in debian for + several releases + - removed dependency on "dpkg (>= 1.15.4) | install-info", since that + dpkg version predates oldstable (wheezy) + + -- Daniel Kahn Gillmor Mon, 04 Jul 2016 10:13:42 -0400 + +gnupg2 (2.1.13-4) experimental; urgency=medium + + * add binutils-multiarch [!amd64 !i386] to Build-Depends-Indep: so that + we can generate win32 packages on non-x86 platforms. + + -- Daniel Kahn Gillmor Fri, 01 Jul 2016 11:30:28 -0400 + +gnupg2 (2.1.13-3) experimental; urgency=medium + + * pull bugfixes from upstream (Closes: #828109, #814584) + * should also allow for reproducible builds, with fix to + timestamps in tofu.test + * provide supervised dirmngr, gpg-agent, and scdaemon services from + systemd's user sessioniif the user wants to enable them. These + services should terminate at logout (Closes: #825911) + * avoid launching gpg-agent from Xsession.d since we have more robust + session management available (added NEWS entry about this change) + * gnupg-agent now Provides: gpg-agent to mitigate common confusion. + * updated dirmngr package description. + + -- Daniel Kahn Gillmor Tue, 28 Jun 2016 13:46:36 -0400 + +gnupg2 (2.1.13-2) experimental; urgency=medium + + * brown paper bag time: fix build-dep from libusb-1.0.0-dev to + libusb-1.0-0-dev + + -- Daniel Kahn Gillmor Fri, 17 Jun 2016 23:07:43 -0400 + +gnupg2 (2.1.13-1) experimental; urgency=medium + + * New upstream release + - new keyid-format "none", used by default (Closes: #826273) + * Build-depend on libusb-1.0.0-dev to ensure smartcards work (Thanks, + gniibe!) + + -- Daniel Kahn Gillmor Thu, 16 Jun 2016 18:30:36 -0400 + +gnupg2 (2.1.12-1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 10 May 2016 20:58:06 -0400 + +gnupg2 (2.1.11-7+exp1) experimental; urgency=medium + + * switching over binary package names in experimental -- gnupg2 source + package now provides gnupg and gpgv + + -- Daniel Kahn Gillmor Mon, 18 Apr 2016 19:17:19 -0400 + +gnupg2 (2.1.11-7) unstable; urgency=medium + + * move to unstable + * re-enable test suites on mips and mipsel since #730846 is resolved + + -- Daniel Kahn Gillmor Mon, 18 Apr 2016 07:45:16 -0400 + +gnupg2 (2.1.11-6+exp4) experimental; urgency=medium + + * stop using help2man to fix cross-building + * ensure gpgv-win32 is properly stripped + * enable autopkgtest to run without root on systems that already have + wine32 installed + + -- Daniel Kahn Gillmor Fri, 01 Apr 2016 13:08:07 -0300 + +gnupg2 (2.1.11-6+exp3) experimental; urgency=medium + + * more cleanup on arch-dependent packages. + + -- Daniel Kahn Gillmor Wed, 30 Mar 2016 03:36:18 -0400 + +gnupg2 (2.1.11-6+exp2) experimental; urgency=medium + + * avoid build failures when building only arch-dependent or only + arch-independent packages. + + -- Daniel Kahn Gillmor Wed, 30 Mar 2016 02:59:18 -0400 + +gnupg2 (2.1.11-6+exp1) experimental; urgency=medium + + * take over gpgv-win32 from gnupg 1.4 packaging + + -- Daniel Kahn Gillmor Mon, 28 Mar 2016 23:27:43 -0400 + +gnupg2 (2.1.11-6) unstable; urgency=medium + + * avoid FTBFS with patch from upstream (Closes: #814842) + * bumped standards-version to 3.9.7 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 01 Mar 2016 09:36:41 +0100 + +gnupg2 (2.1.11-5) unstable; urgency=medium + + * taking over gpgv-udeb from gnupg 1.4 packaging + * debian/control: use secure transport for Vcs-* and Homepage + + -- Daniel Kahn Gillmor Thu, 04 Feb 2016 17:17:47 -0500 + +gnupg2 (2.1.11-4) unstable; urgency=medium + + * disable gpgtar, since it is causing unpredictable testsuite failures + and we don't ship it anyway. + + -- Daniel Kahn Gillmor Wed, 03 Feb 2016 11:57:57 -0500 + +gnupg2 (2.1.11-3) unstable; urgency=medium + + * trying again to get a proper dump of the gpgtar.test.log. sigh. + + -- Daniel Kahn Gillmor Thu, 28 Jan 2016 08:34:22 -0500 + +gnupg2 (2.1.11-2) unstable; urgency=medium + + * added temporary hook to view failing gpgtar test output on build + daemons since i can't replicate the failures on my own build systems. + + -- Daniel Kahn Gillmor Thu, 28 Jan 2016 00:53:29 -0500 + +gnupg2 (2.1.11-1) unstable; urgency=medium + + * new upstream release + - drops buggy attempt to detect duplicate keys (Closes: #807819) + * removed -dbg package, since we have automatic -dbgsym packages now + * removed undocumented gpgkey2ssh; use gpg --export-ssh-key instead + + -- Daniel Kahn Gillmor Mon, 25 Jan 2016 15:29:25 -0500 + +gnupg2 (2.1.10-3) unstable; urgency=medium + + * avoid infinite loop when doing --gen-revoke by fingerprint + + -- Daniel Kahn Gillmor Sat, 12 Dec 2015 16:53:40 -0500 + +gnupg2 (2.1.10-2) unstable; urgency=medium + + * actually use sks-keyservers CA by default if the user asks for + hkps://hkps.pool.sks-keyservers.net + * move ownership of some files in /usr/share/gnupg2/ to more appropriate + owners like gpgsm and dirmngr. + + -- Daniel Kahn Gillmor Fri, 11 Dec 2015 17:06:10 -0500 + +gnupg2 (2.1.10-1) unstable; urgency=medium + + * new upstream release + * ship sks-keyservers.netCA.pem in dirmngr to make it easier to use hkps. + * avoid shipping Changelog-2011, use upstream ChangeLog (Closes: + #803225) + + -- Daniel Kahn Gillmor Wed, 09 Dec 2015 12:05:42 -0500 + +gnupg2 (2.1.9-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 13 Oct 2015 10:04:33 -0400 + +gnupg2 (2.1.8-2) UNRELEASED; urgency=medium + + [ NIIBE Yutaka ] + * update scdaemon dependencies + + [ Daniel Kahn Gillmor ] + * correct ssh fingerprint for ECDSA nistp384 (Closes: #795636) + + -- Daniel Kahn Gillmor Thu, 17 Sep 2015 00:00:28 -0400 + +gnupg2 (2.1.8-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 10 Sep 2015 17:00:06 -0400 + +gnupg2 (2.1.7-2) unstable; urgency=medium + + * upload to unstable + + -- Daniel Kahn Gillmor Tue, 11 Aug 2015 21:24:18 -0400 + +gnupg2 (2.1.7-1) experimental; urgency=medium + + * new upstream release + * block ptrace connections to gpg-agent + + -- Daniel Kahn Gillmor Tue, 11 Aug 2015 20:05:38 -0400 + +gnupg2 (2.1.6-1) experimental; urgency=medium + + * new upstream release + * drop deprecated gpgsm-gencert.sh + + -- Daniel Kahn Gillmor Tue, 07 Jul 2015 14:27:23 -0400 + +gnupg2 (2.1.5-2) experimental; urgency=medium + + [ Daniel Kahn Gillmor ] + * pass DBUS_SESSION_BUS_ADDRESS through to the agent so that + pinentry-gnome3 can work across sessions. + * ensure that l10n files are rebuilt. + + [ Eric Dorland ] + * debian/patches/0003-Include-defs.inc-in-BUILT_SOURCES.patch: Fix for + build failure when rebuilding info docs. + + -- Daniel Kahn Gillmor Tue, 30 Jun 2015 18:13:58 -0400 + +gnupg2 (2.1.5-1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 11 Jun 2015 13:18:56 -0400 + +gnupg2 (2.1.4-2) experimental; urgency=medium + + * avoid excess dependencies on headless servers (Closes: #753163) + + -- Daniel Kahn Gillmor Wed, 03 Jun 2015 14:12:49 -0400 + +gnupg2 (2.1.4-1) experimental; urgency=medium + + * New upstream release. + + -- Daniel Kahn Gillmor Thu, 28 May 2015 00:25:55 -0400 + +gnupg2 (2.1.3-1) experimental; urgency=medium + + * New upstream version. + * Add gnupg2-dbg (Closes: #781631) + + -- Daniel Kahn Gillmor Wed, 01 Apr 2015 12:10:38 -0400 + +gnupg2 (2.1.2-2) experimental; urgency=medium + + * Fix segv due to NULL value stored as opaque MPI. + + -- Daniel Kahn Gillmor Sat, 21 Feb 2015 10:26:50 -0500 + +gnupg2 (2.1.2-1) experimental; urgency=medium + + * New upstream version + * move from automake1.11 to plain automake (upstream uses 1.14 now) + + -- Daniel Kahn Gillmor Thu, 12 Feb 2015 20:10:43 -0500 + +gnupg2 (2.1.1-1) experimental; urgency=medium + + * New upstream version (closes: #772654) + * gnupg2 now Breaks: older versions of dirmngr (closes: #769460) + + -- Daniel Kahn Gillmor Tue, 16 Dec 2014 14:58:06 -0500 + +gnupg2 (2.1.0-1) experimental; urgency=medium + + * import upstream 2.1.0 release. + * drop debian/patches/speed-up-test-suite.patch -- included upstream. + * avoid self-reporting as a beta now that this is a release + + -- Daniel Kahn Gillmor Thu, 06 Nov 2014 12:31:06 -0500 + +gnupg2 (2.1.0~beta895-3) experimental; urgency=medium + + * update gnupg-agent.xsession to export ssh-agent where + configured. (Closes: #767341) + * use cheap/fast entropy for the test suite so that builds on + low-entropy machines go faster. + + -- Daniel Kahn Gillmor Thu, 30 Oct 2014 13:37:08 -0400 + +gnupg2 (2.1.0~beta895-2) experimental; urgency=medium + + * added pkg-config to Build-Depends. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2014 18:36:27 -0400 + +gnupg2 (2.1.0~beta895-1) experimental; urgency=medium + + * new upstream version in experimental (Closes: #762844, #751266, #762844) + * ship /usr/bin/gpgparsemail (Closes: #760575) + * document that doc/OpenPGP is not actually an RFC, but just refers to + one (closes: #745410) + * Bump Standards-Version to 3.9.6 (no changes needed) + * --enable-large-secmem to ensure that gpg2 works with pre-generated + oversized RSA keys + * updated /etc/X11/Xsession.d/90gpg-agent to export $GPG_AGENT_INFO + about the standard socket. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2014 17:53:06 -0400 + +gnupg2 (2.0.28-3) unstable; urgency=medium + + * pass DBUS_SESION_BUS_ADDRESS to the agent for gnome3. + + -- Daniel Kahn Gillmor Sat, 04 Jul 2015 14:21:41 -0400 + +gnupg2 (2.0.28-2) unstable; urgency=medium + + * d/clean: drop stamp-po to rebuild l10n (Closes: #788989) + + -- Daniel Kahn Gillmor Tue, 30 Jun 2015 17:17:11 -0400 + +gnupg2 (2.0.28-1) unstable; urgency=medium + + * new upstream release + * really address excess dependencies on headless server (thanks Raphaël + Halimi for noticing) (Closes: #753163) + + -- Daniel Kahn Gillmor Tue, 02 Jun 2015 12:16:57 -0400 + +gnupg2 (2.0.27-2) unstable; urgency=medium + + * import upstream fix to avoid replicating unknown subkey + packets. (Closes: #787045) (Thanks, NIIBE Yutaka) + + -- Daniel Kahn Gillmor Thu, 28 May 2015 00:55:51 -0400 + +gnupg2 (2.0.27-1) unstable; urgency=medium + + * New upstream release. + * Provide a simple way for users to avoid gpg-agent hijacking, + working around: #760102 (Closes: #753163) + + -- Daniel Kahn Gillmor Fri, 08 May 2015 18:15:15 -0400 + +gnupg2 (2.0.26-6) unstable; urgency=medium + + * Avoid NULL dereference with opaque MPI. + + -- Daniel Kahn Gillmor Sat, 21 Feb 2015 18:01:40 -0500 + +gnupg2 (2.0.26-5) unstable; urgency=medium + + * import bug-fixes from upstream + (Closes: #773415, #773469, #773471, #773472, #773423) + * Fixes CVE-2015-1606 "Use after free, resulting from failure to skip + invalid packets", CVE-2015-1607 "memcpy with overlapping ranges, + resulting from incorrect bitwise left shifts" (Closes: #778577) + + -- Daniel Kahn Gillmor Mon, 16 Feb 2015 17:45:06 -0500 + +gnupg2 (2.0.26-4) unstable; urgency=medium + + [ David Prévot ] + * Update POT and PO files, and ensure the translations get rebuild + * Update French translation (Closes: #769574) + * Update Ukrainian translation, thanks to Yuri Chornoivan + * Update German translation, thanks to Werner Koch + * Update Danish translation, thanks to Joe Hansen + * Update Japanese translation, thanks to NIIBE Yutaka + * Update Chinese (traditional) translation, thanks to Jedi Lin + * Update Russian translation, thanks to Ineiev + * Update Polish translation, thanks to Jakub Bogusz + * Update Spanish translation, thanks to Manuel "Venturi" Porras Peralta + (Closes: #770727) + * New Dutch translation, thanks to Frans Spiesschaert (Closes: #770981) + + [ Daniel Kahn Gillmor ] + * bugfix and cryptographic safety changes imported from upstream: + - Avoid regression when adding subkeys with strong s2k algorithms + (Closes: #772780) Thanks, NIIBE Yutaka + - Allow french translation to work when prompting for passphrase. + - add build and runtime support for larger RSA keys (Closes: #739424) + - fix runtime errors on bad input (Closes: #771987) + - deprecate insecure one-argument variant for gpg --verify of detached + signatures (Closes: #771992) + - initialize trustdb before trying to clear it (Closes: #735363) + - default to issuing SHA256 signatures for RSA + - avoid relying on MD5 signatures + - show v3 key fingerprints as all zero (OpenPGPv3 is deprecated) + + -- Daniel Kahn Gillmor Sun, 04 Jan 2015 17:17:00 -0500 + +gnupg2 (2.0.26-3) unstable; urgency=medium + + * fix typo in gpg.info (closes: #760273) + * drop versioned Build-Conflicts on automake by setting environment + variables in debian/rules + * ship /usr/bin/gpgparsemail (closes: #760575) + * warn but don't fail when scdaemon options are in ~/.gnupg/gpg.conf + (closes: #762844) + * do not break on --trust-model=always (closes: #751266) + * document that doc/OpenPGP is not actually an RFC, but just refers to + one (closes: #745410) + * Bump Standards-Version to 3.9.6 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 30 Sep 2014 23:39:15 -0400 + +gnupg2 (2.0.26-2) unstable; urgency=medium + + * ignore emacs turds in debian/ + * update Vcs fields + * move package to group maintenance + * wrap-and-sort cleanup of debian/* + + -- Daniel Kahn Gillmor Thu, 28 Aug 2014 11:42:18 -0700 + +gnupg2 (2.0.26-1) unstable; urgency=medium + + * New upstream release. + * debian/control: Suggest parcimonie. Thanks ilf. (Closes: #752261) + + -- Eric Dorland Tue, 19 Aug 2014 18:09:08 -0400 + +gnupg2 (2.0.25-2) unstable; urgency=medium + + * debian/control: Switch to libgcrypt20-dev (aka 1.6 release). + + -- Eric Dorland Fri, 08 Aug 2014 14:12:05 -0400 + +gnupg2 (2.0.25-1) unstable; urgency=medium + + * New upstream release. + + -- Eric Dorland Mon, 30 Jun 2014 13:10:04 -0400 + +gnupg2 (2.0.24-1) unstable; urgency=high + + * New upstream release. Fixes CVE-2014-4617 "infinite loop when + decompressing data packets". (Closes: #752498) + * debian/patches/02-gpgv2-dont-link-libassuan.diff: Drop, now + upstreamed. + + -- Eric Dorland Wed, 25 Jun 2014 00:11:19 -0400 + +gnupg2 (2.0.23-1) unstable; urgency=medium + + * New upstream release. + * debian/upstream/signing-key.asc: Rename upstream-signing-key.pgp to + the new, supported name. + * debian/control: Restore versioned conflict against gpg-idea. (Closes: + #733984) + * debian/control: Add Recommends on dirmngr for gpgsm. (Closes: #683579) + + -- Eric Dorland Sun, 08 Jun 2014 19:20:17 -0400 + +gnupg2 (2.0.22-3) unstable; urgency=low + + * debian/watch, debian/upstream-signing-key.pgp: Add upstream signing + key for uscan verification. + * debian/kbxutil.1, debian/rules: Add better description and regenerate + the manpage. + * debian/control: Remove version on gpg-idea conflict, add missing + Breaks for gpgsm and convert Conflicts to Breaks for gpgv2. + * debian/control: Move gnupg-agent to Depends for gpgsm instead of + Replaces (which in turn should have been Recommends). + * debian/control: Standards-Version to 3.9.5. + * debian/copyright: Switch to a shiny DEP-5 copyright file. + + -- Eric Dorland Wed, 01 Jan 2014 22:56:56 -0500 + +gnupg2 (2.0.22-2) unstable; urgency=low + + * debian/control: Fix Build-Conflicts on newer automakes. Thanks Chris + Boot. (Closes: #726015) + * debian/control: IDEA is no longer patented, drop its metion from the + description. Thanks brian m. carlson. (Closes: #726139) + * debian/rules: Disable the test suite on mips and mipsel to work around + Bug:#730846. + + -- Eric Dorland Sat, 30 Nov 2013 23:47:56 -0500 + +gnupg2 (2.0.22-1) unstable; urgency=low + + * New upstream version. Fixes CVE-2013-4402 and CVE-2013-4351. (Closes: + #725433, #722724) + * debian/gnupg2.install: Install gnupg-card-architecture.png for the + info file. + + -- Eric Dorland Sat, 05 Oct 2013 17:45:28 -0400 + +gnupg2 (2.0.21-2) unstable; urgency=low + + * debian/rules, debian/gnupg2.install: Switch libexecdir to + /usr/lib/gnupg2 to install helper binaries to a non-multiarch specific + location. (Closes: #717303) + * debian/control, debian/gpgv2.install: Split out gpgv2 into its own + package. + * debian/control, debian/gnupg2.install, debian/kbxutil.1: Add rule and + manpage for kbxutil using help2man. (Closes: #323494) + * debian/patches/02-gpgv2-dont-link-libassuan.diff: Don't link gpgv2 + against libassuan as it's not used. + * debian/rules: Install changelog for gpgv2. + + -- Eric Dorland Sun, 01 Sep 2013 00:42:16 -0400 + +gnupg2 (2.0.21-1) unstable; urgency=low + + * New upstream release. (Closes: #613465, #720369) + * debian/patches/01-gnupg2-rename.diff: Refresh patch. + * debian/control: Fix Vcs-Git path. + * debian/control: Now depends on libgpg-error >= 1.11. + * debian/control: Build-Depends on automake1.11 since the test suite + fails on newer versions. (Closes: #713287) + * debian/control: Also need a Build-Conflicts on automake (<= 1.12). + + -- Eric Dorland Sat, 24 Aug 2013 20:33:19 -0400 + +gnupg2 (2.0.20-1) unstable; urgency=low + + * New upstream release. (Closes: #691237, #583893) + * debian/patches/02-cve-2012-6085.diff: Remove, merged upstream. + * debian/control: Upgrade Standards-Version to 3.9.4. + * debian/compat, debian/control: Upgrade to debhelper v9. + * debian/control, debian/rules: Drop hardening-wrapper, now that we use + debhelper v9. + * debian/scdaemon.install: scdaemon has moved under $libexecdir. + * debian/control: Tighten dependency on scdaemon. + * debian/rules: Turn on all hardening options. + * debian/patches/01-gnupg2-rename.diff: Refresh patch. + * debian/gnupg-agent.install, debian/gnupg2.install, + debian/scdaemon.install: Fix /usr/lib paths for multi-arch. + * debian/rules: Pass ${pkglibdir} to --libexecdir since dh v9 passes + ${libdir} by default. + + -- Eric Dorland Sat, 11 May 2013 18:28:57 -0400 + +gnupg2 (2.0.19-2) unstable; urgency=high + + * debian/patches/02-cve-2012-6085.diff: Patch from upstream to fix + CVE-2012-6085, "gnupg key import memory corruption". (Closes: #697251) + * debian/control: Use canonical addresses for VCS. + * debian/control: Fix scdaemon short description. + + -- Eric Dorland Fri, 04 Jan 2013 00:56:52 -0500 + +gnupg2 (2.0.19-1) unstable; urgency=low + + * New upstream release. (Closes: #666092) + * debian/control: Add Multi-Arch: foreign to all packages. + * debian/rules: Update ChangeLog locations. + + -- Eric Dorland Sat, 31 Mar 2012 01:06:02 -0400 + +gnupg2 (2.0.18-2) unstable; urgency=low + + * debian/control, debian/gpgsm.install, debian/scdaemon.install: Add a + separate package for the scdaemon. (Closes: #416129) + * debian/control, debian/gpgsm.install, debian/gnupg2.install, + gnupg-agent.install: Move gpg-preset-passphrase and gpg-protect-tool + into the gnupg-agent. + * debian/control: Upgrade Standards-Version to 3.9.2. + * debian/rules: Install ChangeLog for new scdaemon package. + + -- Eric Dorland Sat, 15 Oct 2011 20:21:35 -0400 + +gnupg2 (2.0.18-1) unstable; urgency=low + + * New upstream release. (Closes: #635206) + * debian/copyright: Update ftp location. (Closes: #624404) + * debian/patches/01-gnupg2-rename.diff: Refresh patch. + + -- Eric Dorland Tue, 30 Aug 2011 03:43:20 -0400 + +gnupg2 (2.0.17-3) unstable; urgency=low + + * debian/rules: Convert the rules file to use the lovely dh format. + * debian/gnupg2.dirs, debian/gnupg-agent.dirs, debian/gpgsm.dirs: Remove + unless dirs files. + * debian/gnupg-agent.lintian-overrides, debian/gnupg2.lintian-overrides, + debian/gpgsm.lintian-overrides: Remove unneeded lintian-overrides files. + + -- Eric Dorland Mon, 14 Feb 2011 03:17:39 -0500 + +gnupg2 (2.0.17-2) unstable; urgency=low + + * debian/control: Add dependency on dpkg (>= 1.15.4) | install-info for + info install trigger. + * debian/control, debian/rules: Use debian build hardening. + + -- Eric Dorland Sun, 13 Feb 2011 16:33:17 -0500 + +gnupg2 (2.0.17-1) unstable; urgency=low + + * New upstream release. (Closes: #584316, #603985, #603983, #603984) + * debian/patches/02-encode-s2k.diff, + debian/patches/03-gpgsm-realloc.diff, debian/patches/series: Drop now + unneeded security patches. + * debian/rules, debian/patches/01-gnupg2-rename.diff, + debian/gnupg2.info, debian/gnupg2.install: No need to rename the info + file anymore. + * debian/patches/01-gnupg2-rename.diff: Rename the autoconf package for + better renaming of pkg directories. (Closes: #579006) + * debian/control, debian/compat: Upgrade to debhelper level 8. + * debian/control: + - Upgrade Standards-Version to 3.9.1. + - Update Build-Depends versions for the latest release. + * debian/gnupg2.install: Add the applygnupgdefaults command. (Closes: + #567537) + * debian/gnupg2.docs: doc/faq.html no longer exists. + + -- Eric Dorland Sun, 13 Feb 2011 16:06:41 -0500 + +gnupg2 (2.0.14-2) unstable; urgency=low + + * debian/*.lintian, debian/*.lintian-overrides, debian/rules: Rename + lintian files and use dh_lintian instead of shell snippets. + * debian/source/patch-header, debian/source/options: Delete patch header + and remove single-debian-patch option. + * debian/patches/01-gnupg2-rename.diff: Move patch to do the necessary + renaming of gnupg -> gnupg2 in a quilt patch. + * debian/patches/02-encode-s2k.diff: Added patch to fix passphrase + problem in gpgsm. Thanks Martijn van Brummelen for the NMU to fix this + problem in 2.0.14-1.1. + * debian/patches/03-gpgsm-realloc.diff: Fix for "Realloc Bug with X.509 + certificates" for gpgsm. (Closes: #590122) + * debian/rules, debian/control: Use dh-autoreconf and autopoint to + regenerate autotools files at build time. + + -- Eric Dorland Sun, 25 Jul 2010 02:16:42 -0400 + +gnupg2 (2.0.14-1) unstable; urgency=low + + * New upstream release. + * debian/control: Build depend on libreadline-dev instead of + libreadline5-dev, since libreadline6-dev is out. (Closes: #548922) + * debian/source/format, debian/source/options, + debian/source/patch-header: Convert to v3 quilt format, with + single-debian-patch. + * debian/control: Tighten dependency on gnupg-agent. (Closes: #551792) + + -- Eric Dorland Sat, 09 Jan 2010 21:15:18 -0500 + +gnupg2 (2.0.13-1) unstable; urgency=low + + * New upstream release. + * debian/control: Depend instead of Recommend gnupg-agent. (Closes: + #538947) + + -- Eric Dorland Mon, 07 Sep 2009 20:38:23 -0400 + +gnupg2 (2.0.12-1) unstable; urgency=low + + * New upstream release. (Closes: #499569, #463270, #446494, #314068, + #519375, #514587) + * debian/control: Change build dependency on gs to ghoscript, since + ghoscript has been replaced. + * debian/compat: Use debhelper v7. + * debian/control: Update Standards-Version to 3.8.2. + * debian/control: Use ${misc:Depends}. + * configure.ac: Override pkgdatadir so that it points to + /usr/share/gnupg2. (Closes: #528734) + * debian/rules: No longer need to specify pkgdatadir at make install + time. + + -- Eric Dorland Sun, 23 Aug 2009 20:48:11 -0400 + +gnupg2 (2.0.11-1) unstable; urgency=low + + * New upstream release. (Closes: #496663) + * debian/control: Make the description a little more distinctive than + gnupg v1's. Thanks Jari Aalto. (Closes: #496323) + + -- Eric Dorland Sun, 08 Mar 2009 22:46:47 -0400 + +gnupg2 (2.0.9-3) unstable; urgency=medium + + * Urgency medium to try to beat the release. + * tools/gpgkey2ssh.c: Patch from Daniel Kahn Gillmor to fix broken ssh + key generation. (Closes: #473841) + + -- Eric Dorland Mon, 21 Jul 2008 03:48:11 -0400 + +gnupg2 (2.0.9-2) unstable; urgency=low + + * The "I've neglected you too long" release. + + * debian/control: + - Add recommends on gnupg-agent for gpgsm and gnupg2, since they need + it under most circumstances. (Closes: #459462, #477691) + - Depend on pinentry instead of recommend, and move pinentry-gtk2 to the + front of the alternatives list. (Closes: #462951) + * keyserver/gpgkeys_curl.c, keyserver/gpgkeys_hkp.c: Fix FTBFS with gcc + 4.3 strictness on bitfields combined with curl. (Closes: #476999) + + -- Eric Dorland Mon, 28 Apr 2008 03:22:20 -0400 + +gnupg2 (2.0.9-1) unstable; urgency=low + + * New upstream release. Fixes CVE-2008-1530, Key import memory corruption. + (Closes: #472928) + * debian/rules: Don't ignore status of make distclean, just check for + the existance of the Makefile. + + -- Eric Dorland Sat, 29 Mar 2008 03:21:21 -0400 + +gnupg2 (2.0.8-1) unstable; urgency=low + + * New upstream release. (Closes: #428635) + * debian/watch: Use passive ftp, ftp.gnupg.org doesn't seem happy + otherwise. (Closes: #456467) + * debian/control: + - Requires libassuan >= 1.0.4 now. + - Remove the XS- prefix from the Vcs-* headers. + - Add Homepage header. + - Upgrade Standards-Version to 3.7.3.0. + - Make gnupg2 optional rather than extra. + - Remove unnecessary conflict on suidmanager. + + -- Eric Dorland Sat, 22 Dec 2007 02:06:42 -0500 + +gnupg2 (2.0.7-1) unstable; urgency=low + + * New upstream release. + * debian/rules: + - Remove unnecessary deletion of the .gmo files. (Closes: #442583) + - Clean out some old comments + * gnupg-agent.xsession: Remove the quotes around --write-env-file + argument. Not ideal, but fine for now. Thanks Luis Rodrigo Gallardo + Cruz. (Closes: #443580) + + -- Eric Dorland Sun, 30 Sep 2007 02:50:40 -0400 + +gnupg2 (2.0.6-1) unstable; urgency=low + + * New upstream release. (Closes: #437289) + * debian/gnupg-agent.xsession: Run the Xsession under the gpg-agent, so + it exits properly when the session dies. (Closes: #401843) + * debian/control: Add XS-Vcs headers for its new git home. + + -- Eric Dorland Mon, 03 Sep 2007 23:29:11 -0400 + +gnupg2 (2.0.5-2) unstable; urgency=low + + * The "Ubuntu, I would have done it had you only asked" release. + + * debian/copyright: Fix download location. Thanks Ubuntu. + * debian/README.Debian: Remove, doesn't contain any relevant info. + * debian/rules: + - Build with --sysconfdir=/etc, thanks Bernhard Herzog. (Closes: #434790) + - Run dh_installexamples. + - Don't list the docs to install in here. + * debian/gnupg2.examples: New file, install gpgconf.conf as an example + into /usr/share/doc. Hope this is a good compromise Bernhard. (Closes: + #434878) + * debian/control: + - Remove opensc and pcsc-lite build dependencies, they're not used anymore. + - Add libcurl4-gnutls-dev build dep, to use the real curl. + * g10/call-agent.c: set DBG_ASSUAN to 0 to suppress a debug + message. Thanks Ubuntu. + * debian/gnupg2.docs, debian/gpgsm.docs: Move installed docs in here, + add some new docs. Thanks Ubuntu. + * debian/rules, debian/gnupg-agent.install: Build symcryptrun and install it + in the gnupg-agent package. Thanks Bernhard Herzog. (Closes: #434787) + * debian/rules, debian/control: Only recommend libldap, don't depend on + it.Thanks Riku. (Closes: #435138) + + -- Eric Dorland Thu, 16 Aug 2007 22:24:16 -0400 + +gnupg2 (2.0.5-1) unstable; urgency=low + + * New upstream release. + * debian/watch: Add watch file. + * debian/control: + - Require libassuan 1.0.2 or greater. + - Require libksba 1.0.2 or greater. + - Don't recommend plain gpg anymore. + * debian/copyright: Update copyright text for GPL v3 relicensing. + * docs/scdaemon.texi: Remove old --print-atr documentation. Thanks + Ludovic Rousseau. (Closes: #404128) + + -- Eric Dorland Sun, 22 Jul 2007 16:03:32 -0400 + +gnupg2 (2.0.4-1) unstable; urgency=low + + * New upstream release. + + -- Eric Dorland Fri, 11 May 2007 00:41:01 -0400 + +gnupg2 (2.0.3-1) unstable; urgency=high + + * New upstream release. + - Fixes multoiple messages problem aka CVE-2007-1263. + + -- Eric Dorland Fri, 9 Mar 2007 03:28:53 -0500 + +gnupg2 (2.0.2-1) unstable; urgency=high + + * New upstream release. (Closes: #409559) + * Thanks Andreas Barth for NMUs. (Closes: #400777, #401895, #401913) + * debian/gpgsm.install: pcsc-wrapper renamed to gnupg-pcsc-wrapper. + + -- Eric Dorland Mon, 19 Feb 2007 20:34:52 -0500 + +gnupg2 (2.0.0-5) unstable; urgency=high + + * debian/control: Remove unnecessary dependencies on makedev and + udev. Thanks Marco d'Itri. + * doc/gnupg.texi, debian/gnupg2.info, debian/rules: Set the output file + to gnupg2.info, and use that for the index. (Closes: #398493) + + -- Eric Dorland Fri, 24 Nov 2006 02:23:35 -0500 + +gnupg2 (2.0.0-4) unstable; urgency=medium + + * debian/control: Update forgotten replaces for pcsc-wrapper move. + + -- Eric Dorland Mon, 20 Nov 2006 23:02:25 -0500 + +gnupg2 (2.0.0-3) unstable; urgency=medium + + * debian/control: Remove warning about development, thanks Gonzalo + HIGUERA DIAZ. (Closes: #399551) + + -- Eric Dorland Mon, 20 Nov 2006 14:32:33 -0500 + +gnupg2 (2.0.0-2) unstable; urgency=medium + + * All packaging fixes, so urgency medium to beat the freeze. + * debian/distfiles, debian/lintian.override, debian/point-to-info.1: + Remove unused files. + * debian/gnupg2.info, debian/rules, gnupg2.files: Install all the info + files properly. (Closes: #398493) + * debian/rules: + - Remove some unnecessary autotools build rules. + - Move some of make install targets more correctly to the + configure line. + * debian/*.files, debian/rules: Rename *.files to .install and use + dh_install nstead of dh_movefiles. + * debian/gnupg-agent.xsession: Account for spaces in the configuration + file, thanks Artem Zolochevskiy. (Closes: #352326) + * debian/control: + - Adjust build-dependency versions slightly to match what the + configure scipt requires. + - Update Standards-Version to 3.7.2.2. + * debian/gpgsm.install, debian/gnupg2.install: Install the pcsc-wrapper + in gpgsm. (Closes: #353232) + * debian/gpgsm.install, debian/rules: Install gpg-protect-tool into + /usr/libb/gnupg2. + + -- Eric Dorland Sun, 19 Nov 2006 18:03:39 -0500 + +gnupg2 (2.0.0-1) unstable; urgency=medium + + * New upstream release. (Closes: #398215) + * common/estream.c: #define PTH_SYSCALL_SOFT 0 as suggested by Daniel Hess. + + -- Eric Dorland Sun, 12 Nov 2006 23:52:59 -0500 + +gnupg2 (1.9.94-1) unstable; urgency=low + + * New upstream release. + + -- Eric Dorland Thu, 2 Nov 2006 16:06:30 -0500 + +gnupg2 (1.9.93-1) unstable; urgency=medium + + * New upstream release. Urgency medium to try to beat the freeze. Thanks + to Andreas Metzler for getting this package into shape. + + -- Eric Dorland Wed, 25 Oct 2006 00:41:15 -0400 + +gnupg2 (1.9.91-0.1) unstable; urgency=low + + * New upstream version, built against clean upstream tarball. + (Closes: #378489,#388257) + * bump Build-Depends: + - libgpg-error-dev 0.6 -> 1.4 + - libassuan-dev 0.6.10 -> 0.9.1 + - libksba-dev 0.9.13 -> 1.0.0 (closes: #368552) + * Add libreadline5-dev to Build-Depends. + * Pass proper --build and --host args to ./configure. + * configure with --mandir='$${prefix}/share/man'. + * Add $(LIBINTL) to gpgsplit_LDADD in tools/Makefile.am. + * New upstream includes a lot more manpages, ship them. + (Closes: #300129,#300677) + gpg-agent(1) documents ~/gpg-agent.conf. (Closes: #300676) + * Update debian/copyright. + * Drop gnupg2.postinst gnupg2.postrm postinst postrm. They all only consited + of calls to suidregister for /usr/bin/gpg" or "chmod 4755 /usr/bin/gpg". + suidregister has been obsolete for a long time and /usr/bin/gpg is not + part of these packages. - If /usr/bin/gpg(v)2 was supposed to be installed + suid it should be shipped with these permissions in the deb instead + using chmod in postinst anyway. + * Drop preinst (ending up as gnupg-agent's preinst), which only showed + a warning on upgrades from <<0.3.2-1. - There never was a gnupg-agent + 0.3.2-1. + * Add (noop) binary-indep target as required by policy 4.9. + + -- Andreas Metzler Sun, 8 Oct 2006 07:51:44 +0000 + +gnupg2 (1.9.20-2) unstable; urgency=high + + * debian/control: Make myself the maintainer with Matthias' permission. + * Acknowledge NMU. (Closes: #375053, #376755) + * g10/parse-packet.c: Patch from Martin Schulze to backport security fix + for CVE-2006-3746, crash when receiving overly long comments. + + -- Eric Dorland Fri, 4 Aug 2006 18:11:43 -0400 + +gnupg2 (1.9.20-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Adapt patch from upstream CVS, fixing buffer overflow leading to remote + DoS/crash (CVE-2006-3082). (Closes: #375053) + + -- Steinar H. Gunderson Tue, 4 Jul 2006 20:37:43 +0200 + +gnupg2 (1.9.20-1) unstable; urgency=low + + * New Upstream version. Closes:#306890,#344530 + * Closes:#320490: gpg-protect-tool fails to decrypt PKCS-12 files + * Depend on libopensc2-dev, not -1-. Closes:#348106 + + -- Matthias Urlichs Tue, 24 Jan 2006 04:31:42 +0100 + +gnupg2 (1.9.19-2) unstable; urgency=low + + * Convert debian/changelog to UTF-8. + * Put gnupg-agent and gpgsm lintian overrides in the respectively + right package. Closes: #335066 + * Added debhelper tokens to maintainer scripts. + * xsession fixes: + o Added host name to gpg-agent PID file name. Closes: #312717 + o Fixed xsession script to be able to run under zsh. Closes: #308516 + o Don't run gpg-agent if one is already running. Closes: #336480 + * debian/control: + o Fixed package description of gpgsm package. Closes: #299842 + o Added mention of gpg-agent to description of gnupg-agent package. + Closes: #304355 + * Thanks to Peter Eisentraut for all of the above. + + -- Matthias Urlichs Thu, 8 Dec 2005 22:13:21 +0100 + +gnupg2 (1.9.19-1) unstable; urgency=low + + * Merged with 1.9.19. + * Re-enable gpgv2 package. + + -- Matthias Urlichs Sat, 22 Oct 2005 14:33:33 +0200 + +gnupg2 (1.9.17-1) unstable; urgency=low + + * Merged with Upstream 1.9.17. + + -- Matthias Urlichs Mon, 4 Jul 2005 01:56:43 +0200 + +gnupg2 (1.9.15-6) unstable; urgency=high + + * Move gpg-protect-tool to the gpgsm package. + Closes: #303492. + High urgency because this renders gpgsm unuseable for some people. + * gpg-agent: Override max-cache-ttl if a higher default is set. + Closes: #302692. + + -- Matthias Urlichs Thu, 7 Apr 2005 10:13:19 +0200 + +gnupg2 (1.9.15-5) unstable; urgency=low + + * Add /etc/X11/Xsession.d/90gpg-agent script. Closes: #300128. + * Emphasize that gnupg2 is NOT useful at the moment. + * Conflict+replace gpg-agent with newpg. + + -- Matthias Urlichs Thu, 10 Mar 2005 22:46:10 +0100 + +gnupg2 (1.9.15-4) unstable; urgency=low + + * Incorporated Ubuntu changes from Andreas Mueller. + + -- Matthias Urlichs Thu, 10 Mar 2005 21:41:59 +0100 + +gnupg2 (1.9.15-3ubuntu3) hoary; urgency=low + + * removed info file + + -- Andreas Mueller Tue, 8 Mar 2005 01:58:39 +0100 + +gnupg2 (1.9.15-3ubuntu2) hoary; urgency=low + + * changed rules file, part cp gnupg.info to mv + and added dh_installinfo. + * changed Standards Version to 3.6.1 + + -- Andreas Mueller Tue, 8 Mar 2005 00:53:31 +0100 + +gnupg2 (1.9.15-3ubuntu1) hoary; urgency=low + + * added missing build depends texinfo + + -- Andreas Mueller Mon, 7 Mar 2005 22:47:56 +0100 + +gnupg2 (1.9.15-2) hoary; urgency=low + + * Initial checkin + + -- Andreas Mueller Mon, 7 Mar 2005 21:13:32 +0100 + +gnupg2 (1.9.15-1) experimental; urgency=low + + * New Upstream release. + * Removed -doc package: + - The package itself is too smal to merit being packaged separately. + - Interim solution: Documentation is included in the gnupg2 package. + - Goal: ask Upstream to split the .info file. + * Removed suidness. + * Update debian/copyright. + * Require libassuan >= 0.6.9. + + -- Matthias Urlichs Tue, 25 Jan 2005 08:19:15 +0100 + +gnupg2 (1.9.11+cvs20040924-5) experimental; urgency=low + + * Rebuild to depend on opensc1. + * Split -doc into its own package. + + -- Matthias Urlichs Thu, 16 Dec 2004 10:30:44 +0100 + +gnupg2 (1.9.11+cvs20040924-4) experimental; urgency=low + + * Turn on setuid-ness. + - Added Lintian overrides. + * Install all "standard" message files. + - Makefile.in: The package name for gettext is in the macro PACKAGE_GT, + not PACKAGE. + * Fix shebang line of addgnupghome script. + * Install info file in the correct place. + * Build cleanups. + + -- Matthias Urlichs Tue, 5 Oct 2004 10:59:56 +0200 + +gnupg2 (1.9.11+cvs20040924-3) experimental; urgency=low + + * rename gnupg-agent's changelog file + * Fix gnupg-agent's dependencies + + -- Matthias Urlichs Sun, 3 Oct 2004 20:14:30 +0200 + +gnupg2 (1.9.11+cvs20040924-2) experimental; urgency=low + + * Shipped a /usr/share/locale.alias file. Ouch. + * Split off gpgsm. + + -- Matthias Urlichs Wed, 29 Sep 2004 10:25:51 +0200 + +gnupg2 (1.9.11+cvs20040924-1) experimental; urgency=low + + * New Upstream. + + -- Matthias Urlichs Sat, 25 Sep 2004 11:05:44 +0200 + +gnupg2 (1.9.10+cvs-1) experimental; urgency=low + + * Packaged latest Upstream version. + * Split gpg-agent into its own .deb. + * Bit the bullet and started using debhelper. + + -- Matthias Urlichs Thu, 19 Aug 2004 11:43:34 +0200 + +gnupg2 (1.9.9-1) experimental; urgency=low + + * Packaged latest Upstream version. + + -- Matthias Urlichs Mon, 14 Jun 2004 17:18:18 +0200 + +gnupg2 (1.9.5-1) experimental; urgency=low + + * Packaged Upstream development version. + Closes:#187548 + + -- Matthias Urlichs Mon, 8 Mar 2004 05:30:35 +0100 + +gnupg (1.2.4-4) unstable; urgency=low + + * 12_zero_length_header.dpatch: update patch from David Shaw + to fix the fix of crashing on certain + keys. Closes: #234289 + + -- James Troup Mon, 23 Feb 2004 18:02:20 +0000 + +gnupg (1.2.4-3) unstable; urgency=low + + * Move to dpatch; existing non-debian/ change split into + 10_hppa_unaligned_constant.dpatch. + + * debian/rules: include /usr/share/dpatch/dpatch.make. + * debian/rules (build): depend on patch-stamp. + * debian/rules (clean): depend on unpatch. Remove debian/patched. + * debian/control (Build-Depends): add dpatch. + + * debian/rules: update version number and use install_foo convenience + variables. + * debian/rules (clean): remove emacs backup files from any directory. + + * 11_fi_po_update.dpatch: new patch from Tommi Vainikainen + to update Finnish translation as the current one + renders gnupg unusable. Closes: #232030, #222951, #192582 + * debian/rules (clean): remove po/fi.gmo to avoid dpkg-source errors + over unrepresentable changes to source. + + * 12_zero_length_header.dpatch: new patch from David Shaw + to fix cases where importing certain keys + makes the keyring unuseable. Closes: #232714 + + * 13_revoked_keys.dpatch: new patch from David Shaw + to list revoked keys as revoked. Closes: #231814 + + * 14_getkey_not_found_fix.dpatch: new patch from David Shaw + to fix --list-sigs incorrectly claiming "User + id not found". Closes: #229549 + + -- James Troup Fri, 20 Feb 2004 16:38:12 +0000 + +gnupg (1.2.4-2) unstable; urgency=low + + * mpi/hppa1.1/udiv-qrnnd.S: patch from LaMont Jones + to fix unaligned constant. Closes: #228456 + * debian/copyright: update year and version number. + + -- James Troup Tue, 20 Jan 2004 17:19:58 +0000 + +gnupg (1.2.4-1) unstable; urgency=medium + + * New upstream release. + * Most support for ElGamal Sign+Encrypt keys has been removed. Closes: #222293 + * No longer miss-identifies GNU/KFreeBSD as GNU/Hurd. Closes: #216957 + * Fixes build error on GNU/KFreeBSD (and Glibc-based GNU/KNetBSD). Closes: #221079 + * Fixes segmentation fault in prime generator. Closes: #213989 + * Fixes trustdb not updating without ultimately trusted keys. Closes: #222368 + + * debian/control (Build-Depends): add libbz2-dev. + + -- James Troup Wed, 31 Dec 2003 17:57:52 +0000 + +gnupg (1.2.3-1) unstable; urgency=low + + * New upstream release (Closes: #207340). + * gpg no longer kills keyrings by importing broken keys. Closes: #196505 + * options.skel uses subkeys.pgp.net instead of pgp.mit.edu. Closes: #206092 + * --import now closes files when it's done. Closes: #196643 + * A key listing speed regression has been fixed. Closes: #192083 + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + * debian/control (Standards-Version): bump to 3.6.0. + + * debian/Upgrading_From_PGP.txt: new file from to Richard Braakman + . Closes: #173233 + * debian/rules (binary-arch): install it. + + * debian/rules (build): correct libexecdir passed to configure; patch + from Matthias Cramer . Fixes invocation of + gpgkeys_ldap. Closes: #168486 + + -- James Troup Thu, 28 Aug 2003 14:08:50 +0100 + +gnupg (1.2.2-1) unstable; urgency=low + + * New upstream release. + * debian/control (Standards-Version): bump to 3.5.9.0. + * debian/rules (binary-arch): install convert-from-106 as + gpg-convert-from-106 and fix the path to gpg. + * debian/control: remove trailing full stop from short description. + * debian/control: remove out-dated and contradictory information about + RSA. + + -- James Troup Mon, 5 May 2003 03:08:58 +0100 + +gnupg (1.2.1-2) unstable; urgency=low + + * Update config.guess (to 2002-10-21) and config.sub (to 2002-09-05). + Thanks to Ryan Murray. Closes: #166696 + + -- James Troup Mon, 28 Oct 2002 01:47:26 +0000 + +gnupg (1.2.1-1) unstable; urgency=low + + * New upstream version. + * An inifinte loop in --update-trustdb has been fixed. Closes: #162039 + * The polish translation is now correctly specified as UTF-8. Closes: #162885 + * --refresh-keys is now documented in the manpage. Closes: #165566 + * debian/control (Conflicts): add gpg-idea <= 2.2 since gnupg >= 1.2 is + incompatible with that version of gpg-idea. Closes: #162314 + + -- James Troup Fri, 25 Oct 2002 18:18:43 +0100 + +gnupg (1.2.0-1) unstable; urgency=low + + * New upstream version. Closes: #161817. + * --options no longer mis-handles a directory as an argument. Closes: #151973 + * gpg now prompts before sending all keys to the keyserver. Closes: #64607 + * There is now a gnupg(7) manpage. Closes: #157750 + * The permission checking has been sanitized and handles non-home-dir + keyrings better. Closes: #147760 + * notation data longer than 5 characters is now handled. Closes: #156871 + * an abort when setting trust levels in a czech locale has been fixed. + Closes: #149212 + * debian/rules (binary-arch): there are no more modules, adjust + accordingly. + * debian/postinst, debian/prerm: remove; no longer do /usr/doc symlinks. + * debian/rules (binary-arch): don't install obsolete postinst or prerm. + * debian/rules (binary-arch): gzip gnupg.7 too. + * debian/rules (build): pass --libexecdir=/usr/lib/gnupg to configure. + * debian/rules (binary-arch): likewise, pass suitable libexcedir + argument to make install. + * debian/control (Standards-Version): update to 3.5.7.0. + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + -- James Troup Sun, 22 Sep 2002 22:26:25 +0100 + +gnupg (1.0.7-2) unstable; urgency=low + + * debian/control (Suggests): add xloadimage since that's what gpg uses + by default to view photo IDs. Thanks to Julien Danjou + for the suggestion. Closes: #156245 + * debian/control (Depends): add "hurd" to the alternatives to + makedev. Thanks to Michal Suchanek for + noticing. Closes: #158492 + * po/it.po: patch to fix typos from Marco Bodrato + Thu, 29 Aug 2002 01:42:58 +0100 + +gnupg (1.0.7-1) unstable; urgency=low + + * New upstream version. Closes: #145477. + * GDBM support has been removed. Closes: #33009. + * Now adds the default keyring when a keyring is specified. + Closes: #50616, #65260. + * Now does the Right Thing when receiving a key from the keyserver and + the key in question is in both a read-only and writable keyring. + Closes: #63297. + * Automatic key retrieval is now configurable. Closes: #64940. + * --no-options supresses ~/.gnupg creation again. Closes: #95486. + * duplicate trust entries are no longer treated as an error. Closes: #96480. + * There's now no comment line in ascii armours. Closes: #100088. + * Handle secret keyring given as keyring better. Closes: #100581, #106670. + * It's now documented that --with-colons unconditionally uses UTF8. + Closes: #101446, 101454. + * s/now/knows/ typo in manpage fixed. Closes: #107471. + * There's now support for a primary UID. Closes: #106567, #108155. + * Handles errors in uncompression layer beter. Closes: #112392. + * Key selection has been entirely revamped. Closes: #136170. + * Handles empty encrypt-to. Closes: #138378 + + * debian/rules (binary-arch): remove empty /usr/info directory, thanks + to Joey Hess . Closes: #121864. + * debian/control: remove duplicated word from long description, thanks + to Nicolas Boulenguez . Closes: #144786. + * README: correct URL to GPH and other docs, thanks to Mark Brown + . Closes: #100277. + * debian/control (Standards-Version): updated to 3.5.6.1. + * debian/rules (binary-arch): only strip ELF binaries. es_ES -> es hack + no longer needed as fixed upstream. + * debian/control (Build-Depends): remove libgdbmg1-dev; no longer used. + * debian/README.Debian: remove note about gdbm support which was finally + removed. Update note on old versions of gnupg to reflect the + pre-historic nature of those versions. + * debian/control (Build-Depends): add libldap2-dev. + * debian/rules (binary-arch): call dpkg-shlibdeps for all ELF binaries. + * debian/control (Build-Depends): add file. + * debian/control (Priority): increase to standard to match overrides. + + -- James Troup Sat, 11 May 2002 15:08:02 +0100 + +gnupg (1.0.6-3) unstable; urgency=low + + * moved into main. + + -- James Troup Tue, 19 Mar 2002 16:17:09 +0000 + +gnupg (1.0.6-2) unstable; urgency=high + + * debian/rules (binary-arch): remove the erroneous + /usr/share/locale/locale.alias that 'make install' adds; closes: + #99293. + + -- James Troup Wed, 30 May 2001 20:40:59 +0100 + +gnupg (1.0.6-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 29 May 2001 20:59:49 +0100 + +gnupg (1.0.5-4) unstable; urgency=low + + * Patch from Werner. + + -- James Troup Sun, 27 May 2001 09:34:50 +0100 + +gnupg (1.0.5-3) unstable; urgency=low + + * Apply patch from Matthew Wilcox to fix assembly on + hppa. + + -- James Troup Sun, 13 May 2001 02:36:45 +0100 + +gnupg (1.0.5-2) unstable; urgency=medium + + * util/http.c: patch from Werner that fixes --send-key, closes: #96277. + * debian/control (Depends): accept devfsd in place of makedev, closes: + #96307. + + -- James Troup Mon, 7 May 2001 00:13:51 +0100 + +gnupg (1.0.5-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: fix spelling and update URL. + * debian/rules (binary): remove the new info files. + * scripts/config.{guess,sub}: sync with subversions, closes: #95729. + + -- James Troup Mon, 30 Apr 2001 02:12:38 +0100 + +gnupg (1.0.4-4) unstable; urgency=low + + * po/ru.po: patch by Ilya Martynov to replace German + entries and add missing translations, closes: #93987. + * g10/revoke.c (ask_revocation_reason): typo fix (s/non longer/no + longer/g); noticed by Colin Watson , closes: + #93664. + + * Deprecated depreciated; noticed by Vincent Broman + . + + * Following two patches are from Vincent Broman. + * g10/mainproc.c (proc_tree): use iobuf_get_real_fname() in preference + to iobuf_get_fname(). + * g10/openfile.c (open_sigfile): handle .sign prefixed files correctly. + + -- James Troup Fri, 20 Apr 2001 23:32:44 +0100 + +gnupg (1.0.4-3) unstable; urgency=medium + + * debian/rules (binary): make gpg binary suid, closes: #86433. + * debian/postinst: don't use suidregister. + * debian/postrm: removed (only called suidunregister). + * debian/control: conflict with suidmanager << 0.50. + * mpi/longlong.h: apply fix for ARM long long artimetic from Philip + Blundell , closes: #87487. + * debian/preinst: the old GnuPG debs have moved to people.debian.org. + * cipher/random.c: #include as well as + * g10/misc.c: likewise. + * debian/rules: define a strip alias which removes the .comment and + .note sections. + * debian/rules (binary-arch): use it. + * debian/lintian.override: new file; override the SUID warning from + lintian. + * debian/rules (binary-arch): install it. + + -- James Troup Sun, 25 Feb 2001 05:24:58 +0000 + +gnupg (1.0.4-2) stable unstable; urgency=high + + * Apply security fix patch from Werner. + * Apply another patch from Werner to fix bogus warning on Rijndael + usage. + * Change section to 'non-US'. + + -- James Troup Mon, 12 Feb 2001 07:47:02 +0000 + +gnupg (1.0.4-1) stable unstable; urgency=high + + * New upstream version. + * Fixes a serious bug which could lead to false signature verification + results when more than one signature is fed to gpg. + + -- James Troup Tue, 17 Oct 2000 17:26:17 +0100 + +gnupg (1.0.3b-1) unstable; urgency=low + + * New upstream snapshot version. + + -- James Troup Fri, 13 Oct 2000 18:08:14 +0100 + +gnupg (1.0.3-2) unstable; urgency=low + + * debian/control: Conflict, Replace and Provide gpg-rsa & gpg-rsaref. + Fix long description to reflect the fact that RSA is no longer + patented and now included. [#72177] + * debian/rules: move faq.html to /usr/share/doc/gnupg/ and remove FAQ + from /usr/share/gnupg/. Thanks to Robert Luberda + for noticing. [#72151] + * debian/control: Suggest new package gnupg-doc. [#64323, #65560] + * utils/secmem.c (lock_pool): don't bomb out if mlock() returns ENOMEM, + as Linux will do this if resource limits (or other reasons) prevent + memory from being locked, instead treat it like permission was denied + and warn but continue. Thanks to Topi Miettinen + . [#70446] + * g10/hkp.c (not_implemented): s/ist/is/ in error message. + * debian/README.Debian: add a note about GDBM support and why it is + disabled. Upstream already fixed the manpage. [#65913] + * debian/rules (binary-arch): fix the Spanish translation to be 'es' not + 'es_ES' at Nicolás Lichtmaier 's request. [#57314] + + -- James Troup Sun, 1 Oct 2000 14:55:03 +0100 + +gnupg (1.0.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Mon, 18 Sep 2000 15:56:54 +0100 + +gnupg (1.0.2-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Thu, 13 Jul 2000 20:26:50 +0100 + +gnupg (1.0.1-2) unstable; urgency=low + + * debian/control (Build-Depends): added. + * debian/copyright: corrected location of copyright file. Removed + references to Linux. Removed warnings about beta nature of GnuPG. + * debian/rules (binary-arch): install documentation into + /usr/share/doc/gnupg/ and pass mandir to make install to ensure the + manpages go to /usr/share/man/. + * debian/postinst: create /usr/doc/gnupg symlink. + * debian/prerm: new file; remove /usr/doc/gnupg symlink. + * debian/rules (binary-arch): install prerm. + * debian/control (Standards-Version): updated to 3.1.1.1. + + -- James Troup Thu, 30 Dec 1999 16:16:49 +0000 + +gnupg (1.0.1-1) unstable; urgency=low + + * New upstream version. + * doc/gpg.1: updated to something usable from + ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gpg.1.gz. + + -- James Troup Sun, 19 Dec 1999 23:47:10 +0000 + +gnupg (1.0.0-3) unstable; urgency=low + + * debian/rules (build): remove the stunningly ill-advised --host option + to configure. [#44698, #48212, #48281] + + -- James Troup Tue, 26 Oct 1999 01:12:59 +0100 + +gnupg (1.0.0-2) unstable; urgency=low + + * debian/rules (binary-arch): fix the permissions on the + modules. [#47280] + * debian/postinst, debian/postrm: fix the package name passed to + suidregister. [#45013] + * debian/control: update long description. [#44636] + * debian/rules (build): pass the host explicitly to configure to avoid + problems on sparc64. [(Should fix) #44698]. + + -- James Troup Wed, 20 Oct 1999 23:39:05 +0100 + +gnupg (1.0.0-1) unstable; urgency=low + + * New upstream release. [#44545] + + -- James Troup Wed, 8 Sep 1999 00:53:02 +0100 + +gnupg (0.9.10-2) unstable; urgency=low + + * debian/rules (binary-arch): install lspgpot. Requested by Kai + Henningsen . [#42288] + * debian/rules (binary-arch): correct the path where modules are looked + for. Reported by Karl M. Hegbloom . [#40881] + * debian/postinst, debian/postrm: under protest, register gpg the + package with suidmanager and make it suid by default. + [#29780,#32590,#40391] + + -- James Troup Tue, 10 Aug 1999 00:12:40 +0100 + +gnupg (0.9.10-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Fri, 6 Aug 1999 01:16:21 +0100 + +gnupg (0.9.9-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sun, 25 Jul 1999 01:06:31 +0100 + +gnupg (0.9.8-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): don't create a gpgm manpage as the binary + no longer exists. Noticed by Wichert Akkerman + . [#38864] + + -- James Troup Sun, 27 Jun 1999 01:07:58 +0100 + +gnupg (0.9.7-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 25 May 1999 13:23:24 +0100 + +gnupg (0.9.6-1) unstable; urgency=low + + * New upstream version. + * debian/copyright: update version number, noticed by Lazarus Long + . + * debian/control (Depends): depend on makedev (>= 2.3.1-13) to ensure + that /dev/urandom exists; reported by Steffen Markert + . [#32076] + + -- James Troup Tue, 11 May 1999 21:06:27 +0100 + +gnupg (0.9.5-1) unstable; urgency=low + + * New upstream version. + * debian/control (Description): no tabs. [Lintian] + + -- James Troup Wed, 24 Mar 1999 22:37:40 +0000 + +gnupg (0.9.4-1) unstable; urgency=low + + * New version. + * debian/control: s/GNUPG/GnuPG/ + + -- Werner Koch Mon, 8 Mar 1999 19:58:28 +0100 + +gnupg (0.9.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Mon, 22 Feb 1999 22:55:04 +0000 + +gnupg (0.9.2-1) unstable; urgency=low + + * New version. + * debian/rules (build): Removed CFLAGS as the default is now sufficient. + * debian/rules (clean): remove special handling cleanup in intl. + + -- Werner Koch Wed, 20 Jan 1999 21:23:11 +0100 + +gnupg (0.9.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 9 Jan 1999 22:29:11 +0000 + +gnupg (0.9.0-1) unstable; urgency=low + + * New upstream version. + * g10/armor.c (armor_filter): add missing new line in comment string; as + noticed by Stainless Steel Rat . + + -- James Troup Tue, 29 Dec 1998 20:22:43 +0000 + +gnupg (0.4.5-1) unstable; urgency=low + + * New upstream version. + * debian/rules (clean): force removal of intl/libintl.h which the + Makefiles fail to remove properly. + + -- James Troup Tue, 8 Dec 1998 22:40:23 +0000 + +gnupg (0.4.4-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 21 Nov 1998 01:34:29 +0000 + +gnupg (0.4.3-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: new file; contains same information as is in the + preinst. Suggested by Wichert Akkerman . + * debian/rules (binary-arch): install `README.Debian' + * debian/control (Standards-Version): updated to 2.5.0.0. + + -- James Troup Sun, 8 Nov 1998 19:08:12 +0000 + +gnupg (0.4.2-1) unstable; urgency=low + + * New upstream version. + * debian/preinst: improve message about the NEWS file which isn't + actually installed when it's referred to, thanks to Martin Mitchell + . + * debian/rules (binary-arch): don't install the now non-existent `rfcs', + but do install `OpenPGP'. + + -- James Troup Sun, 18 Oct 1998 22:48:34 +0100 + +gnupg (0.4.1-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): fix the gpgm manpage symlink now installed + by `make install'. + + -- James Troup Sun, 11 Oct 1998 17:01:21 +0100 + +gnupg (0.4.0-1) unstable; urgency=high + + * New upstream version. [#26717] + * debian/copyright: tone down warning about alpha nature of gnupg. + * debian/copyright: new maintainer address. + * debian/control: update extended description. + * debian/rules (binary-arch): install FAQ and all ChangeLogs. + * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about + incompatibilities in keyring format and offer to move old copy out of + gpg out of the way for transition strategy and inform the user about + the old copies of gnupg available on my web page. + * debian/rules (binary-arch) install preinst. + * debian/rules (binary-arch): don't depend on the test target as it is + now partially interactive (tries to generate a key, which requires + someone else to be using the computer). + + -- James Troup Thu, 8 Oct 1998 00:47:07 +0100 + +gnupg (0.3.2-1) unstable; urgency=low + + * New upstream version. + * debian/control (Maintainer): new address. + * debian/copyright: updated list of changes. + + -- James Troup Thu, 9 Jul 1998 21:06:07 +0200 + +gnupg (0.3.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 7 Jul 1998 00:26:21 +0200 + +gnupg (0.3.0-2) unstable; urgency=low + + * Applied bug-fix patch from Werner. + + -- James Troup Fri, 26 Jun 1998 12:18:29 +0200 + +gnupg (0.3.0-1) unstable; urgency=low + + * New upstream version. + * debian/control: rewrote short and long description. + * cipher/Makefile.am: link tiger with -lc. + * debian/rules (binary-arch): strip loadable modules. + * util/secmem.c (lock_pool): get rid of errant test code; fix from + Werner Koch . + * debian/rules (test): new target which runs gnupg's test suite. + binary-arch depends on it, to ensure it's run whenever the package is + built. + + -- James Troup Thu, 25 Jun 1998 16:04:57 +0200 + +gnupg (0.2.19-1) unstable; urgency=low + + * New upstream version. + * debian/control: Updated long description. + + -- James Troup Sat, 30 May 1998 12:12:35 +0200 + +gnupg (0.2.18-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 16 May 1998 11:52:47 +0200 + +gnupg (0.2.17-1) unstable; urgency=high + + * New upstream version. + * debian/control (Standards-Version): updated to 2.4.1.0. + * debian/control: tone down warning about alpha nature of gnupg, as per + README. + * debian/copyright: ditto. + + -- James Troup Mon, 4 May 1998 22:36:51 +0200 + +gnupg (0.2.15-1) unstable; urgency=high + + * New upstream version. + + -- James Troup Fri, 10 Apr 1998 01:12:20 +0100 + +gnupg (0.2.13-1) unstable; urgency=high + + * New upstream version. + + -- James Troup Wed, 11 Mar 1998 01:52:51 +0000 + +gnupg (0.2.12-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 7 Mar 1998 13:52:40 +0000 + +gnupg (0.2.11-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Wed, 4 Mar 1998 01:32:12 +0000 + +gnupg (0.2.10-1) unstable; urgency=low + + * New upstream version. + * Name changed upstream. + + -- James Troup Mon, 2 Mar 1998 07:32:05 +0000 + +g10 (0.2.7-1) unstable; urgency=low + + * Initial release. + + -- James Troup Fri, 20 Feb 1998 02:05:34 +0000 diff --git a/clean b/clean new file mode 100644 index 0000000..4b27f09 --- /dev/null +++ b/clean @@ -0,0 +1,9 @@ +po/*.gmo +po/stamp-po +build-gpgv-static/ +build-gpgv-udeb/ +build-gpgv-win32/ +build-maintainer/ +doc/gnupg.info +doc/gnupg.info-1 +doc/gnupg.info-2 diff --git a/compat b/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +11 diff --git a/control b/control new file mode 100644 index 0000000..3ebc38c --- /dev/null +++ b/control @@ -0,0 +1,502 @@ +Source: gnupg2 +Section: utils +Priority: optional +Maintainer: Debian GnuPG Maintainers +Uploaders: + Eric Dorland , + Daniel Kahn Gillmor , +Standards-Version: 4.2.1 +Build-Depends: + automake, + autopoint, + debhelper (>= 11~), + file, + gettext, + ghostscript, + imagemagick, + libassuan-dev (>= 2.5.0), + libbz2-dev, + libcurl4-gnutls-dev, + libgcrypt20-dev (>= 1.7.0), + libgnutls28-dev (>= 3.0), + libgpg-error-dev (>= 1.35), + libksba-dev (>= 1.3.4), + libldap2-dev, + libnpth0-dev (>= 1.2), + libreadline-dev, + librsvg2-bin, + libsqlite3-dev, + libusb-1.0-0-dev [!hurd-any], + openssh-client , + pkg-config, + texinfo, + transfig, + zlib1g-dev | libz-dev, +Build-Depends-Indep: + binutils-multiarch [!amd64 !i386], + libassuan-mingw-w64-dev (>= 2.5.0), + libgcrypt-mingw-w64-dev (>= 1.7.0), + libgpg-error-mingw-w64-dev (>= 1.26-2~), + libksba-mingw-w64-dev (>= 1.3.4), + libnpth-mingw-w64-dev (>= 1.2), + libz-mingw-w64-dev, + mingw-w64, +Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/buster +Vcs-Browser: https://salsa.debian.org/debian/gnupg2 +Homepage: https://www.gnupg.org/ +Rules-Requires-Root: no + +Package: gpgconf +Architecture: any +Multi-Arch: foreign +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Replaces: + gnupg (<< 2.1.21-4), + gnupg-agent (<< 2.1.21-4), +Breaks: + gnupg (<< 2.1.21-4), + gnupg-agent (<< 2.1.21-4), +Description: GNU privacy guard - core configuration utilities + GnuPG is GNU's tool for secure communication and data storage. + . + This package contains core utilities used by different tools in the + suite offered by GnuPG. It can be used to programmatically edit + config files for tools in the GnuPG suite, to launch or terminate + per-user daemons (if installed), etc. + +Package: gnupg-agent +Architecture: all +Section: oldlibs +Multi-Arch: foreign +Depends: + gpg-agent (>= ${source:Version}), + ${misc:Depends}, +Description: GNU privacy guard - cryptographic agent (dummy transitional package) + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This is a dummy transitional package; please use gpg-agent instead. + +Package: gpg-agent +Architecture: any +Multi-Arch: foreign +Depends: + gpgconf (= ${binary:Version}), + pinentry-curses | pinentry, + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + gnupg (= ${binary:Version}), + ${shlibs:Recommends}, +Suggests: + dbus-user-session, + libpam-systemd, + pinentry-gnome3, + scdaemon, +Replaces: + gnupg-agent (<< 2.1.21-4), +Breaks: + gnupg-agent (<< 2.1.21-4), +Provides: + gnupg-agent, +Description: GNU privacy guard - cryptographic agent + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains the agent program gpg-agent which handles all + secret key material for OpenPGP and S/MIME use. The agent also + provides a passphrase cache, which is used by pre-2.1 versions of + GnuPG for OpenPGP operations. Without this package, trying to do + secret-key operations with any part of the modern GnuPG suite will + fail. + +Package: gpg-wks-server +Architecture: any +Multi-Arch: foreign +Depends: + gpg (= ${binary:Version}), + gpg-agent (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + gnupg (= ${binary:Version}), + ${shlibs:Recommends}, +Description: GNU privacy guard - Web Key Service server + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package provides the GnuPG server for the Web Key Service + protocol. + . + A Web Key Service is a service that allows users to upload keys per + mail to be verified over https as described in + https://tools.ietf.org/html/draft-koch-openpgp-webkey-service + . + For more information see: https://wiki.gnupg.org/WKS + +Package: gpg-wks-client +Architecture: any +Multi-Arch: foreign +Depends: + dirmngr (= ${binary:Version}), + gpg (= ${binary:Version}), + gpg-agent (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + gnupg (= ${binary:Version}), + ${shlibs:Recommends}, +Description: GNU privacy guard - Web Key Service client + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package provides the GnuPG client for the Web Key Service + protocol. + . + A Web Key Service is a service that allows users to upload keys per + mail to be verified over https as described in + https://tools.ietf.org/html/draft-koch-openpgp-webkey-service + . + For more information see: https://wiki.gnupg.org/WKS + +Package: scdaemon +Architecture: any +Multi-Arch: foreign +Depends: + gpg-agent (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Enhances: + gpg-agent, +Description: GNU privacy guard - smart card support + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains the smart card program scdaemon, which is used + by gpg-agent to access OpenPGP smart cards. + +Package: gpgsm +Architecture: any +Multi-Arch: foreign +Depends: + gpgconf (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + gnupg (= ${binary:Version}), + ${shlibs:Recommends}, +Breaks: + gnupg2 (<< 2.1.10-2), +Replaces: + gnupg2 (<< 2.1.10-2), +Description: GNU privacy guard - S/MIME version + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains the gpgsm program. gpgsm is a tool to provide + digital encryption and signing services on X.509 certificates and the + CMS protocol. gpgsm includes complete certificate management. + +Package: gpg +Architecture: any +Multi-Arch: foreign +Depends: + gpgconf (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + gnupg (= ${binary:Version}), + ${shlibs:Recommends}, +Breaks: + gnupg (<< 2.1.21-4), +Replaces: + gnupg (<< 2.1.21-4), +Description: GNU Privacy Guard -- minimalist public key operations + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains /usr/bin/gpg itself, and is useful on its own + only for public key operations (encryption, signature verification, + listing OpenPGP certificates, etc). If you want full capabilities + (including secret key operations, network access, etc), please + install the "gnupg" package, which pulls in the full suite of tools. + +Package: gnupg +Architecture: all +Multi-Arch: foreign +Depends: + dirmngr (<< ${source:Version}.1~), + dirmngr (>= ${source:Version}), + gnupg-l10n (= ${source:Version}), + gnupg-utils (<< ${source:Version}.1~), + gnupg-utils (>= ${source:Version}), + gpg (<< ${source:Version}.1~), + gpg (>= ${source:Version}), + gpg-agent (<< ${source:Version}.1~), + gpg-agent (>= ${source:Version}), + gpg-wks-client (<< ${source:Version}.1~), + gpg-wks-client (>= ${source:Version}), + gpg-wks-server (<< ${source:Version}.1~), + gpg-wks-server (>= ${source:Version}), + gpgsm (<< ${source:Version}.1~), + gpgsm (>= ${source:Version}), + gpgv (<< ${source:Version}.1~), + gpgv (>= ${source:Version}), + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + ${shlibs:Recommends}, +Suggests: + parcimonie, + xloadimage, +Breaks: + debsig-verify (<< 0.15), + dirmngr (<< ${binary:Version}), + gnupg2 (<< 2.1.11-7+exp1), + libgnupg-interface-perl (<< 0.52-3), + libgnupg-perl (<= 0.19-1), + libmail-gnupg-perl (<= 0.22-1), + monkeysphere (<< 0.38~), + php-crypt-gpg (<= 1.4.1-1), + python-apt (<= 1.1.0~beta4), + python-gnupg (<< 0.3.8-3), + python3-apt (<= 1.1.0~beta4), +Replaces: + gnupg2 (<< 2.1.11-7+exp1), +Description: GNU privacy guard - a free PGP replacement + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains the full suite of GnuPG tools for cryptographic + communications and data storage. + +Package: gnupg2 +Architecture: all +Section: oldlibs +Multi-Arch: foreign +Depends: + gnupg (>= ${source:Version}), + ${misc:Depends}, +Description: GNU privacy guard - a free PGP replacement (dummy transitional package) + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This is a dummy transitional package that provides symlinks from gpg2 + to gpg. + +Package: gpgv +Architecture: any +Priority: important +Multi-Arch: foreign +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Breaks: + gnupg2 (<< 2.0.21-2), + gpgv2 (<< 2.1.11-7+exp1), + python-debian (<< 0.1.29), +Replaces: + gnupg2 (<< 2.0.21-2), + gpgv2 (<< 2.1.11-7+exp1), +Suggests: + gnupg, +Description: GNU privacy guard - signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + . + gpgv is actually a stripped-down version of gpg which is only able + to check signatures. It is somewhat smaller than the fully-blown gpg + and uses a different (and simpler) way to check that the public keys + used to make the signature are valid. There are no configuration + files and only a few options are implemented. + +Package: gpgv2 +Section: oldlibs +Architecture: all +Multi-Arch: foreign +Depends: + gpgv (>= ${source:Version}), + ${misc:Depends}, +Description: GNU privacy guard - signature verification tool (dummy transitional package) + GnuPG is GNU's tool for secure communication and data storage. gpgv + is a stripped-down version of gpg which is only able to check + signatures. + . + This is a dummy transitional package that provides symlinks from gpgv2 + to gpgv. + +Package: dirmngr +Architecture: any +Multi-Arch: foreign +Depends: + adduser, + gpgconf (= ${binary:Version}), + lsb-base (>= 3.2-13), + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + gnupg (= ${binary:Version}), + ${shlibs:Recommends}, +Enhances: + gpg, + gpgsm, + squid, +Breaks: + gnupg2 (<< 2.1.10-2), +Replaces: + gnupg2 (<< 2.1.10-2), +Suggests: + dbus-user-session, + libpam-systemd, + pinentry-gnome3, + tor, +Description: GNU privacy guard - network certificate management service + dirmngr is a server for managing and downloading OpenPGP and X.509 + certificates, as well as updates and status signals related to those + certificates. For OpenPGP, this means pulling from the public + HKP/HKPS keyservers, or from LDAP servers. For X.509 this includes + Certificate Revocation Lists (CRLs) and Online Certificate Status + Protocol updates (OCSP). It is capable of using Tor for network + access. + . + dirmngr is used for network access by gpg, gpgsm, and dirmngr-client, + among other tools. Unless this package is installed, the parts of + the GnuPG suite that try to interact with the network will fail. + +Package: gpgv-udeb +Package-Type: udeb +Section: debian-installer +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Description: minimal signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This is GnuPG's signature verification tool, gpgv, packaged in minimal + form for use in debian-installer. + +Package: gpgv-static +Architecture: any +Multi-Arch: foreign +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + debian-archive-keyring, + debootstrap, +Description: minimal signature verification tool (static build) + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This is GnuPG's signature verification tool, gpgv, built statically + so that it can be directly used on any platform that is running on + the Linux kernel. Android and ChromeOS are two well known examples, + but there are many other platforms that this will work for, like + embedded Linux OSes. This gpgv in combination with debootstrap and + the Debian archive keyring allows the secure creation of chroot + installs on these platforms by using the full Debian signature + verification that is present in all official Debian mirrors. + +Package: gpgv-win32 +Architecture: all +Multi-Arch: foreign +Depends: + ${misc:Depends}, +Suggests: + wine, +Description: GNU privacy guard - signature verification tool (win32 build) + GnuPG is GNU's tool for secure communication and data storage. + . + gpgv is a stripped-down version of gnupg which is only able to check + signatures. It is smaller than the full-blown gnupg and uses a + different (and simpler) way to check that the public keys used to + make the signature are trustworthy. + . + This is a win32 version of gpgv. It's meant to be used by the win32-loader + component of Debian-Installer. + +Package: gnupg-l10n +Section: localization +Architecture: all +Multi-Arch: foreign +Depends: + ${misc:Depends}, +Enhances: + dirmngr, + gpg, + gpg-agent, +Breaks: + gnupg (<< 2.1.14-2~), + gnupg2 (<< 2.1.14-2~), +Replaces: + gnupg (<< 2.1.14-2~), + gnupg2 (<< 2.1.14-2~), +Description: GNU privacy guard - localization files + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This package contains the translation files for the use of GnuPG in + non-English locales. + +Package: gnupg-utils +Architecture: any +Multi-Arch: foreign +Replaces: + gnupg (<< 2.1.21-4), + gnupg-agent (<< 2.1.21-4), +Breaks: + gnupg (<< 2.1.21-4), + gnupg-agent (<< 2.1.21-4), +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Recommends: + gpg, + gpg-agent, + gpgconf, + gpgsm, +Description: GNU privacy guard - utility programs + GnuPG is GNU's tool for secure communication and data storage. + . + This package contains several useful utilities for manipulating + OpenPGP data and other related cryptographic elements. It includes: + . + * addgnupghome -- create .gnupg home directories + * applygnupgdefaults -- run gpgconf --apply-defaults for all users + * gpgcompose -- an experimental tool for constructing arbitrary + sequences of OpenPGP packets (e.g. for testing) + * gpgparsemail -- parse an e-mail message into annotated format + * gpgsplit -- split a sequence of OpenPGP packets into files + * gpgtar -- encrypt or sign files in an archive + * kbxutil -- list, export, import Keybox data + * lspgpot -- convert PGP ownertrust values to GnuPG + * migrate-pubring-from-classic-gpg -- use only "modern" formats + * symcryptrun -- use simple symmetric encryption tool in GnuPG framework + * watchgnupg -- watch socket-based logs diff --git a/copyright b/copyright new file mode 100644 index 0000000..521924e --- /dev/null +++ b/copyright @@ -0,0 +1,253 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: GnuPG - The GNU Privacy Guard (modern version) +Upstream-Contact: GnuPG development mailing list +Source: https://gnupg.org/download/ + +Files: * +Copyright: 1992, 1995-2016, Free Software Foundation, Inc +License: GPL-3+ + +Files: agent/command.c + agent/command-ssh.c + agent/gpg-agent.c + common/homedir.c + common/sysutils.c + g10/mainproc.c +Copyright: 1998-2007, 2009, 2012, Free Software Foundation, Inc + 2013, Werner Koch +License: GPL-3+ + +Files: autogen.sh +Copyright: 2003, g10 Code GmbH +License: permissive + +Files: common/gc-opt-flags.h + common/i18n.h + tools/clean-sat.c + tools/no-libgcrypt.c +Copyright: 1998-2001, 2003, 2004, 2006, 2007 Free Software Foundation, Inc +License: permissive + +Files: common/localename.c +Copyright: 1985, 1989-1993, 1995-2003, 2007, 2008 Free Software Foundation, Inc. +License: LGPL-2.1+ + +Files: dirmngr/dns.c + dirmngr/dns.h +Copyright: 2008-2010, 2012-2016 William Ahern +License: Expat + +Files: doc/yat2m.c + scd/app-geldkarte.c +Copyright: 2004, 2005, g10 Code GmbH + 2006, 2008, 2009, 2011, Free Software Foundation, Inc +License: GPL-3+ + +Files: scd/ccid-driver.h + scd/ccid-driver.c +Copyright: 2003-2007, Free Software Foundation, Inc +License: GPL-3+ or BSD-3-clause + +Files: tools/rfc822parse.c + tools/rfc822parse.h +Copyright: 1999-2000, Werner Koch, Duesseldorf + 2003-2004, g10 Code GmbH +License: LGPL-3+ + +Files: tools/sockprox.c +Copyright: 2007, g10 Code GmbH +License: GPL-3+ + +Files: doc/OpenPGP +Copyright: 1998-2013 Free Software Foundation, Inc. + 1997, 1998, 2013 Werner Koch + 1998 The Internet Society +License: RFC-Reference + +Files: tests/gpgscm/* +Copyright: 2000, Dimitrios Souflis + 2016, Justus Winter, Werner Koch +License: TinySCHEME + +Files: debian/* +Copyright: 1998-2018 Debian GnuPG packagers, including + Eric Dorland + Daniel Kahn Gillmor + NIIBE Yutaka +License: GPL-3+ + +Files: debian/org.gnupg.scdaemon.metainfo.xml +Copyright: 2017 Daniel Kahn Gillmor +Comment: This file is licensed permissively for the sake of AppStream +License: CC0-1.0 + +License: TinySCHEME + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + Neither the name of Dimitrios Souflis nor the names of the + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +License: permissive + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. + +License: RFC-Reference + doc/OpenPGP merely cites and references IETF Draft + draft-ietf-openpgp-formats-07.txt. This is believed to be fair use; + but if not, it's covered by the source document's license under + the 'comment on' clause. The license statement follows. + . + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph + are included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + . + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + +License: GPL-3+ + GnuPG is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + GnuPG is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, see . + . + On Debian systems, the full text of the GNU General Public + License version 3 can be found in the file + `/usr/share/common-licenses/GPL-3'. + +License: LGPL-3+ + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 3 of + the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . + . + On Debian systems, the full text of the GNU Lesser General Public + License version 3 can be found in the file + `/usr/share/common-licenses/LGPL-3'. + +License: LGPL-2.1+ + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . + . + On Debian systems, the full text of the GNU Lesser General Public + License version 2.1 can be found in the file + `/usr/share/common-licenses/LGPL-2.1'. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, and the entire permission notice in its entirety, + including the disclaimer of warranties. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior + written permission. + . + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to permit + persons to whom the Software is furnished to do so, subject to the + following conditions: + . + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, + DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR + OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE + USE OR OTHER DEALINGS IN THE SOFTWARE. + +License: CC0-1.0 + To the extent possible under law, the author(s) have dedicated all + copyright and related and neighboring rights to this software to the public + domain worldwide. This software is distributed without any warranty. + . + On Debian systems, the complete text of the CC0 license, version 1.0, + can be found in /usr/share/common-licenses/CC0-1.0. diff --git a/dirmngr.NEWS b/dirmngr.NEWS new file mode 100644 index 0000000..b0c550f --- /dev/null +++ b/dirmngr.NEWS @@ -0,0 +1,49 @@ +dirmngr (2.1.18-1) unstable; urgency=medium + + If your machine is configured with system user session management, + dirmngr will be managed automatically by systemd's user sessions on + machines configured with use systemd. Please consider installing the + packages that the dirmngr package Suggests:, and see + /usr/share/doc/dirmngr/README.Debian for more details. + + -- Daniel Kahn Gillmor Mon, 23 Jan 2017 22:50:34 -0500 + +dirmngr (2.1.13-3) experimental; urgency=medium + + gpg and most related processes will auto-launch dirmngr if needed. + + Any user who wants to launch dirmngr manually should do so with: + + gpgconf --launch dirmngr + + and may want to terminate dirmngr when their session ends with: + + gpgconf --kill dirmngr + + Users on machines with systemd can ensure that dirmngr is always + running for their session (and that it gets terminated at logout) + with: + + gpgconf --kill dirmngr + systemctl --user enable dirmngr + systemctl --user start dirmngr + + -- Daniel Kahn Gillmor Tue, 28 Jun 2016 17:55:15 -0400 + +dirmngr (2.1.0~beta895-1) experimental; urgency=medium + + No more dirmngr system service! + =============================== + + As of the 2.1.0 beta series, dirmngr is a local daemon that works + closely with gnupg2. It is launched on its own, per-user, and + listens on a standard socket (usually ~/.gnupg/S.dirmngr). There is + no more system-wide dirmngr process. + + If there is a special case where a dirmngr system process is + actually needed, please report a bug in dirmngr, and we can sort out + a way to set one up for that case so that everyone with dirmngr + installed doesn't need to have it running. + + -- Daniel Kahn Gillmor Tue, 07 Oct 2014 10:33:52 -0400 + diff --git a/dirmngr.README.Debian b/dirmngr.README.Debian new file mode 100644 index 0000000..099240a --- /dev/null +++ b/dirmngr.README.Debian @@ -0,0 +1,47 @@ +dirmngr system integration +========================== + +Since 2.1.x, gpg and most related processes will auto-launch dirmngr +if needed. These auto-launched processes will inherit whatever +environment they started from, and they will not terminate +automatically. + +systemd +======= + +Since 2.1.17, users on machines with systemd will have a dirmngr +process launched automatically by systemd's user session, upon first +access of the standard socket. systemd will also cleanly tear this +process down at session logout. + +Users who don't want systemd to manage their dirmngr in this way for +all future sessions should do: + + systemctl --user mask --now dirmngr.socket + +Doing this means that dirmngr will fall back to its manual mode of +operation. (This decision can be reversed by the user with "unmask" +instead of "mask") + +See systemctl(1) for more details about managing the dirmngr.socket +unit. + +Manual dirmngr startup and teardown +=================================== + +Any user who wants to launch dirmngr manually (e.g., to talk to it +with a tool from outside the GnuPG suite) and is *not* using systemd +should first ensure that it is launched with: + + gpgconf --launch dirmngr + +If dirmngr is launched manually or automatically (but not supervised +by systemd), you also probably want to ensure that it terminates when +your session ends with: + + gpgconf --kill dirmngr + +If you're not using systemd, you may wish to add this command to your +session logout scripts. + + -- Daniel Kahn Gillmor , Mon, 23 Jan 2017 22:49:45 -0500 diff --git a/dirmngr.docs b/dirmngr.docs new file mode 100644 index 0000000..61e3257 --- /dev/null +++ b/dirmngr.docs @@ -0,0 +1,5 @@ +AUTHORS +NEWS +THANKS +TODO +doc/KEYSERVER diff --git a/dirmngr.install b/dirmngr.install new file mode 100644 index 0000000..4bd9ed2 --- /dev/null +++ b/dirmngr.install @@ -0,0 +1,6 @@ +debian/tmp/usr/bin/dirmngr +debian/tmp/usr/bin/dirmngr-client +debian/tmp/usr/lib/gnupg/dirmngr_ldap +debian/tmp/usr/share/gnupg/sks-keyservers.netCA.pem +doc/examples/systemd-user/dirmngr.service usr/lib/systemd/user +doc/examples/systemd-user/dirmngr.socket usr/lib/systemd/user diff --git a/dirmngr.links b/dirmngr.links new file mode 100644 index 0000000..ca801e7 --- /dev/null +++ b/dirmngr.links @@ -0,0 +1 @@ +usr/lib/systemd/user/dirmngr.socket /usr/lib/systemd/user/sockets.target.wants/dirmngr.socket diff --git a/dirmngr.maintscript b/dirmngr.maintscript new file mode 100644 index 0000000..aa11aa5 --- /dev/null +++ b/dirmngr.maintscript @@ -0,0 +1,5 @@ +rm_conffile /etc/default/dirmngr +rm_conffile /etc/dirmngr/dirmngr.conf +rm_conffile /etc/dirmngr/ldapservers.conf +rm_conffile /etc/init.d/dirmngr +rm_conffile /etc/logrotate.d/dirmngr diff --git a/dirmngr.manpages b/dirmngr.manpages new file mode 100644 index 0000000..93702d9 --- /dev/null +++ b/dirmngr.manpages @@ -0,0 +1,2 @@ +debian/tmp/usr/share/man/man1/dirmngr-client.1 +debian/tmp/usr/share/man/man8/dirmngr.8 diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..346cf5c --- /dev/null +++ b/gbp.conf @@ -0,0 +1,37 @@ +[DEFAULT] +debian-branch = debian/buster +pristine-tar = True +upstream-vcs-tag = gnupg-%(version)s + +[import-orig] +filter = [ + 'aclocal.m4', + 'build-aux/compile', + 'build-aux/config.rpath', + 'build-aux/depcomp', + 'build-aux/install-sh', + 'build-aux/missing', + 'build-aux/mkinstalldirs', + 'build-aux/texinfo.tex', + 'config.h.in', + 'configure', + 'doc/gnupg.info*', + 'INSTALL', + 'm4/intdiv0.m4', + 'm4/intl.m4', + 'm4/lock.m4', + 'm4/printf-posix.m4', + 'm4/size_max.m4', + 'm4/uintmax_t.m4', + 'm4/wint_t.m4', + '*/*/Makefile.in', + '*/Makefile.in', + 'Makefile.in', + 'po/*.gmo', + 'po/Makefile.in.in', + 'po/stamp-po', + ] +filter-pristine-tar = False + +[pq] +patch-numbers = False diff --git a/gnupg-l10n.install b/gnupg-l10n.install new file mode 100644 index 0000000..9aaad82 --- /dev/null +++ b/gnupg-l10n.install @@ -0,0 +1,2 @@ +debian/tmp/usr/share/gnupg/help.*.txt +debian/tmp/usr/share/locale diff --git a/gnupg-utils.install b/gnupg-utils.install new file mode 100644 index 0000000..2bdddcf --- /dev/null +++ b/gnupg-utils.install @@ -0,0 +1,12 @@ +build-maintainer/g10/gpgcompose usr/bin +build/tools/gpg-zip usr/bin +build/tools/gpgsplit usr/bin +build/tools/gpgtar usr/bin +debian/migrate-pubring-from-classic-gpg usr/bin +debian/tmp/usr/bin/gpgparsemail +debian/tmp/usr/bin/kbxutil +debian/tmp/usr/bin/symcryptrun +debian/tmp/usr/bin/watchgnupg +debian/tmp/usr/sbin/addgnupghome +debian/tmp/usr/sbin/applygnupgdefaults +tools/lspgpot usr/bin diff --git a/gnupg-utils.manpages b/gnupg-utils.manpages new file mode 100644 index 0000000..9ef0abb --- /dev/null +++ b/gnupg-utils.manpages @@ -0,0 +1,12 @@ +debian/gpg-zip.1 +debian/gpgcompose.1 +debian/gpgsplit.1 +debian/kbxutil.1 +debian/lspgpot.1 +debian/migrate-pubring-from-classic-gpg.1 +debian/tmp/usr/share/man/man1/gpgparsemail.1 +debian/tmp/usr/share/man/man1/gpgtar.1 +debian/tmp/usr/share/man/man1/symcryptrun.1 +debian/tmp/usr/share/man/man1/watchgnupg.1 +debian/tmp/usr/share/man/man8/addgnupghome.8 +debian/tmp/usr/share/man/man8/applygnupgdefaults.8 diff --git a/gnupg.README.Debian b/gnupg.README.Debian new file mode 100644 index 0000000..24944d3 --- /dev/null +++ b/gnupg.README.Debian @@ -0,0 +1,44 @@ +Using "Modern" GnuPG +==================== + +As of version 2.1.11-7+exp1, the gnupg package is provided by the "modern" +version of GnuPG. + +This means: + + * supporting daemons are auto-launched as needed + + * all access to secret key material is handled by gpg-agent + + * all smartcard access is handled by scdaemon + + * all network access is handled by dirmngr + + * PGPv3 keys are no longer supported + + * secret keys are no longer stored in $GNUPGHOME/secring.gpg, but + instead in $GNUPGHOME/private-keys-v1.d/ + + * public keyrings are stored in keybox format (~/.gnupg/pubring.kbx) by + default for new users. Upgrading users will continue to use + pubring.gpg until they decide to explicitly convert. + +Converting an existing installation +----------------------------------- + +If you have an existing GnuPG homedir from "classic" GnuPG, secret +keys should be migrated automatically upon the first run of the +"modern" version. + +If you have any secret keys that are stored only in a smartcard, after +your first use of "modern" gpg you should insert the card and run: + + gpg --card-status + + (see https://bugs.debian.org/795881) + +Public keys will not be automatically migrated from pubring.gpg to +pubring.kbx, however. If you want to migrate your public keyring, you +can use a script like /usr/bin/migrate-pubring-from-classic-gpg + + -- Daniel Kahn Gillmor , Mon, 18 Apr 2016 19:08:36 -0400 diff --git a/gnupg.docs b/gnupg.docs new file mode 100644 index 0000000..2b55964 --- /dev/null +++ b/gnupg.docs @@ -0,0 +1,8 @@ +NEWS +README +THANKS +TODO +doc/DETAILS +doc/FAQ +doc/HACKING +doc/OpenPGP diff --git a/gnupg.info b/gnupg.info new file mode 100644 index 0000000..e4baa0f --- /dev/null +++ b/gnupg.info @@ -0,0 +1,3 @@ +debian/tmp/usr/share/info/gnupg.info* +doc/gnupg-card-architecture.png +doc/gnupg-module-overview.png diff --git a/gnupg2.links b/gnupg2.links new file mode 100644 index 0000000..96fde98 --- /dev/null +++ b/gnupg2.links @@ -0,0 +1,2 @@ +usr/bin/gpg usr/bin/gpg2 +usr/share/man/man1/gpg.1.gz usr/share/man/man1/gpg2.1.gz diff --git a/gpg-agent.NEWS b/gpg-agent.NEWS new file mode 100644 index 0000000..69b4e49 --- /dev/null +++ b/gpg-agent.NEWS @@ -0,0 +1,19 @@ +gnupg-agent (2.1.18-1) unstable; urgency=medium + + If your machine is configured with system user session management, + gpg-agent will be managed automatically by systemd's user sessions on + machines configured with use systemd. Please consider installing the + packages that the gnupg-agent package Suggests:, and see + /usr/share/doc/gnupg-agent/README.Debian for more details. + + -- Daniel Kahn Gillmor Mon, 23 Jan 2017 22:54:48 -0500 + +gnupg-agent (2.1.13-3) experimental; urgency=medium + + gpg-agent is no longer auto-launched by + /etc/X11/Xsession.d/90gpg-agent. Please read + /usr/share/doc/gnupg-agent/README.Debian for details about system + integration. + + -- Daniel Kahn Gillmor Tue, 28 Jun 2016 17:29:46 -0400 + diff --git a/gpg-agent.README.Debian b/gpg-agent.README.Debian new file mode 100644 index 0000000..f57d278 --- /dev/null +++ b/gpg-agent.README.Debian @@ -0,0 +1,82 @@ +gpg-agent system integration +============================ + +Since 2.1.x, gpg and most related processes will auto-launch gpg-agent +if needed. These auto-launched processes will inherit whatever +environment they started from, and they will not terminate +automatically. + +systemd +======= + +Since 2.1.17, users on machines with systemd will have their gpg-agent +process launched automatically by systemd's user session, upon first +access of any of the expected gpg-agent sockets (including the ssh +socket). systemd will also cleanly tear this process down at session +logout. + +If dbus-user-session and pinentry-gnome3 packages are installed, then +all user interaction with this systemd-managed gpg-agent process +(e.g. prompting for passwords or confirmations, etc) will take place +over the d-bus session, for better integration with graphical +environments like GNOME. + +Users who don't want systemd to manage their gpg-agent in this way for +all future sessions should do: + + systemctl --user mask --now gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket + +Doing this means that gpg-agent will fall back to its manual mode of +operation. (This decision can be reversed by the user with "unmask" +instead of "mask") + +See systemctl(1) for more details about managing the gpg-agent*.socket +units. + +ssh-agent emulation +=================== + +gpg-agent offers an ssh-agent emulation which can be achieved by +setting the environment variable SSH_AUTH_SOCK to: + + /run/user/$(id -u)/gnupg/S.gpg-agent.ssh + +(replace $(id -u) with the user's numeric user ID, of course). + +But ssh doesn't have a way to tell ssh-agent how to prompt the user +when necessary; the systemd-managed gpg-agent process will only know +how to prompt the user if you have dbus-user-session and +pinentry-gnome3 installed. This is the recommended configuration for +gpg-agent's ssh-agent emulation on desktop machines running systemd, +and doesn't need any additional configuration. + +However, if dbus-user-session and pinentry-gnome3 are not in use, by +default the systemd-managed gpg-agent will not know how to get +feedback from the user when a request is first received by ssh. You +can give it a hint for all future ssh connections by running: + + gpg-connect-agent updatestartuptty /bye + +You may wish to do this in the login scripts for your user session if +you run systemd without dbus-user-session and pinentry-gnome3, and you +plan to use gpg-agent's ssh-agent emulation. + +Manual gpg-agent startup and teardown +===================================== + +Any user who wants to launch gpg-agent manually (e.g., to talk to it +with a tool from outside the GnuPG suite) and is *not* using systemd +should first ensure that it is launched with: + + gpgconf --launch gpg-agent + +If gpg-agent is launched manually or automatically (but not supervised +by systemd), you probably want to ensure that it terminates when your +session ends with: + + gpgconf --kill gpg-agent + +If you're not using systemd, you may wish to add this to your session +logout scripts. + + -- Daniel Kahn Gillmor , Mon, 23 Jan 2017 22:56:08 -0500 diff --git a/gpg-agent.examples b/gpg-agent.examples new file mode 100644 index 0000000..34213be --- /dev/null +++ b/gpg-agent.examples @@ -0,0 +1,2 @@ +doc/examples/pwpattern.list +doc/examples/trustlist.txt diff --git a/gpg-agent.install b/gpg-agent.install new file mode 100644 index 0000000..ae93fb5 --- /dev/null +++ b/gpg-agent.install @@ -0,0 +1,11 @@ +debian/Xsession.d/90gpg-agent etc/X11/Xsession.d +debian/systemd-environment-generator/90gpg-agent usr/lib/systemd/user-environment-generators +debian/tmp/usr/bin/gpg-agent +debian/tmp/usr/lib/gnupg/gpg-check-pattern +debian/tmp/usr/lib/gnupg/gpg-preset-passphrase +debian/tmp/usr/lib/gnupg/gpg-protect-tool +doc/examples/systemd-user/gpg-agent-browser.socket usr/lib/systemd/user +doc/examples/systemd-user/gpg-agent-extra.socket usr/lib/systemd/user +doc/examples/systemd-user/gpg-agent-ssh.socket usr/lib/systemd/user +doc/examples/systemd-user/gpg-agent.service usr/lib/systemd/user +doc/examples/systemd-user/gpg-agent.socket usr/lib/systemd/user diff --git a/gpg-agent.links b/gpg-agent.links new file mode 100644 index 0000000..90f6ce1 --- /dev/null +++ b/gpg-agent.links @@ -0,0 +1,6 @@ +usr/lib/gnupg/gpg-preset-passphrase usr/lib/gnupg2/gpg-preset-passphrase +usr/lib/gnupg/gpg-protect-tool usr/lib/gnupg2/gpg-protect-tool +usr/lib/systemd/user/gpg-agent-browser.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-browser.socket +usr/lib/systemd/user/gpg-agent-extra.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-extra.socket +usr/lib/systemd/user/gpg-agent-ssh.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent-ssh.socket +usr/lib/systemd/user/gpg-agent.socket usr/lib/systemd/user/sockets.target.wants/gpg-agent.socket diff --git a/gpg-agent.logcheck.ignore.server b/gpg-agent.logcheck.ignore.server new file mode 100644 index 0000000..a2f2130 --- /dev/null +++ b/gpg-agent.logcheck.ignore.server @@ -0,0 +1,11 @@ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG network certificate management daemon\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(access for web browsers\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Listening on GnuPG cryptographic agent \(ssh-agent emulation\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG network certificate management daemon\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent and passphrase cache \(restricted\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(ssh-agent emulation\)\.$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Closed GnuPG cryptographic agent \(access for web browsers\)\.$ + diff --git a/gpg-agent.manpages b/gpg-agent.manpages new file mode 100644 index 0000000..ca2e72f --- /dev/null +++ b/gpg-agent.manpages @@ -0,0 +1,3 @@ +debian/gpg-check-pattern.1 +debian/tmp/usr/share/man/man1/gpg-agent.1 +debian/tmp/usr/share/man/man1/gpg-preset-passphrase.1 diff --git a/gpg-check-pattern.1 b/gpg-check-pattern.1 new file mode 100644 index 0000000..0714faf --- /dev/null +++ b/gpg-check-pattern.1 @@ -0,0 +1,36 @@ +.TH GPG-CHECK-PATTERN "1" "March 2016" "gpg-check-pattern (GnuPG) 2.1.11" "User Commands" + +.SH NAME +gpg-check-pattern \- Check a passphrase on stdin against the patternfile + +.SH SYNOPSIS +.B gpg\-check\-pattern +.RI [ options ] +.I patternfile + +.SH DESCRIPTION +.B gpg\-check\-pattern +checks a passphrase given on stdin against a specified patternfile. + +.SH OPTIONS +.TP +.BR \-v ", " \-\-verbose +Produce verbose output +.TP +.B \-\-check +run only a syntax check on the patternfile +.TP +.BR \-0 ", " \-\-null +input is expected to be null delimited +.PP +Please report bugs to . + +.SH COPYRIGHT +Copyright \(co 2016 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian +distribution (but may be used by others). diff --git a/gpg-wks-client.1 b/gpg-wks-client.1 new file mode 100644 index 0000000..9cd70d5 --- /dev/null +++ b/gpg-wks-client.1 @@ -0,0 +1,178 @@ +.TH GPG\-WKS\-CLIENT "1" "May 2017" "gpg-wks-client (GnuPG) 2.1.20" "User Commands" + +.SH NAME +gpg\-wks\-client \- Client for the Web Key Service + +.SH SYNOPSIS +.B gpg\-wks\-client +.RB [ COMMAND ] +.RB [ OPTIONS ] +.RB [ ARGS ] + +.SH DESCRIPTION +.B gpg\-wks\-client +is a simple command line client for the Web Key Service. The executable +is usually located in /usr/lib/gnupg. +. +It allows a user to create a publication request and to respond to a +received confirmation request. Communication with the Web Key Service +is done via email. +. +It also can lookup the fingerprint of a USER\-ID in the Web Key +Directory. + +.SH COMMANDS +.TP +.B \-\-supported USER\-ID +Check whether provider of the given USER\-ID supports the Web Key +Service protocol, i.e. whether it has a Web Key Directory providing a +submission address. +.IP +Similar to: +.IP +.nf +.RS 12 +gpg\-connect\-agent \-\-dirmngr 'WKD_GET \-\-submission\-address \-\- USER\-ID' /bye +.RE +.fi +.TP +.B \-\-check USER\-ID +Check whether a key is available, and whether the listed key is valid +for the requested USER\-ID. +. +You might want to use +.IP +.nf +.RS 12 +gpg \-v \-\-auto\-key\-locate=clear,wkd,nodefault \-\-locate\-key USER\-ID +.RE +.fi +.IP +instead. +.TP +.B \-\-create FINGERPRINT USER\-ID +Create a publication request for the USER\-ID in the key with the given +FINGERPRINT. List all possible keys (including the fingerprint) for a +USER\-ID with: +.IP +.nf +.RS 12 +gpg --list-key USER\-ID +.RE +.fi +.IP +By default the publication request will be printed to STDOUT. You can +also write it to a file using the +.B \-\-output +option or send it using sendmail with the +.B \-\-send +option. +.TP +.B \-\-receive +Receive a MIME confirmation request on STDIN and acknowledge it. +.IP +By default the confirmation response will be printed to STDOUT. You can +also write it to a file using the +.B \-\-output +option or send it using sendmail with the +.B \-\-send +option. +.TP +.B \-\-read +Receive a plain text confirmation request. Similar to +.BR \-\-receive , +but takes only the message body on STDIN. +.TP +.B \-\-version +Show program version and some meta information. +.TP +.BR \-h ", " \-\-help +Output a short usage information. +.TP +.B \-\-warranty +Print warranty information. +.TP +.B \-\-dump-options +Dump all available options and commands. + +.SH OPTIONS +.TP +.BR \-v ", " \-\-verbose +Enable verbose output. +.TP +.BR \-q ", " \-\-quiet +Be somewhat more quiet. +.TP +.B \-\-send +Send the mail using sendmail. +.TP +.BR \-o ", " \-\-output " \fIFILE\fR" +Write the mail to FILE. +.TP +.BI \-\-status\-fd " FD" +Write status info to this FD. +.TP +.B \-\-debug +Set debugging flags. All flags are or-ed and flags may be given in C +syntax (e.g. 0x0042) or as a comma separated list of flag names. To get +a list of all supported flags the single word "help" can be used. +.TP +.BI \-\-gpg " GPG" +Use the specified command instead of +.BR gpg . +.TP +.BI \-\-fake\-submission\-addr " MAILADDR" +Send mail to MAILADDR instead of the submission address queried through +Web Key Service. + +.SH EXAMPLES +.SS Send a publication request +First find the fingerprint (a long string of hex digits) of the key you +want to publish: +.P +.nf +.RS 4 +gpg \-\-list\-key "Alice " +.RE +.fi +.P +Now create and send the publication request: +.P +.nf +.RS 4 +/usr/lib/gnupg/gpg\-wks\-client \-\-create \-\-send 0123456789ABCDEF0123456789ABCDEF01234567 "Alice " +.RE +.fi +.P +Instead of \fI"Alice "\fR you can also just give \fIalice@example.com\fR. +.P +.SS Confirm a confirmation request +Paste the full mail containing the confirmation request (including +headers) you got from the Web Key Service on STDIN after starting: +.P +.nf +.RS 4 +/usr/lib/gnupg/gpg\-wks\-client \-\-receive \-\-send +.RE +.fi + +.SH SEE ALSO +.IP \(em 4 +Latest draft for the protocol: + +.IP \(em 4 +GnuPG on Web Key Service: + + +.SH BUGS +Please report bugs to . + +.SH COPYRIGHT +Copyright \(co 2017 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +This manpage was written by \fBStefan Bühler\fR for the Debian +distribution (but may be used by others). diff --git a/gpg-wks-client.install b/gpg-wks-client.install new file mode 100644 index 0000000..1b331dd --- /dev/null +++ b/gpg-wks-client.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/gnupg/gpg-wks-client diff --git a/gpg-wks-client.manpages b/gpg-wks-client.manpages new file mode 100644 index 0000000..d2edd3e --- /dev/null +++ b/gpg-wks-client.manpages @@ -0,0 +1 @@ +debian/gpg-wks-client.1 diff --git a/gpg-wks-server.1 b/gpg-wks-server.1 new file mode 100644 index 0000000..4c01128 --- /dev/null +++ b/gpg-wks-server.1 @@ -0,0 +1,180 @@ +.TH GPG\-WKS\-SERVER "1" "May 2017" "gpg-wks-server (GnuPG) 2.1.20" "User Commands" + +.SH NAME +gpg\-wks\-server \- Server for the Web Key Service + +.SH SYNOPSIS +.B gpg\-wks\-server +.RB [ COMMAND ] +.RB [ OPTIONS ] +.RB [ ARGS ] + +.SH DESCRIPTION +.B gpg\-wks\-server +is a server for the Web Key Service. It can handle incoming mails with +the +.B \-\-receive +command. +.P +See the EXAMPLES section for procmail and crontab configurations. +.P +You also need a webserver configured to alias requests to +.I /.well\-known/openpgp/ +and below to the +.I /var/lib/gnupg/wks// +directory. + +.SH COMMANDS +.TP +.B \-\-receive +Receive a submission or confirmation. +.TP +.B \-\-cron +Run regular jobs. +.TP +.B \-\-list\-domains +List configured domains, and checks some file and directory permissions. +.TP +.B \-\-version +Show program version and some meta information. +.TP +.BR \-h ", " \-\-help +Output a short usage information. +.TP +.B \-\-warranty +Print warranty information. +.TP +.B \-\-dump-options +Dump all available options and commands. + +.SH OPTIONS +.TP +.BR \-v ", " \-\-verbose +Enable verbose output. +.TP +.BR \-q ", " \-\-quiet +Be somewhat more quiet. +.TP +.B \-\-send +Send the mail using sendmail. +.TP +.BR \-o ", " \-\-output " \fIFILE\fR" +Write the mail to FILE. +.TP +.BI \-\-from " ADDR" +Use ADDR as the default sender. +.TP +.BI \-\-header " NAME=VALUE" +Add "NAME: VALUE" as header to all mails. +.IP +Can be used to add a header for loop detections, see procmail example. +.TP +.B \-\-debug +Set debugging flags. All flags are or-ed and flags may be given in C +syntax (e.g. 0x0042) or as a comma separated list of flag names. To get +a list of all supported flags the single word "help" can be used. +.TP +.BI \-\-gpg " GPG" +Use the specified command instead of +.BR gpg . + +.SH DIRECTORIES +.TP +.B /var/lib/gnupg/wks/ +Contains a subdirectory for each domain to run the server for. Each +subdirectory is supposed to contain what should show up on +.BR https://.../.well\-known/openpgp/ . +.IP +The user running +.B gpg\-wks\-server +needs write access to these subdirectories. + +.SH EXAMPLES +.SS ~/.procmailrc +Store received emails in +.B ~/Mail/ +(create it manually first), uses \fIFrom: key\-submission@example.com\fR and +\fIX\-WKS\-Loop: example.com\fR as loop detection: +.P +.nf +.RS 4 +MAILDIR=$HOME/Mail +LOGFILE=$HOME/Mail/from +LOCKFILE=$HOME/Mail/.lockmail +VERBOSE=yes + +# filter out FROM_DAEMON mails (bounces, ...) into separate mailbox +:0 +* ^FROM_DAEMON +from\-daemon/ + +# archive (copy!) all "normal" mails +:0 c +archive/ + +# if not in a loop: handle mails with gpg\-wks\-server +:0 w +* !^From: key\-submission@example.com +* !^X\-WKS\-Loop: example.com +|gpg\-wks\-server \-v \-\-receive \\ + \-\-header X\-WKS\-Loop=example.com \\ + \-\-from key\-submission@example.com \-\-send + +# if handling failed: store in separate mailbox +:0 e +cruft/ +.RE +.fi + +.SS ~/.forward +In case procmail is not used automatically the following +.B ~/.forward +file might be useful: +.P +.nf +.RS 4 +"|exec /usr/bin/procmail || exit 75" +.RE +.fi +.P +The double quotes are supposed to be included in the file! + +.SS crontab +You should run the +.B \-\-cron +command once a day. Edit the crontab with +.P +.nf +.RS 4 +crontab \-e +.RE +.fi +.P +and append the following line: +.P +.nf +.RS 4 +42 3 * * * gpg\-wks\-server \-\-cron +.RE +.fi + +.SH SEE ALSO +.IP \(em 4 +Latest draft for the Web Key Service protocol: + +.IP \(em 4 +GnuPG on Web Key Service: + + +.SH BUGS +Please report bugs to . + +.SH COPYRIGHT +Copyright \(co 2017 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +This manpage was written by \fBStefan Bühler\fR for the Debian +distribution (but may be used by others). diff --git a/gpg-wks-server.install b/gpg-wks-server.install new file mode 100644 index 0000000..c18c2e7 --- /dev/null +++ b/gpg-wks-server.install @@ -0,0 +1 @@ +debian/tmp/usr/bin/gpg-wks-server diff --git a/gpg-wks-server.manpages b/gpg-wks-server.manpages new file mode 100644 index 0000000..5bd206c --- /dev/null +++ b/gpg-wks-server.manpages @@ -0,0 +1 @@ +debian/gpg-wks-server.1 diff --git a/gpg-zip.1 b/gpg-zip.1 new file mode 100644 index 0000000..c20f770 --- /dev/null +++ b/gpg-zip.1 @@ -0,0 +1,106 @@ +.TH "GPG\-ZIP" 1 "November 2006" + +.SH NAME +gpg\-zip \- encrypt or sign files into an archive + +.SH SYNOPSIS +.B gpg\-zip +.RB [ OPTIONS ] +.IR filename1 " [" "filename2, ..." ] +.IR directory1 " [" "directory2, ..." ] + +.SH DESCRIPTION +This manual page documents briefly the +.B gpg\-zip +command. +.PP +.B gpg\-zip +IS DEPRECATED. PLEASE USE gpgtar(1) instead. +.PP +.B gpg\-zip +encrypts or signs files into an archive. It is an gpg-ized tar using the +same format as PGP's PGP Zip. + +.SH OPTIONS +.TP +.BR \-e ", " \-\-encrypt +Encrypt data. This option may be combined with +.B \-\-symmetric +(for output that may be decrypted via a secret key or a passphrase). +.TP +.BR \-d ", " \-\-decrypt +Decrypt data. +.TP +.BR \-c ", " \-\-symmetric +Encrypt with a symmetric cipher using a passphrase. The default +symmetric cipher used is CAST5, but may be chosen with the +.B \-\-cipher\-algo +option to +.BR gpg (1). +.TP +.BR \-s ", " \-\-sign +Make a signature. See +.BR gpg (1). +.TP +.BR \-r ", " \-\-recipient " \fIUSER\fR" +Encrypt for user id \fIUSER\fR. See +.BR gpg (1). +.TP +.BR \-u ", " \-\-local\-user " \fIUSER\fR" +Use \fIUSER\fR as the key to sign with. See +.BR gpg (1). +.TP +.B \-\-list\-archive +List the contents of the specified archive. +.TP +.BR \-o ", " \-\-output " " \fIFILE\fR" +Write output to specified file +.IR FILE . +.TP +.BI \-\-gpg " GPG" +Use the specified command instead of +.BR gpg . +.TP +.BI \-\-gpg\-args " ARGS" +Pass the specified options to +.BR gpg (1). +.TP +.BI \-\-tar " TAR" +Use the specified command instead of +.BR tar . +.TP +.BI \-\-tar\-args " ARGS" +Pass the specified options to +.BR tar (1). +.TP +.BR \-h ", " \-\-help +Output a short usage information. +.TP +.B \-\-version +Output the program version. + +.SH DIAGNOSTICS +The program returns \fB0\fR if everything was fine, \fB1\fR otherwise. + +.SH EXAMPLES +Encrypt the contents of directory \fImydocs\fR for user Bob to file \fItest1\fR: +.IP +.B gpg\-zip \-\-encrypt \-\-output test1 \-\-gpg-args ""\-r Bob"" mydocs +.PP +List the contents of archive \fItest1\fR: +.IP +.B gpg\-zip \-\-list\-archive test1 + +.SH SEE ALSO +.BR gpg (1), +.BR gpgtar (1), +.BR tar (1) + +.SH AUTHOR +Copyright (C) 2005 Free Software Foundation, Inc. Please report bugs to +<\&bug-gnupg@gnu.org\&>. + +This manpage was written by \fBColin Tuckley\fR <\&colin@tuckley.org\&> +and \fBDaniel Leidert\fR <\&daniel.leidert@wgdd.de\&> for the Debian +distribution (but may be used by others). + diff --git a/gpg.install b/gpg.install new file mode 100644 index 0000000..0b53564 --- /dev/null +++ b/gpg.install @@ -0,0 +1 @@ +debian/tmp/usr/bin/gpg diff --git a/gpg.manpages b/gpg.manpages new file mode 100644 index 0000000..7c47415 --- /dev/null +++ b/gpg.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man1/gpg.1 diff --git a/gpgcompose.1 b/gpgcompose.1 new file mode 100644 index 0000000..f92fb05 --- /dev/null +++ b/gpgcompose.1 @@ -0,0 +1,56 @@ +.TH "gpgcompose" 1 "June 2017" + +.SH NAME +gpgcompose \- Generate a stream of OpenPGP packets + +.SH SYNOPSIS +.B gpgcompose +.RI [[ OPTION +.RI [ ARGS ]] +\&... ] + +.B gpgcompose --help + +.B gpgcompose +.I OPTION +.B --help + +.SH DESCRIPTION +.B gpgcompose +generates a stream of OpenPGP packets, including some which can +include other nested packets within a layer of encryption. The syntax +on the command line isn't stable enough to document currently, but +additional hints and examples can be found from the command line using +.BR \-\-help . + +.SH EXTERNAL DEPENDENCIES + +.B gpgcompose +is not capable of performing secret key operations on its own. +Creation of any OpenPGP object that requires secret key operations +(e.g., +.BR \-\-signature ) +will need to speak to an already-running +.BR gpg-agent . + +.SH FILES + +Occasionally, +.B gpgcompose +will need to look up existing public keys for reference (e.g., +.BR \-\-public-key ). +It will do so in +.BR ~/.gnupg/keyring.kbx, +or in +.B $GNUPGHOME/keyring.kbx +if that variable is set. + +.SH SEE ALSO + +RFC 4880, gpg(1), gpg-agent(1), gpg-connect-agent(1) + +.SH AUTHOR +gpgcompose is copyright (C) 2016, g10 Code GmbH. + +This manpage was written by Daniel Kahn Gillmor . + diff --git a/gpgconf.examples b/gpgconf.examples new file mode 100644 index 0000000..3e74b94 --- /dev/null +++ b/gpgconf.examples @@ -0,0 +1 @@ +doc/examples/gpgconf.conf diff --git a/gpgconf.install b/gpgconf.install new file mode 100644 index 0000000..398d8a6 --- /dev/null +++ b/gpgconf.install @@ -0,0 +1,3 @@ +debian/tmp/usr/bin/gpg-connect-agent +debian/tmp/usr/bin/gpgconf +debian/tmp/usr/share/gnupg/distsigkey.gpg diff --git a/gpgconf.manpages b/gpgconf.manpages new file mode 100644 index 0000000..70bb0d7 --- /dev/null +++ b/gpgconf.manpages @@ -0,0 +1,2 @@ +debian/tmp/usr/share/man/man1/gpg-connect-agent.1 +debian/tmp/usr/share/man/man1/gpgconf.1 diff --git a/gpgsm.install b/gpgsm.install new file mode 100644 index 0000000..8822607 --- /dev/null +++ b/gpgsm.install @@ -0,0 +1 @@ +debian/tmp/usr/bin/gpgsm diff --git a/gpgsm.manpages b/gpgsm.manpages new file mode 100644 index 0000000..ad6a686 --- /dev/null +++ b/gpgsm.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man1/gpgsm.1 diff --git a/gpgsplit.1 b/gpgsplit.1 new file mode 100644 index 0000000..116ce89 --- /dev/null +++ b/gpgsplit.1 @@ -0,0 +1,41 @@ +.TH "gpgsplit" 1 "December 2005" + +.SH NAME +gpgsplit \- Split an OpenPGP message into packets + +.SH SYNOPSIS +.B gpgsplit +.RI [ OPTIONS ] +.RI [ FILES ] + +.SH DESCRIPTION +This manual page documents briefly the +.B gpgsplit +command. +.PP +.B gpgsplit +splits an OpenPGP message into packets. + +.SH OPTIONS +.TP +.BR \-v , \-\-verbose +Verbose. +.TP +.BR \-p , "\-\-prefix " \fISTRING\fR +Prepend filenames with \fISTRING\fR. +.TP +.B \-\-uncompress +Uncompress a packet. +.TP +.B \-\-secret\-to\-public +Convert secret keys to public keys. +.TP +.B \-\-no\-split +Write to stdout and don't actually split. + +.SH AUTHOR +Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to +. + +This manpage was written by Francois Wendling . + diff --git a/gpgv-static.1 b/gpgv-static.1 new file mode 100644 index 0000000..c8dcc1a --- /dev/null +++ b/gpgv-static.1 @@ -0,0 +1,32 @@ +.TH GPGV-STATIC "1" "November 2016" "GnuPG" "Gnu Privacy Guard 2.1" + +.SH NAME +gpgv-static - Verify OpenPGP signatures (static build) + +.SH SYNOPSIS +.B gpgv-static [\fIoptions\fP] \fIsigned_files\fP + +.SH DESCRIPTION +\fBgpgv\fR is an OpenPGP signature verification tool. + +\fBgpgv-static\fR is \fBgpgv\fR built statically so that it can be +directly used on any platform that is running on the Linux kernel, +such as Android, ChromeOS, or many embedded Linux systems. + +This version of \fBgpgv\fR in combination with \fBdebootstrap\fR and +the Debian archive keyring allows the secure creation of chroot +installs on these platforms by using the full Debian signature +verification that is present in all official Debian mirrors. + +You may wish to re-name the binary to plain \fBgpgv\fR when +transferring it into such a platform to create a chroot. + +Please read the documentation for \fBgpgv\fR for more details. + +.SH SEE ALSO +\fBgpg\fR(1) + +.SH AUTHOR +This manual page was written by Daniel Kahn Gillmor + for the Debian project, but may be used by +others under the same license as GnuPG itself. diff --git a/gpgv-static.install b/gpgv-static.install new file mode 100644 index 0000000..adb6deb --- /dev/null +++ b/gpgv-static.install @@ -0,0 +1 @@ +build-gpgv-static/g10/gpgv-static usr/bin/ diff --git a/gpgv-static.lintian-overrides b/gpgv-static.lintian-overrides new file mode 100644 index 0000000..fa0b8df --- /dev/null +++ b/gpgv-static.lintian-overrides @@ -0,0 +1,3 @@ +# gpgv-static is deliberately built statically. We cannot avoid +# embedding zlib. +gpgv-static: embedded-library usr/bin/gpgv-static: zlib diff --git a/gpgv-static.manpages b/gpgv-static.manpages new file mode 100644 index 0000000..e3f73aa --- /dev/null +++ b/gpgv-static.manpages @@ -0,0 +1 @@ +debian/gpgv-static.1 diff --git a/gpgv-udeb.install b/gpgv-udeb.install new file mode 100644 index 0000000..fe27533 --- /dev/null +++ b/gpgv-udeb.install @@ -0,0 +1 @@ +build-gpgv-udeb/g10/gpgv usr/bin/ diff --git a/gpgv-win32.install b/gpgv-win32.install new file mode 100644 index 0000000..cf3cd8c --- /dev/null +++ b/gpgv-win32.install @@ -0,0 +1 @@ +build-gpgv-win32/g10/gpgv.exe usr/share/win32 diff --git a/gpgv.install b/gpgv.install new file mode 100644 index 0000000..0a9f9a2 --- /dev/null +++ b/gpgv.install @@ -0,0 +1 @@ +debian/tmp/usr/bin/gpgv diff --git a/gpgv.manpages b/gpgv.manpages new file mode 100644 index 0000000..86a9e29 --- /dev/null +++ b/gpgv.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man1/gpgv.1 diff --git a/gpgv2.links b/gpgv2.links new file mode 100644 index 0000000..5107429 --- /dev/null +++ b/gpgv2.links @@ -0,0 +1,2 @@ +usr/bin/gpgv usr/bin/gpgv2 +usr/share/man/man1/gpgv.1.gz usr/share/man/man1/gpgv2.1.gz diff --git a/kbxutil.1 b/kbxutil.1 new file mode 100644 index 0000000..d59f1fe --- /dev/null +++ b/kbxutil.1 @@ -0,0 +1,62 @@ +.TH KBXUTIL "1" "March 2016" "kbxutil (GnuPG) 2.1.11" "User Commands" + +.SH NAME +kbxutil \- List, export, import Keybox data + +.SH SYNOPSIS +.B kbxutil +.RB [ OPTIONS ] +.RB [ FILES ] + +.SH DESCRIPTION +List, export, import Keybox data + +.SH COMMANDS +.TP +.B \-\-stats +show key statistics +.TP +.B \-\-import\-openpgp +import OpenPGP keyblocks +.TP +.B \-\-find\-dups +find duplicates +.TP +.B \-\-cut +export records + +.SH OPTIONS +.TP +.BI \-\-from " N" +first record to export +.TP +.BI \-\-to " N" +last record to export +.TP +.BR \-v ", " \-\-verbose +verbose +.TP +.BR \-q ", " \-\-quiet +be somewhat more quiet +.TP +.BR \-n ", " \-\-dry\-run +do not make any changes +.TP +.B \-\-debug +set debugging flags +.TP +.B \-\-debug\-all +enable full debugging + +.SH BUGS +Please report bugs to . + +.SH COPYRIGHT +Copyright \(co 2016 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later + +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. + +This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian +distribution (but may be used by others). diff --git a/lspgpot.1 b/lspgpot.1 new file mode 100644 index 0000000..ba27eca --- /dev/null +++ b/lspgpot.1 @@ -0,0 +1,22 @@ +.TH "lspgpot" 1 "December 2005" + +.SH NAME +lspgpot - extracts the ownertrust values from PGP keyrings and list them in +GnuPG ownertrust format. + + +.SH SYNOPSIS +.B lspgpot + + +.SH DESCRIPTION +.B lspgpot +extracts the ownertrust values from PGP keyrings and list them in +GnuPG ownertrust format. + +.SH AUTHOR +Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to +. + +This manpage was written by Francois Wendling . + diff --git a/migrate-pubring-from-classic-gpg b/migrate-pubring-from-classic-gpg new file mode 100755 index 0000000..ecbc8d9 --- /dev/null +++ b/migrate-pubring-from-classic-gpg @@ -0,0 +1,108 @@ +#!/bin/bash + +# script to migrate fully from pubring.gpg to pubring.kbx + +# Author: Daniel Kahn Gillmor +# Date: 2016-04-01 +# License: GPLv3+ + +# This was written for the Debian project + +set -e + +GPG="${GPG:-gpg}" + +# select the default GnuPG home directory to work from: +GHD=${GNUPGHOME:-${HOME:-$(getent passwd "$(id -u)" | cut -f6 -d:)}/.gnupg} + +# Check that this is gnupg 2.1 or 2.2: +VERSION=$("$GPG" --version | head -n1 | cut -f3 -d\ | cut -f1,2 -d.) +if [ "$VERSION" != 2.1 ] && [ "$VERSION" != 2.2 ] ; then + printf '%s is version %s not version 2.1 or 2.2, this script might be wrong\n' "$GPG" "$VERSION" >&2 + exit 1 +fi + +usage() { + printf 'Usage: %s [GPGHOMEDIR|--default] +\tMigrate public keyring in GPGHOMEDIR from "classic" to "modern" GnuPG +\tusing %s version %s. + +\t--default migrates the GnuPG home directory at "%s" +' "$0" "$GPG" "$VERSION" "$GHD" +} + +if [ -z "$1" ]; then + usage >&2 + exit 1 +else + case "$1" in + --help|--usage|-h) + usage + exit + ;; + --default) + ;; + *) + GHD="$1" + ;; + esac +fi + +GPG=("$GPG" --homedir "$GHD" --batch) + +# ensure that there is a pubring.gpg to migrate: +if ! [ -f "$GHD/pubring.gpg" ]; then + printf 'There is no %s/pubring.gpg, no need to migrate\n' "$GHD" >&2 + exit +fi +if ! [ -s "$GHD/pubring.gpg" ]; then + mv -- "$GHD/pubring.gpg" "$GHD/pubring.gpg.empty" + printf '%s/pubring.gpg was empty (and has been moved out of the way), no need to migrate\n' "$GHD" >&2 + exit +fi + +BACKUP="$(mktemp -d "$GHD/migrate-from-classic-backup.$(date +%F).XXXXXX")" +printf 'Migrating from:\n%s\n[Backing up to %s]\n' "$(ls -l "$GHD/pubring.gpg")" "$BACKUP" >&2 + +"${GPG[@]}" --export-ownertrust > "$BACKUP/ownertrust.txt" +mv "$GHD/pubring.gpg" "$BACKUP/" + +revert() { + printf >&2 'Restoring pubring.gpg...\n' + cp "$BACKUP/pubring.gpg" "$GHD/pubring.gpg" +} + +trap revert EXIT + +if ! "${GPG[@]}" --status-file "$BACKUP/import-status" --import-options import-local-sigs,keep-ownertrust,repair-pks-subkey-bug --import < "$BACKUP/pubring.gpg" ; then + cat >&2 <&2 <&2 diff --git a/migrate-pubring-from-classic-gpg.1 b/migrate-pubring-from-classic-gpg.1 new file mode 100644 index 0000000..7cbeec7 --- /dev/null +++ b/migrate-pubring-from-classic-gpg.1 @@ -0,0 +1,94 @@ +.TH "MIGRATE-PUBRING-FROM-CLASSIC-GPG" 1 "April 2016" + +.SH NAME +migrate\-pubring\-from\-classic\-gpg \- Migrate a public keyring from "classic" to "modern" GnuPG + +.SH SYNOPSIS +.B migrate\-pubring\-from\-classic\-gpg +.RB "[ " GPGHOMEDIR " | " +.IR \-\-default " ]" + +.SH DESCRIPTION + +.B migrate\-pubring\-from\-classic\-gpg +migrates the public keyring in GnuPG home directory GPGHOMEDIR from +the "classic" keyring format (pubring.gpg) to the "modern" keybox format using GnuPG +versions 2.1 or 2.2 (pubring.kbx). + +Specifying +.B \-\-default +selects the standard GnuPG home directory (looking at $GNUPGHOME +first, and falling back to ~/.gnupg if unset. + +.SH OPTIONS +.BR \-h ", " \-\-help ", " \-\-usage +Output a short usage information. + +.SH DIAGNOSTICS +The program sends quite a bit of text (perhaps too much) to stderr. + +During a migration, the tool backs up several pieces of data in a +timestamped subdirectory of the GPGHOMEDIR. + +.SH LIMITATIONS +The keybox format rejects a number of OpenPGP certificates that the +"classic" keyring format used to accept. These filters are defensive, +since the certificates rejected are unsafe -- either cryptographically +unsound, or dangerously non-performant. This means that some +migrations may produce warning messages about the migration being +incomplete. This is generally a good thing! + +Known limitations: + +.B Flooded certificates +.RS 4 +Some OpenPGP certificates have been flooded with bogus certifications +as part of an attack on the SKS keyserver network (see +https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-03#section-2.1). + +The keybox format rejects import of any OpenPGP certificate larger +than 5MiB. As of GnuPG 2.2.17, if gpg encounters such a flooded +certificate will retry the import while stripping all third-party +certifications (see "self-sigs-only" in gpg(1)). + +The typical error message when migrating a keyring with a flooded +certificate will be something like: + +.RE +.RS 8 +error writing keyring 'pubring.kbx': Provided object is too large +.RE + +.B OpenPGPv3 public keys (a.k.a. "PGP-2" keys) +.RS 4 +Modern OpenPGP implementations use so-called "OpenPGP v4" public keys. +Older versions of the public key format have serious known problems. +See https://tools.ietf.org/html/rfc4880#section-5.5.2 for more details +about and reasons for v3 key deprecation. + +The keybox format skips v3 keys entirely during migration, and GnuPG +will produce a message like: + +.RE +.RS 8 +skipped PGP-2 keys: 1 +.RE + +.SH ENVIRONMENT VARIABLES + +.B GNUPGHOME +Selects the GnuPG home directory when set and --default is given. + +.B GPG +The name of the +.B gpg +executable (defaults to +.B gpg +). + +.SH SEE ALSO +.BR gpg (1) + +.SH AUTHOR +Copyright (C) 2016 Daniel Kahn Gillmor for the Debian project. Please +report bugs via the Debian BTS. diff --git a/org.gnupg.scdaemon.metainfo.xml b/org.gnupg.scdaemon.metainfo.xml new file mode 100644 index 0000000..e244544 --- /dev/null +++ b/org.gnupg.scdaemon.metainfo.xml @@ -0,0 +1,51 @@ + + + org.gnupg.scdaemon + CC0-1.0 + scdaemon + USB SmartCard Readers + +

+ GnuPG's scdaemon provides access to USB tokens and smartcard + readers that provide cryptographic functionality (e.g. use of + protected secret keys). +

+ + + usb:v046Ap0005d* + usb:v046Ap0010d* + usb:v046Ap003Ed* + usb:v04E6p5111d* + usb:v04E6p5115d* + usb:v04E6p5116d* + usb:v04E6p5117d* + usb:v04E6pE001d* + usb:v04E6pE003d* + usb:v076Bp3821d* + usb:v076Bp6622d* + usb:v08E6p3437d* + usb:v08E6p3438d* + usb:v08E6p3478d* + usb:v08E6p34C2d* + usb:v08E6p34ECd* + usb:v0C4Bp0500d* + usb:v0D46p2012d* + usb:v1050p0111d* + usb:v1050p0112d* + usb:v1050p0115d* + usb:v1050p0116d* + usb:v1050p0404d* + usb:v1050p0405d* + usb:v1050p0406d* + usb:v1050p0407d* + usb:v1A44p0920d* + usb:v1FC9p81E6d* + usb:v20A0p4107d* + usb:v20A0p4108d* + usb:v20A0p4109d* + usb:v20A0p4211d* + usb:v234Bp0000d* + usb:v058Fp9540d* + usb:v0BF8p1006d* + + diff --git a/package-dependencies.dot b/package-dependencies.dot new file mode 100644 index 0000000..8297f78 --- /dev/null +++ b/package-dependencies.dot @@ -0,0 +1,73 @@ +#!/usr/bin/dot + +# interrelationships between binary packages produced by gnupg2 source +# package: + +# it would be good to graph the external dependencies as well. + +digraph gnupg2 { + # odd-duck packages: + node [shape=box]; + gpgv_udeb [label="gpgv-udeb"]; + gpgv_static [label="gpgv-static"]; + gpgv_win32 [label="gpgv-win32"]; + + # meta-packages, transitional packages: + node [shape=diamond]; + gnupg_agent [label="gnupg-agent"]; + gnupg; + gnupg2; + gpgv2; + + + node [shape=ellipse]; + gpg_agent [label="gpg-agent"]; + gpg_wks_server [label="gpg-wks-server"]; + gpg_wks_client [label="gpg-wks-client"]; + gnupg_l10n [label="gnupg-l10n"]; + gnupg_utils [label="gnupg-utils"]; + + + # depends: + edge [color=black]; + gnupg_agent -> gpg_agent; + gpg_agent -> gpgconf; + gpg_wks_server -> gpg; + gpg_wks_server -> gpg_agent; + gpg_wks_client -> gpg; + gpg_wks_client -> gpg_agent; + gpg_wks_client -> dirmngr; + scdaemon -> gpg_agent; + gpgsm -> gpgconf; + gpg -> gpgconf; + gnupg -> dirmngr; + gnupg -> gnupg_l10n; + gnupg -> gnupg_utils; + gnupg -> gpg; + gnupg -> gpg_agent; + gnupg -> gpg_wks_client; + gnupg -> gpg_wks_server; + gnupg -> gpgsm; + gnupg -> gpgv; + gnupg2 -> gnupg; + gpgv2 -> gpgv; + dirmngr -> gpgconf; + + + # recommends: + edge [color=red]; + gpg_agent -> gnupg; + gpg_wks_server -> gnupg; + gpg_wks_client -> gnupg; + gpgsm -> gnupg; + gpg -> gnupg; + dirmngr -> gnupg; + gnupg_utils -> gpg; + gnupg_utils -> gpg_agent; + gnupg_utils -> gpgconf; + gnupg_utils -> gpgsm; + + # suggests: + edge [color=blue]; + gpgv -> gnupg; +} diff --git a/patches/Make-gpg-zip-use-tar-from-PATH.patch b/patches/Make-gpg-zip-use-tar-from-PATH.patch new file mode 100644 index 0000000..2deee94 --- /dev/null +++ b/patches/Make-gpg-zip-use-tar-from-PATH.patch @@ -0,0 +1,27 @@ +From: Daniel Kahn Gillmor +Date: Sun, 18 Nov 2018 17:29:52 -0500 +Subject: Make gpg-zip use tar from $PATH + +Apparently there is no clean way to configure this from ./configure, +and upstream is deprecating gpg-zip anyway. So just force-set tar to +be manually "tar" (meaning, that we should look in the $PATH at +runtime). + +See also https://dev.gnupg.org/T4251 and https://bugs.debian.org/913582 +--- + tools/gpg-zip.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/gpg-zip.in b/tools/gpg-zip.in +index 9047e36..3821f3a 100644 +--- a/tools/gpg-zip.in ++++ b/tools/gpg-zip.in +@@ -23,7 +23,7 @@ + # the GNU or POSIX variant of USTAR. + + VERSION=@VERSION@ +-TAR=@TAR@ ++TAR=tar + GPG=gpg + + usage="\ diff --git a/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch b/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch new file mode 100644 index 0000000..3d0629c --- /dev/null +++ b/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch @@ -0,0 +1,89 @@ +From: Daniel Kahn Gillmor +Date: Tue, 11 Aug 2015 20:28:26 -0400 +Subject: Avoid simple memory dumps via ptrace + +This avoids needing to setgid gpg-agent. It probably doesn't defend +against all possible attacks, but it defends against one specific (and +easy) one. If there are other protections we should do them too. + +This will make it slightly harder to debug the agent because the +normal user won't be able to attach gdb to it directly while it runs. + +The remaining options for debugging are: + + * launch the agent from gdb directly + * connect gdb to a running agent as the superuser + +Upstream bug: https://dev.gnupg.org/T1211 +--- + agent/gpg-agent.c | 8 ++++++++ + configure.ac | 2 +- + scd/scdaemon.c | 9 +++++++++ + 3 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c +index ffd85d1..591f4fd 100644 +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -48,6 +48,9 @@ + # include + #endif + #include ++#ifdef HAVE_PRCTL ++# include ++#endif + + #define GNUPG_COMMON_NEED_AFLOCAL + #include "agent.h" +@@ -1013,6 +1016,11 @@ main (int argc, char **argv ) + + early_system_init (); + ++#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) ++ /* Disable ptrace on Linux without sgid bit */ ++ prctl(PR_SET_DUMPABLE, 0); ++#endif ++ + /* Before we do anything else we save the list of currently open + file descriptors and the signal mask. This info is required to + do the exec call properly. We don't need it on Windows. */ +diff --git a/configure.ac b/configure.ac +index 919ab31..b5a72e6 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1395,7 +1395,7 @@ AC_CHECK_FUNCS([atexit canonicalize_file_name clock_gettime ctermid \ + ftruncate funlockfile getaddrinfo getenv getpagesize \ + getpwnam getpwuid getrlimit getrusage gettimeofday \ + gmtime_r inet_ntop inet_pton isascii lstat memicmp \ +- memmove memrchr mmap nl_langinfo pipe raise rand \ ++ memmove memrchr mmap nl_langinfo pipe prctl raise rand \ + setenv setlocale setrlimit sigaction sigprocmask \ + stat stpcpy strcasecmp strerror strftime stricmp \ + strlwr strncasecmp strpbrk strsep strtol strtoul \ +diff --git a/scd/scdaemon.c b/scd/scdaemon.c +index 8f8a026..e427b9e 100644 +--- a/scd/scdaemon.c ++++ b/scd/scdaemon.c +@@ -36,6 +36,9 @@ + #include + #include + #include ++#ifdef HAVE_PRCTL ++# include ++#endif + + #define GNUPG_COMMON_NEED_AFLOCAL + #include "scdaemon.h" +@@ -438,6 +441,12 @@ main (int argc, char **argv ) + npth_t pipecon_handler; + + early_system_init (); ++ ++#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) ++ /* Disable ptrace on Linux without sgid bit */ ++ prctl(PR_SET_DUMPABLE, 0); ++#endif ++ + set_strusage (my_strusage); + gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); + /* Please note that we may running SUID(ROOT), so be very CAREFUL diff --git a/patches/debian-packaging/avoid-beta-warning.patch b/patches/debian-packaging/avoid-beta-warning.patch new file mode 100644 index 0000000..5cb22e5 --- /dev/null +++ b/patches/debian-packaging/avoid-beta-warning.patch @@ -0,0 +1,44 @@ +From: Debian GnuPG Maintainers +Date: Tue, 14 Apr 2015 10:02:31 -0400 +Subject: avoid-beta-warning + +avoid self-describing as a beta + +Using autoreconf against the source as distributed in tarball form +invariably results in a package that thinks it's a "beta" package, +which produces the "THIS IS A DEVELOPMENT VERSION" warning string. + +since we use dh_autoreconf, i need this patch to avoid producing +builds that announce themselves as DEVELOPMENT VERSIONs. + +See discussion at: + + http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html +--- + autogen.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/autogen.sh b/autogen.sh +index b238550..9b86d3f 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -229,7 +229,7 @@ if [ "$myhost" = "find-version" ]; then + esac + + beta=no +- if [ -e .git ]; then ++ if false; then + ingit=yes + tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) + tmp=$(echo "$tmp" | sed s/^"$package"//) +@@ -245,8 +245,8 @@ if [ "$myhost" = "find-version" ]; then + rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null))) + else + ingit=no +- beta=yes +- tmp="-unknown" ++ beta=no ++ tmp="" + rev="0000000" + rvd="0" + fi diff --git a/patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch b/patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch new file mode 100644 index 0000000..3ca24f8 --- /dev/null +++ b/patches/debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch @@ -0,0 +1,37 @@ +From: Daniel Kahn Gillmor +Date: Mon, 29 Aug 2016 12:34:42 -0400 +Subject: avoid regenerating defsincdate (use shipped file) + +upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am +tries to rewrite doc/defsincdate if it notices that any of the files +have been modified more recently, and it does so assuming that we're +running from a git repo. + +However, we'd rather ship the documents cleanly without regenerating +defsincdate -- we don't have a git repo available (debian builds from +upstream tarballs) and any changes to the texinfo files (e.g. from +debian/patches/) might result in different dates on the files than we +expect after they're applied by dpkg or quilt or whatever, which makes +the datestamp unreproducible. +--- + doc/Makefile.am | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/doc/Makefile.am b/doc/Makefile.am +index d47d83e..c0a81b0 100644 +--- a/doc/Makefile.am ++++ b/doc/Makefile.am +@@ -177,13 +177,6 @@ $(myman_pages) gnupg.7 : yat2m-stamp defs.inc + + dist-hook: defsincdate + +-defsincdate: $(gnupg_TEXINFOS) +- : >defsincdate ; \ +- if test -e $(top_srcdir)/.git; then \ +- (cd $(srcdir) && git log -1 --format='%ct' \ +- -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ +- fi +- + defs.inc : defsincdate Makefile mkdefsinc + incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ + ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ diff --git a/patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch b/patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch new file mode 100644 index 0000000..16c3981 --- /dev/null +++ b/patches/dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch @@ -0,0 +1,47 @@ +From: Daniel Kahn Gillmor +Date: Sun, 20 Nov 2016 23:09:24 -0500 +Subject: dirmngr: Avoid automatically checking upstream swdb. + +* dirmngr/dirmngr.c (housekeeping_thread): Avoid automatically +checking upstream's software database. In Debian, software updates +should be handled by the distro mechanism, and additional upstream +checks only confuse the user. +* doc/dirmngr.texi: document that --allow-version-check does nothing. + +Signed-off-by: Daniel Kahn Gillmor +--- + dirmngr/dirmngr.c | 2 -- + doc/dirmngr.texi | 7 ++++--- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c +index a96cdcf..76843bd 100644 +--- a/dirmngr/dirmngr.c ++++ b/dirmngr/dirmngr.c +@@ -1957,8 +1957,6 @@ housekeeping_thread (void *arg) + if (network_activity_seen) + { + network_activity_seen = 0; +- if (opt.allow_version_check) +- dirmngr_load_swdb (&ctrlbuf, 0); + workqueue_run_global_tasks (&ctrlbuf, 1); + } + else +diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi +index 76be528..742658e 100644 +--- a/doc/dirmngr.texi ++++ b/doc/dirmngr.texi +@@ -290,9 +290,10 @@ Set the size of the queue for pending connections. The default is 64. + @item --allow-version-check + @opindex allow-version-check + Allow Dirmngr to connect to @code{https://versions.gnupg.org} to get +-the list of current software versions. If this option is enabled +-the list is retrieved in case the local +-copy does not exist or is older than 5 to 7 days. See the option ++the list of current software versions. ++On debian-packaged versions, this option does nothing since software ++updates should be handled by the distribution. ++See the option + @option{--query-swdb} of the command @command{gpgconf} for more + details. Note, that regardless of this option a version check can + always be triggered using this command: diff --git a/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch b/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch new file mode 100644 index 0000000..0d279d2 --- /dev/null +++ b/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch @@ -0,0 +1,226 @@ +From: Daniel Kahn Gillmor +Date: Sat, 29 Oct 2016 02:00:50 -0400 +Subject: dirmngr: Avoid need for hkp housekeeping. + +* dirmngr/ks-engine-hkp.c (host_is_alive): New function. Test whether +host is alive and resurrects it if it has been dead long enough. +(select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive +instead of testing hostinfo_t->dead directly. +(ks_hkp_housekeeping): Remove function, no longer needed. +* dirmngr/dirmngr.c (housekeeping_thread): Remove call to +ks_hkp_housekeeping. + +-- + +Rather than resurrecting hosts upon scheduled resurrection times, test +whether hosts should be resurrected as they're inspected for being +dead. This removes the need for explicit housekeeping, and makes host +resurrections happen "just in time", rather than being clustered on +HOUSEKEEPING_INTERVAL seconds. + +Signed-off-by: Daniel Kahn Gillmor +--- + dirmngr/dirmngr.c | 3 --- + dirmngr/dirmngr.h | 1 - + dirmngr/ks-engine-hkp.c | 72 ++++++++++++++++++++++++------------------------- + 3 files changed, 35 insertions(+), 41 deletions(-) + +diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c +index 55c7a49..a96cdcf 100644 +--- a/dirmngr/dirmngr.c ++++ b/dirmngr/dirmngr.c +@@ -1938,12 +1938,10 @@ static void * + housekeeping_thread (void *arg) + { + static int sentinel; +- time_t curtime; + struct server_control_s ctrlbuf; + + (void)arg; + +- curtime = gnupg_get_time (); + if (sentinel) + { + log_info ("housekeeping is already going on\n"); +@@ -1956,7 +1954,6 @@ housekeeping_thread (void *arg) + memset (&ctrlbuf, 0, sizeof ctrlbuf); + dirmngr_init_default_ctrl (&ctrlbuf); + +- ks_hkp_housekeeping (curtime); + if (network_activity_seen) + { + network_activity_seen = 0; +diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h +index 5189f93..c27f837 100644 +--- a/dirmngr/dirmngr.h ++++ b/dirmngr/dirmngr.h +@@ -215,7 +215,6 @@ const char* dirmngr_get_current_socket_name (void); + int dirmngr_use_tor (void); + + /*-- Various housekeeping functions. --*/ +-void ks_hkp_housekeeping (time_t curtime); + void ks_hkp_reload (void); + + +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index 801e565..68d2064 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -214,6 +214,24 @@ host_in_pool_p (hostinfo_t hi, int tblidx) + return 0; + } + ++static int ++host_is_alive (hostinfo_t hi, time_t curtime) ++{ ++ if (!hi) ++ return 0; ++ if (!hi->dead) ++ return 1; ++ if (!hi->died_at) ++ return 0; /* manually marked dead */ ++ if (hi->died_at + RESURRECT_INTERVAL <= curtime ++ || hi->died_at > curtime) ++ { ++ hi->dead = 0; ++ log_info ("resurrected host '%s'", hi->name); ++ return 1; ++ } ++ return 0; ++} + + /* Select a random host. Consult HI->pool which indices into the global + hosttable. Returns index into HI->pool or -1 if no host could be +@@ -224,13 +242,15 @@ select_random_host (hostinfo_t hi) + int *tbl = NULL; + size_t tblsize = 0; + int pidx, idx; ++ time_t curtime; + ++ curtime = gnupg_get_time (); + /* We create a new table so that we randomly select only from + currently alive hosts. */ + for (idx = 0; + idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; + idx++) +- if (hosttable[pidx] && !hosttable[pidx]->dead) ++ if (hosttable[pidx] && host_is_alive (hosttable[pidx], curtime)) + { + tblsize++; + tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); +@@ -458,6 +478,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + int is_pool; + int new_hosts = 0; + char *cname; ++ time_t curtime; + + *r_host = NULL; + if (r_httpflags) +@@ -484,6 +505,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + } + else + hi = hosttable[idx]; ++ curtime = gnupg_get_time (); + + is_pool = hi->pool != NULL; + +@@ -590,7 +612,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + if (force_reselect) + hi->poolidx = -1; + else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size +- && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) ++ && hosttable[hi->poolidx] && !host_is_alive (hosttable[hi->poolidx], curtime)) + hi->poolidx = -1; + + /* Select a host if needed. */ +@@ -642,7 +664,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + free_dns_addrinfo (aibuf); + } + +- if (hi->dead) ++ if (!host_is_alive (hi, curtime)) + { + log_error ("host '%s' marked as dead\n", hi->name); + if (r_httphost) +@@ -747,7 +769,8 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + { + gpg_error_t err = 0; + hostinfo_t hi, hi2; +- int idx, idx2, idx3, n; ++ int idx, idx2, idx3, n, is_alive; ++ time_t curtime; + + if (!name || !*name || !strcmp (name, "localhost")) + return 0; +@@ -756,13 +779,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + if (idx == -1) + return gpg_error (GPG_ERR_NOT_FOUND); + ++ curtime = gnupg_get_time (); + hi = hosttable[idx]; +- if (alive && hi->dead) ++ is_alive = host_is_alive (hi, curtime); ++ if (alive && !is_alive) + { + hi->dead = 0; + err = ks_printf_help (ctrl, "marking '%s' as alive", name); + } +- else if (!alive && !hi->dead) ++ else if (!alive && is_alive) + { + hi->dead = 1; + hi->died_at = 0; /* Manually set dead. */ +@@ -796,14 +821,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + + hi2 = hosttable[n]; + if (!hi2) +- ; +- else if (alive && hi2->dead) ++ continue; ++ is_alive = host_is_alive (hi2, curtime); ++ if (alive && !is_alive) + { + hi2->dead = 0; + err = ks_printf_help (ctrl, "marking '%s' as alive", + hi2->name); + } +- else if (!alive && !hi2->dead) ++ else if (!alive && is_alive) + { + hi2->dead = 1; + hi2->died_at = 0; /* Manually set dead. */ +@@ -1089,34 +1115,6 @@ ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri) + } + + +-/* Housekeeping function called from the housekeeping thread. It is +- used to mark dead hosts alive so that they may be tried again after +- some time. */ +-void +-ks_hkp_housekeeping (time_t curtime) +-{ +- int idx; +- hostinfo_t hi; +- +- for (idx=0; idx < hosttable_size; idx++) +- { +- hi = hosttable[idx]; +- if (!hi) +- continue; +- if (!hi->dead) +- continue; +- if (!hi->died_at) +- continue; /* Do not resurrect manually shot hosts. */ +- if (hi->died_at + RESURRECT_INTERVAL <= curtime +- || hi->died_at > curtime) +- { +- hi->dead = 0; +- log_info ("resurrected host '%s'", hi->name); +- } +- } +-} +- +- + /* Reload (SIGHUP) action for this module. We mark all host alive + * even those which have been manually shot. */ + void diff --git a/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch b/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch new file mode 100644 index 0000000..1e3877f --- /dev/null +++ b/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch @@ -0,0 +1,81 @@ +From: Daniel Kahn Gillmor +Date: Sat, 29 Oct 2016 01:25:05 -0400 +Subject: dirmngr: hkp: Avoid potential race condition when some hosts die. + +* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass +through the host table instead of risking out-of-bounds write. + +-- + +Multiple threads may write to hosttable[x]->dead while +select_random_host() is running. For example, a housekeeping thread +might clear the ->dead bit on some entries, or another connection to +dirmngr might manually mark a host as alive. + +If one or more hosts are resurrected between the two loops over a +given table in select_random_host(), then the allocation of tbl might +not be large enough, resulting in a write past the end of tbl on the +second loop. + +This change collapses the two loops into a single loop to avoid this +discrepancy: each host's "dead" bit is now only checked once. + +As Werner points out, this isn't currently strictly necessary, since +npth will not switch threads unless a blocking system call is made, +and no blocking system call is made in these two loops. + +However, in a subsequent change in this series, we will call a +function in this loop, and that function may sometimes write(2), or +call other functions, which may themselves block. Keeping this as a +single-pass loop avoids the need to keep track of what might block and +what might not. + +Signed-off-by: Daniel Kahn Gillmor +--- + dirmngr/ks-engine-hkp.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index 20d29e9..801e565 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -221,29 +221,26 @@ host_in_pool_p (hostinfo_t hi, int tblidx) + static int + select_random_host (hostinfo_t hi) + { +- int *tbl; +- size_t tblsize; ++ int *tbl = NULL; ++ size_t tblsize = 0; + int pidx, idx; + + /* We create a new table so that we randomly select only from + currently alive hosts. */ +- for (idx = 0, tblsize = 0; ++ for (idx = 0; + idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; + idx++) + if (hosttable[pidx] && !hosttable[pidx]->dead) +- tblsize++; ++ { ++ tblsize++; ++ tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); ++ if (!tbl) ++ return -1; /* memory allocation failed! */ ++ tbl[tblsize-1] = pidx; ++ } + if (!tblsize) + return -1; /* No hosts. */ + +- tbl = xtrymalloc (tblsize * sizeof *tbl); +- if (!tbl) +- return -1; +- for (idx = 0, tblsize = 0; +- idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; +- idx++) +- if (hosttable[pidx] && !hosttable[pidx]->dead) +- tbl[tblsize++] = pidx; +- + if (tblsize == 1) /* Save a get_uint_nonce. */ + pidx = tbl[0]; + else diff --git a/patches/fix-spelling.patch b/patches/fix-spelling.patch new file mode 100644 index 0000000..5490130 --- /dev/null +++ b/patches/fix-spelling.patch @@ -0,0 +1,39 @@ +From: Daniel Kahn Gillmor +Date: Sun, 18 Nov 2018 17:33:55 -0500 +Subject: fix spelling + +--- + doc/tools.texi | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/doc/tools.texi b/doc/tools.texi +index 7becf67..6256c05 100644 +--- a/doc/tools.texi ++++ b/doc/tools.texi +@@ -1561,7 +1561,7 @@ string @code{true} or @code{yes}. The evaluation is done by passing + /subst + /let i 3 + /while $i +- /echo loop couter is $i ++ /echo loop counter is $i + /let i $@{- $i 1@} + /end + @end smallexample +@@ -1962,7 +1962,7 @@ Extract all files from an encrypted archive. + + @item --sign + @itemx -s +-Make a signed archive from the given files and directories. Thsi can ++Make a signed archive from the given files and directories. This can + be combined with option @option{--encrypt} to create a signed and then + encrypted archive. + +@@ -2031,7 +2031,7 @@ linefeed to separate file names. + + @item --openpgp + @opindex openpgp +-This option has no effect becuase OpenPGP encryption and signing is ++This option has no effect because OpenPGP encryption and signing is + the default. + + @item --cms diff --git a/patches/from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch b/patches/from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch new file mode 100644 index 0000000..8dd141c --- /dev/null +++ b/patches/from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch @@ -0,0 +1,98 @@ +From: Werner Koch +Date: Mon, 17 Dec 2018 18:46:26 +0100 +Subject: Silence compiler warnings new with gcc 8. + +* dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc. +* tests/gpgscm/scheme.c: Include gpgrt.h. +(Eval_Cycle): Ignore -Wimplicit-fallthrough. +-- + +The funny use of case and labels in the CASE macro seems confuse the +fallthrough detection. + +Signed-off-by: Werner Koch +(cherry picked from commit 21fc089148678f59edb02e0e16bed65b709fb972) +--- + dirmngr/dns.c | 17 ++++++++++++----- + tests/gpgscm/scheme.c | 12 ++++++++++++ + 2 files changed, 24 insertions(+), 5 deletions(-) + +diff --git a/dirmngr/dns.c b/dirmngr/dns.c +index 77f83f4..968fc3d 100644 +--- a/dirmngr/dns.c ++++ b/dirmngr/dns.c +@@ -77,6 +77,7 @@ typedef int socket_fd_t; + #include /* struct addrinfo */ + #endif + ++#include "gpgrt.h" /* For GGPRT_GCC_VERSION */ + #include "dns.h" + + +@@ -7521,9 +7522,13 @@ static unsigned char *dns_so_tcp_recv_buffer(struct dns_socket *so) { + } + + +-#if defined __clang__ +-#pragma clang diagnostic push +-#pragma clang diagnostic ignored "-Warray-bounds" ++ ++#if GPGRT_GCC_VERSION >= 80000 ++# pragma GCC diagnostic push ++# pragma GCC diagnostic ignored "-Warray-bounds" ++#elif defined __clang__ ++# pragma clang diagnostic push ++# pragma clang diagnostic ignored "-Warray-bounds" + #endif + + static int dns_so_tcp_send(struct dns_socket *so) { +@@ -7589,8 +7594,10 @@ static int dns_so_tcp_recv(struct dns_socket *so) { + return 0; + } /* dns_so_tcp_recv() */ + +-#if __clang__ +-#pragma clang diagnostic pop ++#if GPGRT_GCC_VERSION >= 80000 ++# pragma GCC diagnostic pop ++#elif __clang__ ++# pragma clang diagnostic pop + #endif + + +diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c +index 4384841..b188e36 100644 +--- a/tests/gpgscm/scheme.c ++++ b/tests/gpgscm/scheme.c +@@ -44,6 +44,8 @@ + # endif + #endif + ++#include "gpgrt.h" /* For GGPRT_GCC_VERSION */ ++ + /* Used for documentation purposes, to signal functions in 'interface' */ + #define INTERFACE + +@@ -3438,6 +3440,11 @@ int list_length(scheme *sc, pointer a) { + + + ++#if GPGRT_GCC_VERSION >= 80000 ++# pragma GCC diagnostic push ++# pragma GCC diagnostic ignored "-Wimplicit-fallthrough" ++#endif ++ + #define s_retbool(tf) s_return(sc,(tf) ? sc->T : sc->F) + + /* kernel of this interpreter */ +@@ -5323,6 +5330,11 @@ Eval_Cycle(scheme *sc, enum scheme_opcodes op) { + } + } + ++#if GPGRT_GCC_VERSION >= 80000 ++# pragma GCC diagnostic pop ++#endif ++ ++ + typedef int (*test_predicate)(pointer); + + static int is_any(pointer p) { diff --git a/patches/from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch b/patches/from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch new file mode 100644 index 0000000..fa0b6d3 --- /dev/null +++ b/patches/from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch @@ -0,0 +1,176 @@ +From: NIIBE Yutaka +Date: Mon, 28 Jan 2019 12:58:13 +0900 +Subject: agent: Clear bogus pinentry cache, when it causes an error. + +* agent/agent.h (PINENTRY_STATUS_*): Expose to public. +(struct pin_entry_info_s): Add status. +* agent/call-pinentry.c (agent_askpin): Clearing the ->status +before the loop, let the assuan_transact set ->status. When +failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns +soon. +* agent/findkey.c (unprotect): Clear the pinentry cache, +when it causes an error. + +-- + +Cherry-picked from master commit of: + 02a2633a7f0b7d91aa48ea615fb3a0edfd6ed6bb + +Debian-bug-id: 919856 +GnuPG-bug-id: 4348 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 9109bb9919f84d5472b7e62e84b961414a79d3c2) +--- + agent/agent.h | 11 ++++++++++- + agent/call-pinentry.c | 37 ++++++++++++++++++------------------- + agent/findkey.c | 12 +++++++++++- + 3 files changed, 39 insertions(+), 21 deletions(-) + +diff --git a/agent/agent.h b/agent/agent.h +index 97ac15d..b07ea57 100644 +--- a/agent/agent.h ++++ b/agent/agent.h +@@ -265,6 +265,14 @@ struct server_control_s + }; + + ++/* Status of pinentry. */ ++enum ++ { ++ PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, ++ PINENTRY_STATUS_PIN_REPEATED = 1 << 8, ++ PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 ++ }; ++ + /* Information pertaining to pinentry requests. */ + struct pin_entry_info_s + { +@@ -274,7 +282,8 @@ struct pin_entry_info_s + int failed_tries; /* Number of tries so far failed. */ + int with_qualitybar; /* Set if the quality bar should be displayed. */ + int with_repeat; /* Request repetition of the passphrase. */ +- int repeat_okay; /* Repetition worked. */ ++ int repeat_okay; /* Repetition worked. */ ++ unsigned int status; /* Status. */ + gpg_error_t (*check_cb)(struct pin_entry_info_s *); /* CB used to check + the PIN */ + void *check_cb_arg; /* optional argument which might be of use in the CB */ +diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c +index b68d0a8..1f3bd52 100644 +--- a/agent/call-pinentry.c ++++ b/agent/call-pinentry.c +@@ -891,13 +891,6 @@ setup_qualitybar (ctrl_t ctrl) + return 0; + } + +-enum +- { +- PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, +- PINENTRY_STATUS_PIN_REPEATED = 1 << 8, +- PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 +- }; +- + /* Check the button_info line for a close action. Also check for the + PIN_REPEATED flag. */ + static gpg_error_t +@@ -962,7 +955,6 @@ agent_askpin (ctrl_t ctrl, + const char *errtext = NULL; + int is_pin = 0; + int saveflag; +- unsigned int pinentry_status; + + if (opt.batch) + return 0; /* fixme: we should return BAD PIN */ +@@ -1073,6 +1065,7 @@ agent_askpin (ctrl_t ctrl, + pininfo->with_repeat = 0; /* Pinentry does not support it. */ + } + pininfo->repeat_okay = 0; ++ pininfo->status = 0; + + for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++) + { +@@ -1106,10 +1099,9 @@ agent_askpin (ctrl_t ctrl, + + saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); + assuan_begin_confidential (entry_ctx); +- pinentry_status = 0; + rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, + inq_quality, entry_ctx, +- pinentry_status_cb, &pinentry_status); ++ pinentry_status_cb, &pininfo->status); + assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); + /* Most pinentries out in the wild return the old Assuan error code + for canceled which gets translated to an assuan Cancel error and +@@ -1121,7 +1113,7 @@ agent_askpin (ctrl_t ctrl, + + /* Change error code in case the window close button was clicked + to cancel the operation. */ +- if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) ++ if ((pininfo->status & PINENTRY_STATUS_CLOSE_BUTTON) + && gpg_err_code (rc) == GPG_ERR_CANCELED) + rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); + +@@ -1148,12 +1140,19 @@ agent_askpin (ctrl_t ctrl, + /* More checks by utilizing the optional callback. */ + pininfo->cb_errtext = NULL; + rc = pininfo->check_cb (pininfo); +- if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE +- && pininfo->cb_errtext) +- errtext = pininfo->cb_errtext; +- else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE +- || gpg_err_code (rc) == GPG_ERR_BAD_PIN) +- errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); ++ /* When pinentry cache causes an error, return now. */ ++ if (rc ++ && (pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) ++ return unlock_pinentry (ctrl, rc); ++ ++ if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE) ++ { ++ if (pininfo->cb_errtext) ++ errtext = pininfo->cb_errtext; ++ else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE ++ || gpg_err_code (rc) == GPG_ERR_BAD_PIN) ++ errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); ++ } + else if (rc) + return unlock_pinentry (ctrl, rc); + } +@@ -1161,12 +1160,12 @@ agent_askpin (ctrl_t ctrl, + if (!errtext) + { + if (pininfo->with_repeat +- && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) ++ && (pininfo->status & PINENTRY_STATUS_PIN_REPEATED)) + pininfo->repeat_okay = 1; + return unlock_pinentry (ctrl, 0); /* okay, got a PIN or passphrase */ + } + +- if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) ++ if ((pininfo->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) + /* The password was read from the cache. Don't count this + against the retry count. */ + pininfo->failed_tries --; +diff --git a/agent/findkey.c b/agent/findkey.c +index 78c3b1a..89a18fa 100644 +--- a/agent/findkey.c ++++ b/agent/findkey.c +@@ -632,7 +632,17 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, + pi->check_cb_arg = &arg; + + rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode); +- if (!rc) ++ if (rc) ++ { ++ if ((pi->status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) ++ { ++ log_error ("Clearing pinentry cache which caused error %s\n", ++ gpg_strerror (rc)); ++ ++ agent_clear_passphrase (ctrl, hexgrip, cache_mode); ++ } ++ } ++ else + { + assert (arg.unprotected_key); + if (arg.change_required) diff --git a/patches/from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch b/patches/from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch new file mode 100644 index 0000000..d169017 --- /dev/null +++ b/patches/from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch @@ -0,0 +1,38 @@ +From: NIIBE Yutaka +Date: Fri, 25 Jan 2019 10:15:39 +0900 +Subject: dirmngr: Fix initialization of assuan's nPth hook. + +* dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to... +(thread_init): ... here. + +-- + +Cherry picked master commit of: + 1f8817475f59ede3f28f57edc10ba56bbdd08b49 + +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 7f4c3eb0a039621c564b6095ab5f810524843157) +--- + dirmngr/dirmngr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c +index 76843bd..ffbb108 100644 +--- a/dirmngr/dirmngr.c ++++ b/dirmngr/dirmngr.c +@@ -802,6 +802,7 @@ static void + thread_init (void) + { + npth_init (); ++ assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); + gpgrt_set_syscall_clamp (npth_unprotect, npth_protect); + + /* Now with NPth running we can set the logging callback. Our +@@ -877,7 +878,6 @@ main (int argc, char **argv) + assuan_set_malloc_hooks (&malloc_hooks); + assuan_set_assuan_log_prefix (log_get_prefix (NULL)); + assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); +- assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); + assuan_sock_init (); + setup_libassuan_logging (&opt.debug, dirmngr_assuan_log_monitor); + diff --git a/patches/from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch b/patches/from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch new file mode 100644 index 0000000..144a8fc --- /dev/null +++ b/patches/from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch @@ -0,0 +1,54 @@ +From: Werner Koch +Date: Tue, 8 Jan 2019 11:21:07 +0100 +Subject: doc: Mark keyserver-options timeout and http-proxy as obsolete. + +-- + +(cherry picked from commit 6c000d4b78b836686e5a2789cc88a41e465e4400) +(cherry picked from commit 9fd6ba268f1fdf77cc5baa6e8fd3ab28e432e49b) +--- + doc/gpg.texi | 30 +++++------------------------- + 1 file changed, 5 insertions(+), 25 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 1eed9fa..1597f9e 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1895,32 +1895,12 @@ are available for all keyserver types, some common options are: + retrieving keys by subkey id. + + @item timeout +- Tell the keyserver helper program how long (in seconds) to try and +- perform a keyserver action before giving up. Note that performing +- multiple actions at the same time uses this timeout value per action. +- For example, when retrieving multiple keys via @option{--receive-keys}, the +- timeout applies separately to each key retrieval, and not to the +- @option{--receive-keys} command as a whole. Defaults to 30 seconds. +- +- @item http-proxy=@var{value} +- This option is deprecated. +- Set the proxy to use for HTTP and HKP keyservers. +- This overrides any proxy defined in @file{dirmngr.conf}. +- +- @item verbose +- This option has no more function since GnuPG 2.1. Use the +- @code{dirmngr} configuration options instead. +- +- @item debug +- This option has no more function since GnuPG 2.1. Use the +- @code{dirmngr} configuration options instead. +- +- @item check-cert +- This option has no more function since GnuPG 2.1. Use the +- @code{dirmngr} configuration options instead. +- ++ @itemx http-proxy=@var{value} ++ @itemx verbose ++ @itemx debug ++ @itemx check-cert + @item ca-cert-file +- This option has no more function since GnuPG 2.1. Use the ++ These options have no more function since GnuPG 2.1. Use the + @code{dirmngr} configuration options instead. + + @end table diff --git a/patches/from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch b/patches/from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch new file mode 100644 index 0000000..0967104 --- /dev/null +++ b/patches/from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch @@ -0,0 +1,29 @@ +From: Werner Koch +Date: Wed, 30 Jan 2019 11:28:14 +0100 +Subject: gpg: Allow generating Ed25519 key from an existing key. + +* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping. +-- + +Due to this missing mapping a "gpg --export --full-gen-key" with +selection "13 - Existing key" did not worked for an ed25519 key. + +Signed-off-by: Werner Koch +(cherry picked from commit 346a98fabe03adf2e202e36fc2aa24b1c2571154) +(cherry picked from commit 31d2a1eecaee766919b18bc42b918d9168f601f8) +--- + g10/misc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/misc.c b/g10/misc.c +index d9ebf48..8144471 100644 +--- a/g10/misc.c ++++ b/g10/misc.c +@@ -508,6 +508,7 @@ map_pk_gcry_to_openpgp (enum gcry_pk_algos algo) + { + switch (algo) + { ++ case GCRY_PK_EDDSA: return PUBKEY_ALGO_EDDSA; + case GCRY_PK_ECDSA: return PUBKEY_ALGO_ECDSA; + case GCRY_PK_ECDH: return PUBKEY_ALGO_ECDH; + default: return algo < 110 ? (pubkey_algo_t)algo : 0; diff --git a/patches/from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch b/patches/from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch new file mode 100644 index 0000000..4aa1edf --- /dev/null +++ b/patches/from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch @@ -0,0 +1,26 @@ +From: Werner Koch +Date: Wed, 30 Jan 2019 14:40:26 +0100 +Subject: gpg: Emit an ERROR status if no key was found with --list-keys. + +* g10/keylist.c (list_one): Emit status line. +-- + +Signed-off-by: Werner Koch +(cherry picked from commit 140fda8c61422ec055c3f7e214cc35706c4320dd) +(cherry picked from commit 14ea581a1c040b53b0ad4c51136a7948363b1e4b) +--- + g10/keylist.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/keylist.c b/g10/keylist.c +index 66b03bb..262ea8d 100644 +--- a/g10/keylist.c ++++ b/g10/keylist.c +@@ -610,6 +610,7 @@ list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret) + { + log_error ("error reading key: %s\n", gpg_strerror (rc)); + getkey_end (ctrl, ctx); ++ write_status_error ("keylist.getkey", rc); + return; + } + diff --git a/patches/from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch b/patches/from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch new file mode 100644 index 0000000..ae96245 --- /dev/null +++ b/patches/from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch @@ -0,0 +1,38 @@ +From: Werner Koch +Date: Tue, 22 Jan 2019 10:06:15 +0100 +Subject: gpg: Stop early when trying to create a primary Elgamal key. + +* g10/misc.c (openpgp_pk_test_algo2): Add extra check. +-- + +The problem is that --key-gen --batch with a parameter file didn't +detect that Elgamal is not capable of signing and so an error was only +triggered at the time the self-signature was created. See the code +comment for details. + +GnuPG-bug-id: 4329 +Signed-off-by: Werner Koch +(cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8) +(cherry picked from commit f5d3b982e44c5cfc60e9936020102a598b635187) +--- + g10/misc.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/g10/misc.c b/g10/misc.c +index 86baff9..d9ebf48 100644 +--- a/g10/misc.c ++++ b/g10/misc.c +@@ -644,6 +644,13 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use) + if (!ga) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + ++ /* Elgamal in OpenPGP used to support signing and Libgcrypt still ++ * does. However, we removed the signing capability from gpg ages ++ * ago. This function should reflect this so that errors are thrown ++ * early and not only when we try to sign using Elgamal. */ ++ if (ga == GCRY_PK_ELG && (use & (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG))) ++ return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); ++ + /* Now check whether Libgcrypt has support for the algorithm. */ + return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf); + } diff --git a/patches/from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch b/patches/from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch new file mode 100644 index 0000000..efeb160 --- /dev/null +++ b/patches/from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch @@ -0,0 +1,50 @@ +From: Werner Koch +Date: Tue, 18 Dec 2018 08:21:03 +0100 +Subject: wks: Do not use compression for the encrypted data. + +* tools/gpg-wks-client.c (encrypt_response): Add arg -z0. +* tools/gpg-wks-server.c (encrypt_stream): Ditto. +-- + +If for example a server was built without the development packages of +the compression libraries installed, the server will not be able to +decrypt a request. In theory this can't happen due to the preference +system but it is just to easy to create the server's key using a +different version of gpg and then use gpg-wks-server built +differently. + +For the short messages we exchange compression is not really required +and thus we better do without to make the system more robust. + +Signed-off-by: Werner Koch +(cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719) +(cherry picked from commit 16424d8a34c7f6af1071fd19dfc180cb7d17c052) +--- + tools/gpg-wks-client.c | 1 + + tools/gpg-wks-server.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c +index c8ff166..78e4fe4 100644 +--- a/tools/gpg-wks-client.c ++++ b/tools/gpg-wks-client.c +@@ -1151,6 +1151,7 @@ encrypt_response (estream_t *r_output, estream_t input, const char *addrspec, + ccparray_put (&ccp, "--status-fd=2"); + ccparray_put (&ccp, "--always-trust"); + ccparray_put (&ccp, "--armor"); ++ ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */ + if (fake_submission_addr) + ccparray_put (&ccp, "--auto-key-locate=clear,local"); + else +diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c +index 1a0ba8f..f83ef65 100644 +--- a/tools/gpg-wks-server.c ++++ b/tools/gpg-wks-server.c +@@ -586,6 +586,7 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile) + ccparray_put (&ccp, "--always-trust"); + ccparray_put (&ccp, "--no-keyring"); + ccparray_put (&ccp, "--armor"); ++ ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */ + ccparray_put (&ccp, "--recipient-file"); + ccparray_put (&ccp, keyfile); + ccparray_put (&ccp, "--encrypt"); diff --git a/patches/from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch b/patches/from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch new file mode 100644 index 0000000..61521c0 --- /dev/null +++ b/patches/from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch @@ -0,0 +1,61 @@ +From: Werner Koch +Date: Fri, 22 Feb 2019 14:09:02 +0100 +Subject: agent: Fix for suggested Libgcrypt use. + +* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter. +-- + +The libgcrypt docs say that a "flags" parameter should always be used +in the input of pkdecrypt. Thus we should allow that parameter also +when parsing an s-expression to figure out the algorithm for use with +scdaemon. + +Signed-off-by: Werner Koch +(cherry picked from commit a12c3a566e2e4b10bc02976a2819070877ee895c) +(cherry picked from commit 0a95b153811f36739d1b20f23920bad0bb07c68b) +--- + agent/divert-scd.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/agent/divert-scd.c b/agent/divert-scd.c +index 88b35cd..aff5055 100644 +--- a/agent/divert-scd.c ++++ b/agent/divert-scd.c +@@ -476,6 +476,7 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text, + char *kid; + const unsigned char *s; + size_t n; ++ int depth; + const unsigned char *ciphertext; + size_t ciphertextlen; + char *plaintext; +@@ -484,7 +485,6 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text, + (void)desc_text; + + *r_padding = -1; +- + s = cipher; + if (*s != '(') + return gpg_error (GPG_ERR_INV_SEXP); +@@ -500,6 +500,21 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text, + n = snext (&s); + if (!n) + return gpg_error (GPG_ERR_INV_SEXP); ++ ++ /* First check whether we have a flags parameter and skip it. */ ++ if (smatch (&s, n, "flags")) ++ { ++ depth = 1; ++ if (sskip (&s, &depth) || depth) ++ return gpg_error (GPG_ERR_INV_SEXP); ++ if (*s != '(') ++ return gpg_error (GPG_ERR_INV_SEXP); ++ s++; ++ n = snext (&s); ++ if (!n) ++ return gpg_error (GPG_ERR_INV_SEXP); ++ } ++ + if (smatch (&s, n, "rsa")) + { + if (*s != '(') diff --git a/patches/from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch b/patches/from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch new file mode 100644 index 0000000..c9a549f --- /dev/null +++ b/patches/from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch @@ -0,0 +1,63 @@ +From: NIIBE Yutaka +Date: Fri, 25 Jan 2019 12:08:09 +0900 +Subject: agent: Support --mode=ssh option for CLEAR_PASSPHRASE. + +* agent/command.c (cmd_clear_passphrase): Add support for SSH. + +-- + +GnuPG-bug-id: 4340 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit ae966bbe9b16ed68a51391afdde615339755e22d) +(cherry picked from commit 77a285a0a94994ee9b42289897f9bf3075c7192d) +--- + agent/command.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/agent/command.c b/agent/command.c +index 60eb6ad..50385b8 100644 +--- a/agent/command.c ++++ b/agent/command.c +@@ -1568,19 +1568,24 @@ static const char hlp_clear_passphrase[] = + "may be used to invalidate the cache entry for a passphrase. The\n" + "function returns with OK even when there is no cached passphrase.\n" + "The --mode=normal option is used to clear an entry for a cacheid\n" +- "added by the agent.\n"; ++ "added by the agent. The --mode=ssh option is used for a cacheid\n" ++ "added for ssh.\n"; + static gpg_error_t + cmd_clear_passphrase (assuan_context_t ctx, char *line) + { + ctrl_t ctrl = assuan_get_pointer (ctx); + char *cacheid = NULL; + char *p; +- int opt_normal; ++ cache_mode_t cache_mode = CACHE_MODE_USER; + + if (ctrl->restricted) + return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + +- opt_normal = has_option (line, "--mode=normal"); ++ if (has_option (line, "--mode=normal")) ++ cache_mode = CACHE_MODE_NORMAL; ++ else if (has_option (line, "--mode=ssh")) ++ cache_mode = CACHE_MODE_SSH; ++ + line = skip_options (line); + + /* parse the stuff */ +@@ -1593,12 +1598,9 @@ cmd_clear_passphrase (assuan_context_t ctx, char *line) + if (!*cacheid || strlen (cacheid) > 50) + return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID"); + +- agent_put_cache (ctrl, cacheid, +- opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER, +- NULL, 0); ++ agent_put_cache (ctrl, cacheid, cache_mode, NULL, 0); + +- agent_clear_passphrase (ctrl, cacheid, +- opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER); ++ agent_clear_passphrase (ctrl, cacheid, cache_mode); + + return 0; + } diff --git a/patches/from-2.2.14/common-Fix-gnupg_wait_processes.patch b/patches/from-2.2.14/common-Fix-gnupg_wait_processes.patch new file mode 100644 index 0000000..b1b9ed4 --- /dev/null +++ b/patches/from-2.2.14/common-Fix-gnupg_wait_processes.patch @@ -0,0 +1,82 @@ +From: NIIBE Yutaka +Date: Tue, 19 Sep 2017 12:28:43 +0900 +Subject: common: Fix gnupg_wait_processes. + +* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes +even if we already see an error. + +-- + +The value stored by waitpid for exit code is encoded; It requires +decoded by WEXITSTATUS macro, regardless of an error. + +For example, when one of processes is already exited and another is +still running, it resulted wrong value of in r_exitcodes[n]. + +Signed-off-by: NIIBE Yutaka +(cherry picked from commit eeb3da6eb717ed6a1a1069a7611eb37503e8672d) +--- + common/exechelp-posix.c | 50 +++++++++++++++++++++++++------------------------ + 1 file changed, 26 insertions(+), 24 deletions(-) + +diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c +index 7237993..3acf74a 100644 +--- a/common/exechelp-posix.c ++++ b/common/exechelp-posix.c +@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, + } + } + +- if (ec == 0) +- for (i = 0; i < count; i++) +- { +- if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) +- { +- log_error (_("error running '%s': probably not installed\n"), +- pgmnames[i]); +- ec = GPG_ERR_CONFIGURATION; +- } +- else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) +- { +- if (dummy) +- log_error (_("error running '%s': exit status %d\n"), +- pgmnames[i], WEXITSTATUS (r_exitcodes[i])); +- else +- r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); +- ec = GPG_ERR_GENERAL; +- } +- else if (!WIFEXITED (r_exitcodes[i])) +- { +- log_error (_("error running '%s': terminated\n"), pgmnames[i]); +- ec = GPG_ERR_GENERAL; +- } +- } ++ for (i = 0; i < count; i++) ++ { ++ if (r_exitcodes[i] == -1) ++ continue; ++ ++ if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) ++ { ++ log_error (_("error running '%s': probably not installed\n"), ++ pgmnames[i]); ++ ec = GPG_ERR_CONFIGURATION; ++ } ++ else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) ++ { ++ if (dummy) ++ log_error (_("error running '%s': exit status %d\n"), ++ pgmnames[i], WEXITSTATUS (r_exitcodes[i])); ++ else ++ r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); ++ ec = GPG_ERR_GENERAL; ++ } ++ else if (!WIFEXITED (r_exitcodes[i])) ++ { ++ log_error (_("error running '%s': terminated\n"), pgmnames[i]); ++ ec = GPG_ERR_GENERAL; ++ } ++ } + + xfree (dummy); + return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); diff --git a/patches/from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch b/patches/from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch new file mode 100644 index 0000000..57bb513 --- /dev/null +++ b/patches/from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch @@ -0,0 +1,87 @@ +From: Werner Koch +Date: Thu, 7 Mar 2019 11:34:03 +0100 +Subject: dirmngr: Add CSRF protection exception for protonmail. + +* dirmngr/http.c (same_host_p): Add exception table. +-- + +Please: Adding entries to this table shall be an exception and not the +rule. + +Signed-off-by: Werner Koch +(cherry picked from commit 134c3c16523b1a267ebdd2df6339240fd9e1e3b3) +(cherry picked from commit 557c721e787e7e6d311ccb48d8aa677123061cf5) +--- + dirmngr/http.c | 45 ++++++++++++++++++++++++++++++++++++++++----- + 1 file changed, 40 insertions(+), 5 deletions(-) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 9f4afc8..7fdd06a 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -3514,16 +3514,51 @@ uri_query_lookup (parsed_uri_t uri, const char *key) + } + + +-/* Return true if both URI point to the same host. */ ++/* Return true if both URI point to the same host for the purpose of ++ * redirection check. A is the original host and B the host given in ++ * the Location header. As a temporary workaround a fixed list of ++ * exceptions is also consulted. */ + static int + same_host_p (parsed_uri_t a, parsed_uri_t b) + { +- return a->host && b->host && !ascii_strcasecmp (a->host, b->host); ++ static struct ++ { ++ const char *from; /* NULL uses the last entry from the table. */ ++ const char *to; ++ } allow[] = ++ { ++ { "protonmail.com", "api.protonmail.com" }, ++ { NULL, "api.protonmail.ch" }, ++ { "protonmail.ch", "api.protonmail.com" }, ++ { NULL, "api.protonmail.ch" } ++ }; ++ int i; ++ const char *from; ++ ++ if (!a->host || !b->host) ++ return 0; ++ ++ if (!ascii_strcasecmp (a->host, b->host)) ++ return 1; ++ ++ from = NULL; ++ for (i=0; i < DIM (allow); i++) ++ { ++ if (allow[i].from) ++ from = allow[i].from; ++ if (!from) ++ continue; ++ if (!ascii_strcasecmp (from, a->host) ++ && !ascii_strcasecmp (allow[i].to, b->host)) ++ return 1; ++ } ++ ++ return 0; + } + + + /* Prepare a new URL for a HTTP redirect. INFO has flags controlling +- * the operaion, STATUS_CODE is used for diagnostics, LOCATION is the ++ * the operation, STATUS_CODE is used for diagnostics, LOCATION is the + * value of the "Location" header, and R_URL reveives the new URL on + * success or NULL or error. Note that INFO->ORIG_URL is + * required. */ +@@ -3594,8 +3629,8 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code, + } + else if (same_host_p (origuri, locuri)) + { +- /* The host is the same and thus we can take the location +- * verbatim. */ ++ /* The host is the same or on an exception list and thus we can ++ * take the location verbatim. */ + http_release_parsed_uri (origuri); + http_release_parsed_uri (locuri); + newurl = xtrystrdup (location); diff --git a/patches/from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch b/patches/from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch new file mode 100644 index 0000000..868688b --- /dev/null +++ b/patches/from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch @@ -0,0 +1,658 @@ +From: Werner Koch +Date: Mon, 18 Mar 2019 13:07:14 +0100 +Subject: gpg: Allow import of PGP desktop exported secret keys. + +* g10/import.c (NODE_TRANSFER_SECKEY): New. +(import): Add attic kludge. +(transfer_secret_keys): Add arg only_marked. +(resync_sec_with_pub_keyblock): Return removed seckeys via new arg +r_removedsecs. +(import_secret_one): New arg r_secattic. Change to take ownership of +arg keyblock. Implement extra secret key import logic. Factor some +code out to ... +(do_transfer): New. +(import_matching_seckeys): New. +-- + +The PGP desktops exported secret keys are really stupid. And they +even a have kind of exception in rfc4880 which does not rule that +out (section 11.2): + + [...] Implementations SHOULD include self-signatures on any user + IDs and subkeys, as this allows for a complete public key to be + automatically extracted from the transferable secret key. + Implementations MAY choose to omit the self-signatures, especially + if a transferable public key accompanies the transferable secret + key. + +Now if they would only put the public key before the secret +key. Anyway we now have a workaround for that ugliness. + +GnuPG-bug-id: 4392 +Signed-off-by: Werner Koch +(cherry picked from commit 5205512fc092c53c0a52c8379ef2a129ce6e58a9) +(cherry picked from commit 0e73214dd208fca4df26ac796416c6f25b3ae50d) +--- + g10/import.c | 381 ++++++++++++++++++++++++++++++++++++++++++++++------------ + g10/keyedit.c | 2 +- + g10/main.h | 3 +- + 3 files changed, 307 insertions(+), 79 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 2a01814..f76ca0c 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1,6 +1,6 @@ + /* import.c - import a key into our key storage. + * Copyright (C) 1998-2007, 2010-2011 Free Software Foundation, Inc. +- * Copyright (C) 2014, 2016, 2017 Werner Koch ++ * Copyright (C) 2014, 2016, 2017, 2019 Werner Koch + * + * This file is part of GnuPG. + * +@@ -75,6 +75,8 @@ struct import_stats_s + #define NODE_DELETION_MARK 4 + /* A node flag used to temporary mark a node. */ + #define NODE_FLAG_A 8 ++/* A flag used by transfer_secret_keys. */ ++#define NODE_TRANSFER_SECKEY 16 + + + /* An object and a global instance to store selectors created from +@@ -110,10 +112,15 @@ static gpg_error_t import_one (ctrl_t ctrl, + unsigned int options, int from_sk, int silent, + import_screener_t screener, void *screener_arg, + int origin, const char *url, int *r_valid); ++static gpg_error_t import_matching_seckeys ( ++ ctrl_t ctrl, kbnode_t seckeys, ++ const byte *mainfpr, size_t mainfprlen, ++ struct import_stats_s *stats, int batch); + static gpg_error_t import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + struct import_stats_s *stats, int batch, + unsigned int options, int for_migration, +- import_screener_t screener, void *screener_arg); ++ import_screener_t screener, void *screener_arg, ++ kbnode_t *r_secattic); + static int import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options, + struct import_stats_s *stats); + static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, +@@ -562,6 +569,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, + kbnode_t keyblock = NULL; /* Need to initialize because gcc can't + grasp the return semantics of + read_block. */ ++ kbnode_t secattic = NULL; /* Kludge for PGP desktop percularity */ + int rc = 0; + int v3keys; + +@@ -582,18 +590,63 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, + { + stats->v3keys += v3keys; + if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) +- rc = import_one (ctrl, keyblock, +- stats, fpr, fpr_len, options, 0, 0, +- screener, screener_arg, origin, url, NULL); ++ { ++ rc = import_one (ctrl, keyblock, ++ stats, fpr, fpr_len, options, 0, 0, ++ screener, screener_arg, origin, url, NULL); ++ if (secattic) ++ { ++ byte tmpfpr[MAX_FINGERPRINT_LEN]; ++ size_t tmpfprlen; ++ ++ if (!rc && !(opt.dry_run || (options & IMPORT_DRY_RUN))) ++ { ++ /* Kudge for PGP desktop - see below. */ ++ fingerprint_from_pk (keyblock->pkt->pkt.public_key, ++ tmpfpr, &tmpfprlen); ++ rc = import_matching_seckeys (ctrl, secattic, ++ tmpfpr, tmpfprlen, ++ stats, opt.batch); ++ } ++ release_kbnode (secattic); ++ secattic = NULL; ++ } ++ } + else if (keyblock->pkt->pkttype == PKT_SECRET_KEY) +- rc = import_secret_one (ctrl, keyblock, stats, +- opt.batch, options, 0, +- screener, screener_arg); ++ { ++ release_kbnode (secattic); ++ secattic = NULL; ++ rc = import_secret_one (ctrl, keyblock, stats, ++ opt.batch, options, 0, ++ screener, screener_arg, &secattic); ++ keyblock = NULL; /* Ownership was transferred. */ ++ if (secattic) ++ { ++ if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY) ++ rc = 0; /* Try import after the next pubkey. */ ++ ++ /* The attic is a workaround for the peculiar PGP ++ * Desktop method of exporting a secret key: The ++ * exported file is the concatenation of two armored ++ * keyblocks; first the private one and then the public ++ * one. The strange thing is that the secret one has no ++ * binding signatures at all and thus we have not ++ * imported it. The attic stores that secret keys and ++ * we try to import it once after the very next public ++ * keyblock. */ ++ } ++ } + else if (keyblock->pkt->pkttype == PKT_SIGNATURE + && IS_KEY_REV (keyblock->pkt->pkt.signature) ) +- rc = import_revoke_cert (ctrl, keyblock, options, stats); ++ { ++ release_kbnode (secattic); ++ secattic = NULL; ++ rc = import_revoke_cert (ctrl, keyblock, options, stats); ++ } + else + { ++ release_kbnode (secattic); ++ secattic = NULL; + log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype); + } + release_kbnode (keyblock); +@@ -619,6 +672,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, + else if (rc && gpg_err_code (rc) != GPG_ERR_INV_KEYRING) + log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (rc)); + ++ release_kbnode (secattic); + return rc; + } + +@@ -655,8 +709,11 @@ import_old_secring (ctrl_t ctrl, const char *fname) + while (!(err = read_block (inp, 0, &pending_pkt, &keyblock, &v3keys))) + { + if (keyblock->pkt->pkttype == PKT_SECRET_KEY) +- err = import_secret_one (ctrl, keyblock, stats, 1, 0, 1, +- NULL, NULL); ++ { ++ err = import_secret_one (ctrl, keyblock, stats, 1, 0, 1, ++ NULL, NULL, NULL); ++ keyblock = NULL; /* Ownership was transferred. */ ++ } + release_kbnode (keyblock); + if (err) + break; +@@ -2159,12 +2216,15 @@ import_one (ctrl_t ctrl, + + + /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The +- function prints diagnostics and returns an error code. If BATCH is +- true the secret keys are stored by gpg-agent in the transfer format +- (i.e. no re-protection and aksing for passphrases). */ ++ * function prints diagnostics and returns an error code. If BATCH is ++ * true the secret keys are stored by gpg-agent in the transfer format ++ * (i.e. no re-protection and aksing for passphrases). If ONLY_MARKED ++ * is set, only those nodes with flag NODE_TRANSFER_SECKEY are ++ * processed. */ + gpg_error_t + transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, +- kbnode_t sec_keyblock, int batch, int force) ++ kbnode_t sec_keyblock, int batch, int force, ++ int only_marked) + { + gpg_error_t err = 0; + void *kek = NULL; +@@ -2205,12 +2265,16 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, + xfree (kek); + kek = NULL; + ++ /* Note: We need to use walk_kbnode so that we skip nodes which are ++ * marked as deleted. */ + main_pk = NULL; + while ((node = walk_kbnode (sec_keyblock, &ctx, 0))) + { + if (node->pkt->pkttype != PKT_SECRET_KEY + && node->pkt->pkttype != PKT_SECRET_SUBKEY) + continue; ++ if (only_marked && !(node->flag & NODE_TRANSFER_SECKEY)) ++ continue; + pk = node->pkt->pkt.public_key; + if (!main_pk) + main_pk = pk; +@@ -2508,12 +2572,15 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) + /* Delete all notes in the keyblock at R_KEYBLOCK which are not in + * PUB_KEYBLOCK. Modifies the tags of both keyblock's nodes. */ + static gpg_error_t +-resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock) ++resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock, ++ kbnode_t *r_removedsecs) + { + kbnode_t sec_keyblock = *r_keyblock; +- kbnode_t node; ++ kbnode_t node, prevnode; + unsigned int *taglist; + unsigned int ntaglist, n; ++ kbnode_t attic = NULL; ++ kbnode_t *attic_head = &attic; + + /* Collect all tags in an array for faster searching. */ + for (ntaglist = 0, node = pub_keyblock; node; node = node->next) +@@ -2525,40 +2592,188 @@ resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock) + taglist[ntaglist++] = node->tag; + + /* Walks over the secret keyblock and delete all nodes which are not +- * in the tag list. Those nodes have been delete in the +- * pub_keyblock. Sequential search is a bit lazt and could be +- * optimized by sorting and bsearch; however secret key rings are +- * short and there are easier weaus to DoS gpg. */ +- for (node = sec_keyblock; node; node = node->next) ++ * in the tag list. Those nodes have been deleted in the ++ * pub_keyblock. Sequential search is a bit lazy and could be ++ * optimized by sorting and bsearch; however secret keyrings are ++ * short and there are easier ways to DoS the import. */ ++ again: ++ for (prevnode=NULL, node=sec_keyblock; node; prevnode=node, node=node->next) + { + for (n=0; n < ntaglist; n++) + if (taglist[n] == node->tag) + break; +- if (n == ntaglist) +- delete_kbnode (node); ++ if (n == ntaglist) /* Not in public keyblock. */ ++ { ++ if (node->pkt->pkttype == PKT_SECRET_KEY ++ || node->pkt->pkttype == PKT_SECRET_SUBKEY) ++ { ++ if (!prevnode) ++ sec_keyblock = node->next; ++ else ++ prevnode->next = node->next; ++ node->next = NULL; ++ *attic_head = node; ++ attic_head = &node->next; ++ goto again; /* That's lame; I know. */ ++ } ++ else ++ delete_kbnode (node); ++ } + } + + xfree (taglist); + + /* Commit the as deleted marked nodes and return the possibly +- * modified keyblock. */ ++ * modified keyblock and a list of removed secret key nodes. */ + commit_kbnode (&sec_keyblock); + *r_keyblock = sec_keyblock; ++ *r_removedsecs = attic; + return 0; + } + + +-/**************** +- * Ditto for secret keys. Handling is simpler than for public keys. +- * We allow secret key importing only when allow is true, this is so +- * that a secret key can not be imported accidentally and thereby tampering +- * with the trust calculation. ++/* Helper for import_secret_one. */ ++static gpg_error_t ++do_transfer (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk, ++ struct import_stats_s *stats, int batch, int only_marked) ++ ++{ ++ gpg_error_t err; ++ struct import_stats_s subkey_stats = {0}; ++ ++ err = transfer_secret_keys (ctrl, &subkey_stats, keyblock, ++ batch, 0, only_marked); ++ if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED) ++ { ++ /* TRANSLATORS: For a smartcard, each private key on host has a ++ * reference (stub) to a smartcard and actual private key data ++ * is stored on the card. A single smartcard can have up to ++ * three private key data. Importing private key stub is always ++ * skipped in 2.1, and it returns GPG_ERR_NOT_PROCESSED. ++ * Instead, user should be suggested to run 'gpg --card-status', ++ * then, references to a card will be automatically created ++ * again. */ ++ log_info (_("To migrate '%s', with each smartcard, " ++ "run: %s\n"), "secring.gpg", "gpg --card-status"); ++ err = 0; ++ } ++ ++ if (!err) ++ { ++ int status = 16; ++ ++ if (!opt.quiet) ++ log_info (_("key %s: secret key imported\n"), keystr_from_pk (pk)); ++ if (subkey_stats.secret_imported) ++ { ++ status |= 1; ++ stats->secret_imported += 1; ++ } ++ if (subkey_stats.secret_dups) ++ stats->secret_dups += 1; ++ ++ if (is_status_enabled ()) ++ print_import_ok (pk, status); ++ } ++ ++ return err; ++} ++ ++ ++/* If the secret keys (main or subkey) in SECKEYS have a corresponding ++ * public key in the public key described by (FPR,FPRLEN) import these ++ * parts. ++ */ ++static gpg_error_t ++import_matching_seckeys (ctrl_t ctrl, kbnode_t seckeys, ++ const byte *mainfpr, size_t mainfprlen, ++ struct import_stats_s *stats, int batch) ++{ ++ gpg_error_t err; ++ kbnode_t pub_keyblock = NULL; ++ kbnode_t node; ++ struct { byte fpr[MAX_FINGERPRINT_LEN]; size_t fprlen; } *fprlist = NULL; ++ size_t n, nfprlist; ++ byte fpr[MAX_FINGERPRINT_LEN]; ++ size_t fprlen; ++ PKT_public_key *pk; ++ ++ /* Get the entire public key block from our keystore and put all its ++ * fingerprints into an array. */ ++ err = get_pubkey_byfprint (ctrl, NULL, &pub_keyblock, mainfpr, mainfprlen); ++ if (err) ++ goto leave; ++ log_assert (pub_keyblock && pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY); ++ pk = pub_keyblock->pkt->pkt.public_key; ++ ++ for (nfprlist = 0, node = pub_keyblock; node; node = node->next) ++ if (node->pkt->pkttype == PKT_PUBLIC_KEY ++ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ++ nfprlist++; ++ log_assert (nfprlist); ++ fprlist = xtrycalloc (nfprlist, sizeof *fprlist); ++ if (!fprlist) ++ { ++ err = gpg_error_from_syserror (); ++ goto leave; ++ } ++ for (n = 0, node = pub_keyblock; node; node = node->next) ++ if (node->pkt->pkttype == PKT_PUBLIC_KEY ++ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ++ { ++ fingerprint_from_pk (node->pkt->pkt.public_key, ++ fprlist[n].fpr, &fprlist[n].fprlen); ++ n++; ++ } ++ log_assert (n == nfprlist); ++ ++ /* for (n=0; n < nfprlist; n++) */ ++ /* log_printhex (fprlist[n].fpr, fprlist[n].fprlen, "pubkey %zu:", n); */ ++ ++ /* Mark all secret keys which have a matching public key part in ++ * PUB_KEYBLOCK. */ ++ for (node = seckeys; node; node = node->next) ++ { ++ if (node->pkt->pkttype != PKT_SECRET_KEY ++ && node->pkt->pkttype != PKT_SECRET_SUBKEY) ++ continue; /* Should not happen. */ ++ fingerprint_from_pk (node->pkt->pkt.public_key, fpr, &fprlen); ++ node->flag &= ~NODE_TRANSFER_SECKEY; ++ for (n=0; n < nfprlist; n++) ++ if (fprlist[n].fprlen == fprlen && !memcmp (fprlist[n].fpr,fpr,fprlen)) ++ { ++ node->flag |= NODE_TRANSFER_SECKEY; ++ /* log_debug ("found matching seckey\n"); */ ++ break; ++ } ++ } ++ ++ /* Transfer all marked keys. */ ++ err = do_transfer (ctrl, seckeys, pk, stats, batch, 1); ++ ++ leave: ++ xfree (fprlist); ++ release_kbnode (pub_keyblock); ++ return err; ++} ++ ++ ++/* Import function for a single secret keyblock. Handling is simpler ++ * than for public keys. We allow secret key importing only when ++ * allow is true, this is so that a secret key can not be imported ++ * accidentally and thereby tampering with the trust calculation. ++ * ++ * Ownership of KEYBLOCK is transferred to this function! ++ * ++ * If R_SECATTIC is not null the last special sec_keyblock is stored ++ * there. + */ + static gpg_error_t + import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + struct import_stats_s *stats, int batch, + unsigned int options, int for_migration, +- import_screener_t screener, void *screener_arg) ++ import_screener_t screener, void *screener_arg, ++ kbnode_t *r_secattic) + { + PKT_public_key *pk; + struct seckey_info *ski; +@@ -2567,6 +2782,9 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + gpg_error_t err = 0; + int nr_prev; + kbnode_t pub_keyblock; ++ kbnode_t attic = NULL; ++ byte fpr[MAX_FINGERPRINT_LEN]; ++ size_t fprlen; + char pkstrbuf[PUBKEY_STRING_SIZE]; + + /* Get the key and print some info about it */ +@@ -2576,6 +2794,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + + pk = node->pkt->pkt.public_key; + ++ fingerprint_from_pk (pk, fpr, &fprlen); + keyid_from_pk (pk, keyid); + uidnode = find_next_kbnode (keyblock, PKT_USER_ID); + +@@ -2583,6 +2802,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + { + log_error (_("secret key %s: %s\n"), keystr_from_pk (pk), + _("rejected by import screener")); ++ release_kbnode (keyblock); + return 0; + } + +@@ -2602,6 +2822,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + { + if (!for_migration) + log_error (_("importing secret keys not allowed\n")); ++ release_kbnode (keyblock); + return 0; + } + +@@ -2609,6 +2830,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + { + if (!for_migration) + log_error( _("key %s: no user ID\n"), keystr_from_pk (pk)); ++ release_kbnode (keyblock); + return 0; + } + +@@ -2617,6 +2839,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + { + /* Actually an internal error. */ + log_error ("key %s: secret key info missing\n", keystr_from_pk (pk)); ++ release_kbnode (keyblock); + return 0; + } + +@@ -2627,6 +2850,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + if (!for_migration) + log_error (_("key %s: secret key with invalid cipher %d" + " - skipped\n"), keystr_from_pk (pk), ski->algo); ++ release_kbnode (keyblock); + return 0; + } + +@@ -2637,6 +2861,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + to put a secret key into the keyring and the user might later + be tricked into signing stuff with that key. */ + log_error (_("importing secret keys not allowed\n")); ++ release_kbnode (keyblock); + return 0; + } + #endif +@@ -2668,16 +2893,43 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + * the public keyblock. Otherwise we would import just the + * secret key without having the public key. That would be + * surprising and clutters out private-keys-v1.d. */ +- err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock); ++ err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock, &attic); + if (err) + goto leave; + + if (!valid) + { +- err = gpg_error (GPG_ERR_NO_SECKEY); ++ /* If the block was not valid the primary key is left in the ++ * original keyblock because we require that for the first ++ * node. Move it to ATTIC. */ ++ if (keyblock && keyblock->pkt->pkttype == PKT_SECRET_KEY) ++ { ++ node = keyblock; ++ keyblock = node->next; ++ node->next = NULL; ++ if (attic) ++ { ++ node->next = attic; ++ attic = node; ++ } ++ else ++ attic = node; ++ } ++ ++ /* Try to import the secret key iff we have a public key. */ ++ if (attic && !(opt.dry_run || (options & IMPORT_DRY_RUN))) ++ err = import_matching_seckeys (ctrl, attic, fpr, fprlen, ++ stats, batch); ++ else ++ err = gpg_error (GPG_ERR_NO_SECKEY); + goto leave; + } + ++ /* log_debug ("attic is:\n"); */ ++ /* dump_kbnode (attic); */ ++ ++ /* Proceed with the valid parts of PUBKEYBLOCK. */ ++ + /* At least we cancel the secret key import when the public key + import was skipped due to MERGE_ONLY option and a new + key. */ +@@ -2686,62 +2938,37 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + { + /* Read the keyblock again to get the effects of a merge for + * the public key. */ +- /* Fixme: we should do this based on the fingerprint or +- even better let import_one return the merged +- keyblock. */ +- node = get_pubkeyblock (ctrl, keyid); +- if (!node) +- log_error ("key %s: failed to re-lookup public key\n", +- keystr_from_pk (pk)); ++ err = get_pubkey_byfprint (ctrl, NULL, &node, fpr, fprlen); ++ if (err || !node) ++ log_error ("key %s: failed to re-lookup public key: %s\n", ++ keystr_from_pk (pk), gpg_strerror (err)); + else + { +- /* transfer_secret_keys collects subkey stats. */ +- struct import_stats_s subkey_stats = {0}; ++ err = do_transfer (ctrl, keyblock, pk, stats, batch, 0); ++ if (!err) ++ check_prefs (ctrl, node); ++ release_kbnode (node); + +- err = transfer_secret_keys (ctrl, &subkey_stats, keyblock, +- batch, 0); +- if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED) ++ if (!err && attic) + { +- /* TRANSLATORS: For smartcard, each private key on +- host has a reference (stub) to a smartcard and +- actual private key data is stored on the card. A +- single smartcard can have up to three private key +- data. Importing private key stub is always +- skipped in 2.1, and it returns +- GPG_ERR_NOT_PROCESSED. Instead, user should be +- suggested to run 'gpg --card-status', then, +- references to a card will be automatically +- created again. */ +- log_info (_("To migrate '%s', with each smartcard, " +- "run: %s\n"), "secring.gpg", "gpg --card-status"); +- err = 0; ++ /* Try to import invalid subkeys. This can be the ++ * case if the primary secret key was imported due ++ * to --allow-non-selfsigned-uid. */ ++ err = import_matching_seckeys (ctrl, attic, fpr, fprlen, ++ stats, batch); + } +- if (!err) +- { +- int status = 16; +- if (!opt.quiet) +- log_info (_("key %s: secret key imported\n"), +- keystr_from_pk (pk)); +- if (subkey_stats.secret_imported) +- { +- status |= 1; +- stats->secret_imported += 1; +- } +- if (subkey_stats.secret_dups) +- stats->secret_dups += 1; +- +- if (is_status_enabled ()) +- print_import_ok (pk, status); + +- check_prefs (ctrl, node); +- } +- release_kbnode (node); + } + } + } + + leave: ++ release_kbnode (keyblock); + release_kbnode (pub_keyblock); ++ if (r_secattic) ++ *r_secattic = attic; ++ else ++ release_kbnode (attic); + return err; + } + +diff --git a/g10/keyedit.c b/g10/keyedit.c +index f95f02f..742dfba 100644 +--- a/g10/keyedit.c ++++ b/g10/keyedit.c +@@ -1894,7 +1894,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, + node = new_kbnode (pkt); + + /* Transfer it to gpg-agent which handles secret keys. */ +- err = transfer_secret_keys (ctrl, NULL, node, 1, 1); ++ err = transfer_secret_keys (ctrl, NULL, node, 1, 1, 0); + + /* Treat the pkt as a public key. */ + pkt->pkttype = PKT_PUBLIC_KEY; +diff --git a/g10/main.h b/g10/main.h +index dcd3767..d3d6060 100644 +--- a/g10/main.h ++++ b/g10/main.h +@@ -376,7 +376,8 @@ struct impex_filter_parm_s + + const char *impex_filter_getval (void *cookie, const char *propname); + gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, +- kbnode_t sec_keyblock, int batch, int force); ++ kbnode_t sec_keyblock, int batch, int force, ++ int only_marked); + + int collapse_uids( KBNODE *keyblock ); + diff --git a/patches/from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch b/patches/from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch new file mode 100644 index 0000000..43bd524 --- /dev/null +++ b/patches/from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch @@ -0,0 +1,367 @@ +From: Werner Koch +Date: Fri, 15 Mar 2019 19:50:37 +0100 +Subject: gpg: Avoid importing secret keys if the keyblock is not valid. + +* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by +new field TAG. +* g10/kbnode.c (alloc_node): Change accordingly. +* g10/import.c (import_one): Add arg r_valid. +(sec_to_pub_keyblock): Set tags. +(resync_sec_with_pub_keyblock): New. +(import_secret_one): Change return code to gpg_error_t. Return an +error code if sec_to_pub_keyblock failed. Resync secret keyblock. +-- + +When importing an invalid secret key ring for example without key +binding signatures or no UIDs, gpg used to let gpg-agent store the +secret keys anyway. This is clearly a bug because the diagnostics +before claimed that for example the subkeys have been skipped. +Importing the secret key parameters then anyway is surprising in +particular because a gpg -k does not show the key. After importing +the public key the secret keys suddenly showed up. + +This changes the behaviour of +GnuPG-bug-id: 4392 +to me more consistent but is not a solution to the actual bug. + +Caution: The ecc.scm test now fails because two of the sample keys + don't have binding signatures. + +Signed-off-by: Werner Koch +(cherry picked from commit f799e9728bcadb3d4148a47848c78c5647860ea4) +(cherry picked from commit 43b23aa82be7e02414398af506986b812e2b9349) +--- + g10/import.c | 122 ++++++++++++++++++++++++++++++++-------- + g10/kbnode.c | 2 +- + g10/keydb.h | 13 +++-- + tests/openpgp/ecc.scm | 2 +- + tests/openpgp/samplekeys/README | 2 + + 5 files changed, 111 insertions(+), 30 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index a5f4f38..2a01814 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -109,8 +109,8 @@ static gpg_error_t import_one (ctrl_t ctrl, + unsigned char **fpr, size_t *fpr_len, + unsigned int options, int from_sk, int silent, + import_screener_t screener, void *screener_arg, +- int origin, const char *url); +-static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock, ++ int origin, const char *url, int *r_valid); ++static gpg_error_t import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + struct import_stats_s *stats, int batch, + unsigned int options, int for_migration, + import_screener_t screener, void *screener_arg); +@@ -584,7 +584,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, + if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) + rc = import_one (ctrl, keyblock, + stats, fpr, fpr_len, options, 0, 0, +- screener, screener_arg, origin, url); ++ screener, screener_arg, origin, url, NULL); + else if (keyblock->pkt->pkttype == PKT_SECRET_KEY) + rc = import_secret_one (ctrl, keyblock, stats, + opt.batch, options, 0, +@@ -1654,7 +1654,9 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) + * programs which called gpg. If SILENT is no messages are printed - + * even most error messages are suppressed. ORIGIN is the origin of + * the key (0 for unknown) and URL the corresponding URL. FROM_SK +- * indicates that the key has been made from a secret key. ++ * indicates that the key has been made from a secret key. If R_SAVED ++ * is not NULL a boolean will be stored indicating whether the keyblock ++ * has valid parts. + */ + static gpg_error_t + import_one (ctrl_t ctrl, +@@ -1662,7 +1664,7 @@ import_one (ctrl_t ctrl, + unsigned char **fpr, size_t *fpr_len, unsigned int options, + int from_sk, int silent, + import_screener_t screener, void *screener_arg, +- int origin, const char *url) ++ int origin, const char *url, int *r_valid) + { + gpg_error_t err = 0; + PKT_public_key *pk; +@@ -1681,6 +1683,9 @@ import_one (ctrl_t ctrl, + int any_filter = 0; + KEYDB_HANDLE hd = NULL; + ++ if (r_valid) ++ *r_valid = 0; ++ + /* If show-only is active we don't won't any extra output. */ + if ((options & (IMPORT_SHOW | IMPORT_DRY_RUN))) + silent = 1; +@@ -1701,7 +1706,7 @@ import_one (ctrl_t ctrl, + if (opt.verbose && !opt.interactive && !silent && !from_sk) + { + /* Note that we do not print this info in FROM_SK mode +- * because import_one already printed that. */ ++ * because import_secret_one already printed that. */ + log_info ("pub %s/%s %s ", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk(pk), datestr_from_pk(pk) ); +@@ -1827,6 +1832,10 @@ import_one (ctrl_t ctrl, + return 0; + } + ++ /* The keyblock is valid and ready for real import. */ ++ if (r_valid) ++ *r_valid = 1; ++ + /* Show the key in the form it is merged or inserted. We skip this + * if "import-export" is also active without --armor or the output + * file has explicily been given. */ +@@ -2440,14 +2449,21 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, + + + /* Walk a secret keyblock and produce a public keyblock out of it. +- Returns a new node or NULL on error. */ ++ * Returns a new node or NULL on error. Modifies the tag field of the ++ * nodes. */ + static kbnode_t + sec_to_pub_keyblock (kbnode_t sec_keyblock) + { + kbnode_t pub_keyblock = NULL; + kbnode_t ctx = NULL; + kbnode_t secnode, pubnode; ++ unsigned int tag = 0; ++ ++ /* Set a tag to all nodes. */ ++ for (secnode = sec_keyblock; secnode; secnode = secnode->next) ++ secnode->tag = ++tag; + ++ /* Copy. */ + while ((secnode = walk_kbnode (sec_keyblock, &ctx, 0))) + { + if (secnode->pkt->pkttype == PKT_SECRET_KEY +@@ -2477,6 +2493,7 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) + { + pubnode = clone_kbnode (secnode); + } ++ pubnode->tag = secnode->tag; + + if (!pub_keyblock) + pub_keyblock = pubnode; +@@ -2487,23 +2504,67 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) + return pub_keyblock; + } + ++ ++/* Delete all notes in the keyblock at R_KEYBLOCK which are not in ++ * PUB_KEYBLOCK. Modifies the tags of both keyblock's nodes. */ ++static gpg_error_t ++resync_sec_with_pub_keyblock (kbnode_t *r_keyblock, kbnode_t pub_keyblock) ++{ ++ kbnode_t sec_keyblock = *r_keyblock; ++ kbnode_t node; ++ unsigned int *taglist; ++ unsigned int ntaglist, n; ++ ++ /* Collect all tags in an array for faster searching. */ ++ for (ntaglist = 0, node = pub_keyblock; node; node = node->next) ++ ntaglist++; ++ taglist = xtrycalloc (ntaglist, sizeof *taglist); ++ if (!taglist) ++ return gpg_error_from_syserror (); ++ for (ntaglist = 0, node = pub_keyblock; node; node = node->next) ++ taglist[ntaglist++] = node->tag; ++ ++ /* Walks over the secret keyblock and delete all nodes which are not ++ * in the tag list. Those nodes have been delete in the ++ * pub_keyblock. Sequential search is a bit lazt and could be ++ * optimized by sorting and bsearch; however secret key rings are ++ * short and there are easier weaus to DoS gpg. */ ++ for (node = sec_keyblock; node; node = node->next) ++ { ++ for (n=0; n < ntaglist; n++) ++ if (taglist[n] == node->tag) ++ break; ++ if (n == ntaglist) ++ delete_kbnode (node); ++ } ++ ++ xfree (taglist); ++ ++ /* Commit the as deleted marked nodes and return the possibly ++ * modified keyblock. */ ++ commit_kbnode (&sec_keyblock); ++ *r_keyblock = sec_keyblock; ++ return 0; ++} ++ ++ + /**************** + * Ditto for secret keys. Handling is simpler than for public keys. + * We allow secret key importing only when allow is true, this is so + * that a secret key can not be imported accidentally and thereby tampering + * with the trust calculation. + */ +-static int ++static gpg_error_t + import_secret_one (ctrl_t ctrl, kbnode_t keyblock, +- struct import_stats_s *stats, int batch, unsigned int options, +- int for_migration, ++ struct import_stats_s *stats, int batch, ++ unsigned int options, int for_migration, + import_screener_t screener, void *screener_arg) + { + PKT_public_key *pk; + struct seckey_info *ski; + kbnode_t node, uidnode; + u32 keyid[2]; +- int rc = 0; ++ gpg_error_t err = 0; + int nr_prev; + kbnode_t pub_keyblock; + char pkstrbuf[PUBKEY_STRING_SIZE]; +@@ -2527,7 +2588,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + + if (opt.verbose && !for_migration) + { +- log_info ("sec %s/%s %s ", ++ log_info ("sec %s/%s %s ", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk (pk), datestr_from_pk (pk)); + if (uidnode) +@@ -2587,20 +2648,35 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + /* Make a public key out of the key. */ + pub_keyblock = sec_to_pub_keyblock (keyblock); + if (!pub_keyblock) +- log_error ("key %s: failed to create public key from secret key\n", +- keystr_from_pk (pk)); ++ { ++ err = gpg_error_from_syserror (); ++ log_error ("key %s: failed to create public key from secret key\n", ++ keystr_from_pk (pk)); ++ } + else + { ++ int valid; ++ + /* Note that this outputs an IMPORT_OK status message for the + public key block, and below we will output another one for + the secret keys. FIXME? */ + import_one (ctrl, pub_keyblock, stats, + NULL, NULL, options, 1, for_migration, +- screener, screener_arg, 0, NULL); ++ screener, screener_arg, 0, NULL, &valid); + +- /* Fixme: We should check for an invalid keyblock and +- cancel the secret key import in this case. */ +- release_kbnode (pub_keyblock); ++ /* The secret keyblock may not have nodes which are deleted in ++ * the public keyblock. Otherwise we would import just the ++ * secret key without having the public key. That would be ++ * surprising and clutters out private-keys-v1.d. */ ++ err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock); ++ if (err) ++ goto leave; ++ ++ if (!valid) ++ { ++ err = gpg_error (GPG_ERR_NO_SECKEY); ++ goto leave; ++ } + + /* At least we cancel the secret key import when the public key + import was skipped due to MERGE_ONLY option and a new +@@ -2608,7 +2684,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + if (!(opt.dry_run || (options & IMPORT_DRY_RUN)) + && stats->skipped_new_keys <= nr_prev) + { +- /* Read the keyblock again to get the effects of a merge. */ ++ /* Read the keyblock again to get the effects of a merge for ++ * the public key. */ + /* Fixme: we should do this based on the fingerprint or + even better let import_one return the merged + keyblock. */ +@@ -2618,8 +2695,6 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + keystr_from_pk (pk)); + else + { +- gpg_error_t err; +- + /* transfer_secret_keys collects subkey stats. */ + struct import_stats_s subkey_stats = {0}; + +@@ -2657,6 +2732,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + + if (is_status_enabled ()) + print_import_ok (pk, status); ++ + check_prefs (ctrl, node); + } + release_kbnode (node); +@@ -2664,7 +2740,9 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + } + } + +- return rc; ++ leave: ++ release_kbnode (pub_keyblock); ++ return err; + } + + +diff --git a/g10/kbnode.c b/g10/kbnode.c +index c2aaacd..9ed6caf 100644 +--- a/g10/kbnode.c ++++ b/g10/kbnode.c +@@ -68,8 +68,8 @@ alloc_node (void) + n->next = NULL; + n->pkt = NULL; + n->flag = 0; ++ n->tag = 0; + n->private_flag=0; +- n->recno = 0; + return n; + } + +diff --git a/g10/keydb.h b/g10/keydb.h +index 6fb4e5e..7aa2048 100644 +--- a/g10/keydb.h ++++ b/g10/keydb.h +@@ -52,12 +52,13 @@ typedef struct getkey_ctx_s *getkey_ctx_t; + * This structure is also used to bind arbitrary packets together. + */ + +-struct kbnode_struct { +- KBNODE next; +- PACKET *pkt; +- int flag; +- int private_flag; +- ulong recno; /* used while updating the trustdb */ ++struct kbnode_struct ++{ ++ kbnode_t next; ++ PACKET *pkt; ++ int flag; /* Local use during keyblock processing (not cloned).*/ ++ unsigned int tag; /* Ditto. */ ++ int private_flag; + }; + + #define is_deleted_kbnode(a) ((a)->private_flag & 1) +diff --git a/tests/openpgp/ecc.scm b/tests/openpgp/ecc.scm +index d7c02a5..a63ec45 100755 +--- a/tests/openpgp/ecc.scm ++++ b/tests/openpgp/ecc.scm +@@ -175,7 +175,7 @@ Rg== + (display "This is one line\n" (fdopen fd "wb"))) + + (for-each-p +- "Checking ECDSA decryption" ++ "Checking ECDH decryption" + (lambda (test) + (lettmp (x y) + (call-with-output-file +diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README +index 9f1648b..f8a7e9e 100644 +--- a/tests/openpgp/samplekeys/README ++++ b/tests/openpgp/samplekeys/README +@@ -29,3 +29,5 @@ Notes: + such a file is created which is then directly followed by a separate + armored public key block. To create such a sample concatenate + pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc ++- ecc-sample-2-sec.asc and ecc-sample-3-sec.asc do not have and ++ binding signatures either. ecc-sample-1-sec.asc has them, though. diff --git a/patches/from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch b/patches/from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch new file mode 100644 index 0000000..97ae61a --- /dev/null +++ b/patches/from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch @@ -0,0 +1,121 @@ +From: Werner Koch +Date: Mon, 18 Mar 2019 14:10:16 +0100 +Subject: gpg: Do not bail out on v5 keys in the local keyring. + +* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION +instead of invalid packet. +* g10/keydb.c (parse_keyblock_image): Do not map the unknown version +error to invalid keyring. +(keydb_search): Skip unknown version errors simlar to legacy keys. +* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown +versions. +* g10/import.c (read_block): Handle unknown version. +-- + +When using gpg 2.3 the local keyring may contain v5 keys. This patch +allows the use of such a keyring also with a 2.2 version which does +not support v5 keys. We will probably need some more tweaking here +but this covers the most common cases of listing keys and also +importing v5 keys. + +Signed-off-by: Werner Koch +(cherry picked from commit de70a2f377c1647417fb8a2b6476c3744a901296) +--- + g10/import.c | 6 ++++-- + g10/keydb.c | 13 +++++++++---- + g10/keylist.c | 2 ++ + g10/keyring.c | 2 ++ + g10/parse-packet.c | 2 +- + 5 files changed, 18 insertions(+), 7 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index f76ca0c..aeab4e0 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -860,12 +860,14 @@ read_block( IOBUF a, int with_meta, + skip_sigs = 0; + while ((rc=parse_packet (&parsectx, pkt)) != -1) + { +- if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY ++ if (rc && ((gpg_err_code (rc) == GPG_ERR_LEGACY_KEY ++ || gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) + && (pkt->pkttype == PKT_PUBLIC_KEY + || pkt->pkttype == PKT_SECRET_KEY))) + { + in_v3key = 1; +- ++*r_v3keys; ++ if (gpg_err_code (rc) != GPG_ERR_UNKNOWN_VERSION) ++ ++*r_v3keys; + free_packet (pkt, &parsectx); + init_packet (pkt); + continue; +diff --git a/g10/keydb.c b/g10/keydb.c +index 03fadfd..0475f85 100644 +--- a/g10/keydb.c ++++ b/g10/keydb.c +@@ -1249,9 +1249,12 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, + } + if (err) + { +- log_error ("parse_keyblock_image: read error: %s\n", +- gpg_strerror (err)); +- err = gpg_error (GPG_ERR_INV_KEYRING); ++ if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) ++ { ++ log_error ("parse_keyblock_image: read error: %s\n", ++ gpg_strerror (err)); ++ err = gpg_error (GPG_ERR_INV_KEYRING); ++ } + break; + } + +@@ -1955,7 +1958,9 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + rc = keybox_search (hd->active[hd->current].u.kb, desc, + ndesc, KEYBOX_BLOBTYPE_PGP, + descindex, &hd->skipped_long_blobs); +- while (rc == GPG_ERR_LEGACY_KEY); ++ while (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY ++ || gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) ++ ; + break; + } + +diff --git a/g10/keylist.c b/g10/keylist.c +index 7b3fde1..85fcdba 100644 +--- a/g10/keylist.c ++++ b/g10/keylist.c +@@ -527,6 +527,8 @@ list_all (ctrl_t ctrl, int secret, int mark_secret) + { + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) + continue; /* Skip legacy keys. */ ++ if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) ++ continue; /* Skip keys with unknown versions. */ + log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc)); + goto leave; + } +diff --git a/g10/keyring.c b/g10/keyring.c +index 25ef507..a8dd462 100644 +--- a/g10/keyring.c ++++ b/g10/keyring.c +@@ -1476,6 +1476,8 @@ keyring_rebuild_cache (ctrl_t ctrl, void *token, int noisy) + { + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) + continue; /* Skip legacy keys. */ ++ if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) ++ continue; /* Skip keys with unknown version. */ + log_error ("keyring_get_keyblock failed: %s\n", gpg_strerror (rc)); + goto leave; + } +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +index ff348ec..05f63e9 100644 +--- a/g10/parse-packet.c ++++ b/g10/parse-packet.c +@@ -2296,7 +2296,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, + log_error ("packet(%d) with unknown version %d\n", pkttype, version); + if (list_mode) + es_fputs (":key packet: [unknown version]\n", listfp); +- err = gpg_error (GPG_ERR_INV_PACKET); ++ err = gpg_error (GPG_ERR_UNKNOWN_VERSION); + goto leave; + } + diff --git a/patches/from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch b/patches/from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch new file mode 100644 index 0000000..302f7cf --- /dev/null +++ b/patches/from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch @@ -0,0 +1,135 @@ +From: Werner Koch +Date: Fri, 15 Mar 2019 19:11:32 +0100 +Subject: gpg: During secret key import print "sec" instead of "pub". + +* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove +useless code for "sub" and "ssb". +* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do +not print the first keyinfo in FROM_SK mode. +printing. +-- + +Signed-off-by: Werner Koch +(cherry picked from commit f64477db86568bdc28c313bfeb8b95d8edf05a3c) +(cherry picked from commit db2d75f1ffede2ea77163b487a15e60249daffa0) +--- + g10/gpgcompose.c | 5 +++-- + g10/import.c | 11 +++++++---- + g10/keyedit.c | 23 ++++++++++++++--------- + g10/keyedit.h | 2 +- + 4 files changed, 25 insertions(+), 16 deletions(-) + +diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c +index 226f793..aec0b4a 100644 +--- a/g10/gpgcompose.c ++++ b/g10/gpgcompose.c +@@ -3058,10 +3058,11 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, + } + + void +-show_basic_key_info (ctrl_t ctrl, KBNODE keyblock) ++show_basic_key_info (ctrl_t ctrl, KBNODE keyblock, int made_from_sec) + { + (void)ctrl; +- (void) keyblock; ++ (void)keyblock; ++ (void)made_from_sec; + } + + int +diff --git a/g10/import.c b/g10/import.c +index 29de8ff..a5f4f38 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1653,7 +1653,8 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) + * the internal errorcount, so that invalid input can be detected by + * programs which called gpg. If SILENT is no messages are printed - + * even most error messages are suppressed. ORIGIN is the origin of +- * the key (0 for unknown) and URL the corresponding URL. ++ * the key (0 for unknown) and URL the corresponding URL. FROM_SK ++ * indicates that the key has been made from a secret key. + */ + static gpg_error_t + import_one (ctrl_t ctrl, +@@ -1697,9 +1698,11 @@ import_one (ctrl_t ctrl, + keyid_from_pk( pk, keyid ); + uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); + +- if (opt.verbose && !opt.interactive && !silent) ++ if (opt.verbose && !opt.interactive && !silent && !from_sk) + { +- log_info( "pub %s/%s %s ", ++ /* Note that we do not print this info in FROM_SK mode ++ * because import_one already printed that. */ ++ log_info ("pub %s/%s %s ", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk(pk), datestr_from_pk(pk) ); + if (uidnode) +@@ -1730,7 +1733,7 @@ import_one (ctrl_t ctrl, + print_import_check (pk, uidnode->pkt->pkt.user_id); + merge_keys_and_selfsig (ctrl, keyblock); + tty_printf ("\n"); +- show_basic_key_info (ctrl, keyblock); ++ show_basic_key_info (ctrl, keyblock, from_sk); + tty_printf ("\n"); + if (!cpr_get_answer_is_yes ("import.okay", + "Do you want to import this key? (y/N) ")) +diff --git a/g10/keyedit.c b/g10/keyedit.c +index b717960..f95f02f 100644 +--- a/g10/keyedit.c ++++ b/g10/keyedit.c +@@ -3662,13 +3662,14 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp, + + + /* Display basic key information. This function is suitable to show +- information on the key without any dependencies on the trustdb or +- any other internal GnuPG stuff. KEYBLOCK may either be a public or +- a secret key. This function may be called with KEYBLOCK containing +- secret keys and thus the printing of "pub" vs. "sec" does only +- depend on the packet type and not by checking with gpg-agent. */ ++ * information on the key without any dependencies on the trustdb or ++ * any other internal GnuPG stuff. KEYBLOCK may either be a public or ++ * a secret key. This function may be called with KEYBLOCK containing ++ * secret keys and thus the printing of "pub" vs. "sec" does only ++ * depend on the packet type and not by checking with gpg-agent. If ++ * PRINT_SEC ist set "sec" is printed instead of "pub". */ + void +-show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock) ++show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec) + { + KBNODE node; + int i; +@@ -3681,13 +3682,17 @@ show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock) + || node->pkt->pkttype == PKT_SECRET_KEY) + { + PKT_public_key *pk = node->pkt->pkt.public_key; ++ const char *tag; ++ ++ if (node->pkt->pkttype == PKT_SECRET_KEY || print_sec) ++ tag = "sec"; ++ else ++ tag = "pub"; + + /* Note, we use the same format string as in other show + functions to make the translation job easier. */ + tty_printf ("%s %s/%s ", +- node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" : +- node->pkt->pkttype == PKT_PUBLIC_SUBKEY ? "sub" : +- node->pkt->pkttype == PKT_SECRET_KEY ? "sec" :"ssb", ++ tag, + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk (pk)); + tty_printf (_("created: %s"), datestr_from_pk (pk)); +diff --git a/g10/keyedit.h b/g10/keyedit.h +index d1f453a..af5e996 100644 +--- a/g10/keyedit.h ++++ b/g10/keyedit.h +@@ -50,7 +50,7 @@ void keyedit_quick_set_expire (ctrl_t ctrl, + char **subkeyfprs); + void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, + const char *primaryuid); +-void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock); ++void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock, int print_sec); + int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, + int rc, kbnode_t keyblock, + kbnode_t node, int *inv_sigs, int *no_key, diff --git a/patches/from-2.2.14/gpg-Fix-comparison.patch b/patches/from-2.2.14/gpg-Fix-comparison.patch new file mode 100644 index 0000000..9fdc1cb --- /dev/null +++ b/patches/from-2.2.14/gpg-Fix-comparison.patch @@ -0,0 +1,26 @@ +From: "Neal H. Walfield" +Date: Fri, 6 Oct 2017 11:51:39 +0200 +Subject: gpg: Fix comparison. + +* g10/gpgcompose.c (literal_name): Complain if passed zero arguments, +not one or fewer. + +Signed-off-by: Neal H. Walfield +(cherry picked from commit 1ed21eee79749b976b4a935f2279b162634e9c5e) +--- + g10/gpgcompose.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c +index 430538e..226f793 100644 +--- a/g10/gpgcompose.c ++++ b/g10/gpgcompose.c +@@ -2746,7 +2746,7 @@ literal_name (const char *option, int argc, char *argv[], void *cookie) + { + struct litinfo *li = cookie; + +- if (argc <= 1) ++ if (argc <= 0) + log_fatal ("Usage: %s NAME\n", option); + + if (strlen (argv[0]) > 255) diff --git a/patches/from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch b/patches/from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch new file mode 100644 index 0000000..c642092 --- /dev/null +++ b/patches/from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch @@ -0,0 +1,51 @@ +From: Werner Koch +Date: Tue, 5 Mar 2019 12:39:11 +0100 +Subject: gpg: Make invalid primary key algos obvious in key listings. + +* g10/keylist.c (print_key_line): Print a warning for invalid algos. +-- + +Non-OpenPGP compliant keys now show a warning flag on the sec or pub +line like in: + + gpg: can't encode a 256 bit MD into a 88 bits frame, algo=8 + sec cv25519 2019-01-30 [INVALID_ALGO] + 4239F3D606A19258E7A88C3F9A3F4F909C5034C5 + uid [ultimate] ffffff + +Instead of showing the usage flags "[CE]". Without this patch only +the error message is printed and the reason for it was not immediately +obvious (cv25519 is encryption only but we always consider the primary +key as having the "C" flag). + +Signed-off-by: Werner Koch +(cherry picked from commit db87132b10664718b7db6ec1dad584b54d1fb265) +(cherry picked from commit d2a7f9078a4673ec53733e4f69fd17a8f1ac962d) +--- + g10/keylist.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/g10/keylist.c b/g10/keylist.c +index 262ea8d..7b3fde1 100644 +--- a/g10/keylist.c ++++ b/g10/keylist.c +@@ -2059,10 +2059,18 @@ print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret) + tty_fprintf (fp, "/%s", keystr_from_pk (pk)); + tty_fprintf (fp, " %s", datestr_from_pk (pk)); + +- if ((opt.list_options & LIST_SHOW_USAGE)) ++ if (pk->flags.primary ++ && !(openpgp_pk_algo_usage (pk->pubkey_algo) ++ & (PUBKEY_USAGE_CERT| PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))) ++ { ++ /* A primary key which is really not capable to sign. */ ++ tty_fprintf (fp, " [INVALID_ALGO]"); ++ } ++ else if ((opt.list_options & LIST_SHOW_USAGE)) + { + tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0)); + } ++ + if (pk->flags.revoked) + { + tty_fprintf (fp, " ["); diff --git a/patches/from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch b/patches/from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch new file mode 100644 index 0000000..9212c1d --- /dev/null +++ b/patches/from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch @@ -0,0 +1,45 @@ +From: NIIBE Yutaka +Date: Mon, 25 Feb 2019 10:44:16 +0900 +Subject: gpgscm: Build well even if NDEBUG defined. + +* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";". +[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno. + +-- + +Cherry icked from master commit of: + e140c6d4f581be1a60a34b67b16430452f3987e8 + +In some build environment, NDEBUG is defined (although it's +bad practice). This change supports such a situation. + +GnuPG-bug-id: 3959 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 8161afb9dddaba839be92fbe9d85c05235eda825) +--- + tests/gpgscm/scheme.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c +index b188e36..b4960b0 100644 +--- a/tests/gpgscm/scheme.c ++++ b/tests/gpgscm/scheme.c +@@ -874,7 +874,7 @@ gc_reservation_failure(struct scheme *sc) + { + #ifdef NDEBUG + fprintf(stderr, +- "insufficient reservation\n") ++ "insufficient reservation\n"); + #else + fprintf(stderr, + "insufficient %s reservation in line %d\n", +@@ -5627,7 +5627,9 @@ int scheme_init_custom_alloc(scheme *sc, func_alloc malloc, func_dealloc free) { + sc->fcells = 0; + sc->inhibit_gc = GC_ENABLED; + sc->reserved_cells = 0; ++#ifndef NDEBUG + sc->reserved_lineno = 0; ++#endif + sc->no_memory=0; + sc->inport=sc->NIL; + sc->outport=sc->NIL; diff --git a/patches/from-2.2.14/gpgsm-default-to-3072-bit-keys.patch b/patches/from-2.2.14/gpgsm-default-to-3072-bit-keys.patch new file mode 100644 index 0000000..48cbef5 --- /dev/null +++ b/patches/from-2.2.14/gpgsm-default-to-3072-bit-keys.patch @@ -0,0 +1,131 @@ +From: Daniel Kahn Gillmor +Date: Thu, 7 Sep 2017 18:39:37 -0400 +Subject: gpgsm: default to 3072-bit keys. + +* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update +default to 3072 bits. +* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to +3072 bits. +* sm/certreqgen.c (proc_parameters): update default to 3072 bits. +* sm/gpgsm.c (main): print correct default_pubkey_algo. + +-- + +3072-bit RSA is widely considered to be 128-bit-equivalent security. +This is a sensible default in 2017. + +Signed-off-by: Daniel Kahn Gillmor + +(cherry picked from commit 7955262151a5c755814dd23414e6804f79125355) +(cherry picked from commit 121286d9d1506dbaad9ba33bae2e459814fe5849) +--- + doc/gpgsm.texi | 2 +- + doc/howto-create-a-server-cert.texi | 14 +++++++------- + sm/certreqgen-ui.c | 2 +- + sm/certreqgen.c | 4 ++-- + sm/gpgsm.c | 2 +- + 5 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi +index ebe58bc..eb30368 100644 +--- a/doc/gpgsm.texi ++++ b/doc/gpgsm.texi +@@ -1082,7 +1082,7 @@ key. The algorithm must be capable of signing. This is a required + parameter. The only supported value for @var{algo} is @samp{rsa}. + + @item Key-Length: @var{nbits} +-The requested length of a generated key in bits. Defaults to 2048. ++The requested length of a generated key in bits. Defaults to 3072. + + @item Key-Grip: @var{hexstring} + This is optional and used to generate a CSR or certificate for an +diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi +index 55f1a91..30e28bd 100644 +--- a/doc/howto-create-a-server-cert.texi ++++ b/doc/howto-create-a-server-cert.texi +@@ -31,14 +31,14 @@ Let's continue: + + @cartouche + @example +- What keysize do you want? (2048) +- Requested keysize is 2048 bits ++ What keysize do you want? (3072) ++ Requested keysize is 3072 bits + @end example + @end cartouche + +-Hitting enter chooses the default RSA key size of 2048 bits. Smaller +-keys are too weak on the modern Internet. If you choose a larger +-(stronger) key, your server will need to do more work. ++Hitting enter chooses the default RSA key size of 3072 bits. Keys ++smaller than 2048 bits are too weak on the modern Internet. If you ++choose a larger (stronger) key, your server will need to do more work. + + @cartouche + @example +@@ -124,7 +124,7 @@ request: + @example + These parameters are used: + Key-Type: RSA +- Key-Length: 2048 ++ Key-Length: 3072 + Key-Usage: sign, encrypt + Name-DN: CN=example.com + Name-DNS: example.com +@@ -224,7 +224,7 @@ To see the content of your certificate, you may now enter: + aka: (dns-name example.com) + aka: (dns-name www.example.com) + validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51 +- key type: 2048 bit RSA ++ key type: 3072 bit RSA + key usage: digitalSignature keyEncipherment + ext key usage: clientAuth (suggested), serverAuth (suggested), [...] + fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57 +diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c +index 9772a3b..4f8a1ac 100644 +--- a/sm/certreqgen-ui.c ++++ b/sm/certreqgen-ui.c +@@ -138,7 +138,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) + unsigned int nbits; + int minbits = 1024; + int maxbits = 4096; +- int defbits = 2048; ++ int defbits = 3072; + const char *keyusage; + char *subject_name; + membuf_t mb_email, mb_dns, mb_uri, mb_result; +diff --git a/sm/certreqgen.c b/sm/certreqgen.c +index 4431870..1d610c1 100644 +--- a/sm/certreqgen.c ++++ b/sm/certreqgen.c +@@ -26,7 +26,7 @@ + $ cat >foo < 4096) && !cardkeyid) +diff --git a/sm/gpgsm.c b/sm/gpgsm.c +index defc698..52f26e2 100644 +--- a/sm/gpgsm.c ++++ b/sm/gpgsm.c +@@ -1800,7 +1800,7 @@ main ( int argc, char **argv) + /* The next one is an info only item and should match what + proc_parameters actually implements. */ + es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, +- "RSA-2048"); ++ "RSA-3072"); + es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg"); + + } diff --git a/patches/from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch b/patches/from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch new file mode 100644 index 0000000..036c0be --- /dev/null +++ b/patches/from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch @@ -0,0 +1,45 @@ +From: Daniel Kahn Gillmor +Date: Sun, 3 Mar 2019 10:22:34 -0500 +Subject: gpgv: Improve documentation for keyring choices + +* doc/gpgv.texi: Improve documentation for keyring choices + +-- + +From the existing documentation, it's not clear whether the default +keyring will always be mixed into the set of keyrings, or whether it +will be skipped if a --keyring is present. The updated text here +attempts to describe the keyring selection logic more completely. + +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit a7b2a87f940dba078867c44f1f50d46211d51719) +--- + doc/gpgv.texi | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/doc/gpgv.texi b/doc/gpgv.texi +index a052861..2dd9576 100644 +--- a/doc/gpgv.texi ++++ b/doc/gpgv.texi +@@ -59,13 +59,14 @@ no configuration files and only a few options are implemented. + That does also mean that it does not check for expired or revoked + keys. + +-By default a keyring named @file{trustedkeys.kbx} is used; if that +-does not exist a keyring named @file{trustedkeys.gpg} is used. The +-default keyring is assumed to be in the home directory of GnuPG, +-either the default home directory or the one set by an option or an +-environment variable. The option @code{--keyring} may be used to +-specify a different keyring or even multiple keyrings. +- ++If no @code{--keyring} option is given, @code{gpgv} looks for a ++``default'' keyring named @file{trustedkeys.kbx} (preferred) or ++@file{trustedkeys.gpg} in the home directory of GnuPG, either the ++default home directory or the one set by the @code{--homedir} option ++or the @code{GNUPGHOME} environment variable. If any @code{--keyring} ++option is used, @code{gpgv} will not look for the default keyring. The ++@code{--keyring} option may be used multiple times and all specified ++keyrings will be used together. + + @noindent + @mansect options diff --git a/patches/from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch b/patches/from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch new file mode 100644 index 0000000..f1f9d84 --- /dev/null +++ b/patches/from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch @@ -0,0 +1,68 @@ +From: NIIBE Yutaka +Date: Wed, 20 Sep 2017 10:06:43 +0900 +Subject: scd: Distinguish cancel by user and protocol error. + +* scd/apdu.h (SW_HOST_CANCELLED): New. +* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED. +(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED. +* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for +SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED. + +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 2396055c096884d521c26b76f26263a146207c24) +--- + scd/apdu.c | 3 ++- + scd/apdu.h | 3 ++- + scd/iso7816.c | 3 ++- + 3 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/scd/apdu.c b/scd/apdu.c +index 9e3594b..1a5e371 100644 +--- a/scd/apdu.c ++++ b/scd/apdu.c +@@ -499,6 +499,7 @@ host_sw_string (long err) + case SW_HOST_ABORTED: return "aborted"; + case SW_HOST_NO_PINPAD: return "no pinpad"; + case SW_HOST_ALREADY_CONNECTED: return "already connected"; ++ case SW_HOST_CANCELLED: return "cancelled"; + default: return "unknown host status error"; + } + } +@@ -605,7 +606,7 @@ pcsc_error_to_sw (long ec) + { + case 0: rc = 0; break; + +- case PCSC_E_CANCELLED: rc = SW_HOST_ABORTED; break; ++ case PCSC_E_CANCELLED: rc = SW_HOST_CANCELLED; break; + case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break; + case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break; + case PCSC_E_NO_SERVICE: +diff --git a/scd/apdu.h b/scd/apdu.h +index 6751e8c..8a0d4bd 100644 +--- a/scd/apdu.h ++++ b/scd/apdu.h +@@ -71,7 +71,8 @@ enum { + SW_HOST_NO_READER = 0x1000c, + SW_HOST_ABORTED = 0x1000d, + SW_HOST_NO_PINPAD = 0x1000e, +- SW_HOST_ALREADY_CONNECTED = 0x1000f ++ SW_HOST_ALREADY_CONNECTED = 0x1000f, ++ SW_HOST_CANCELLED = 0x10010 + }; + + struct dev_list; +diff --git a/scd/iso7816.c b/scd/iso7816.c +index 081b080..29208c2 100644 +--- a/scd/iso7816.c ++++ b/scd/iso7816.c +@@ -93,8 +93,9 @@ map_sw (int sw) + case SW_HOST_CARD_IO_ERROR: ec = GPG_ERR_EIO; break; + case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break; + case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break; +- case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break; ++ case SW_HOST_ABORTED: ec = GPG_ERR_INV_RESPONSE; break; + case SW_HOST_NO_PINPAD: ec = GPG_ERR_NOT_SUPPORTED; break; ++ case SW_HOST_CANCELLED: ec = GPG_ERR_CANCELED; break; + + default: + if ((sw & 0x010000)) diff --git a/patches/from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch b/patches/from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch new file mode 100644 index 0000000..7b7a795 --- /dev/null +++ b/patches/from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch @@ -0,0 +1,66 @@ +From: Werner Koch +Date: Thu, 28 Feb 2019 14:43:42 +0100 +Subject: sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs. + +* sm/keylist.c (print_compliance_flags): Also check the digest_algo. +Add new arg 'cert'. +-- + +A certificate with algorithm sha1WithRSAEncryption can be de-vs +compliant (e.g. if the next in the chain used sha256WithRSAEncryption +to sign it and RSA is long enough) but flagging it as such is useless +because that certificate can't be used because it will create +signatures using the non-compliant SHA-1 algorithm. + +Well, it could be used for encryption. But also evaluating the +key-usage flags here would make it harder for the user to understand +why certain certificates are listed as de-vs compliant and others are +not. + +Signed-off-by: Werner Koch +(cherry picked from commit 2c75af9f65d15653ed1bc191f1098ae316607041) + +Reworked to also pass the CERT. Note that 2.2 won't get the PK +Screening feature. + +Signed-off-by: Werner Koch +(cherry picked from commit be69bf0cbd11cb8c0d452e07066669aacc6caafa) +--- + sm/keylist.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/sm/keylist.c b/sm/keylist.c +index 9997da8..3fe75a1 100644 +--- a/sm/keylist.c ++++ b/sm/keylist.c +@@ -348,10 +348,19 @@ email_kludge (const char *name) + /* Print the compliance flags to field 18. ALGO is the gcrypt algo + * number. NBITS is the length of the key in bits. */ + static void +-print_compliance_flags (int algo, unsigned int nbits, estream_t fp) ++print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits, ++ estream_t fp) + { ++ int hashalgo; ++ + if (gnupg_pk_is_compliant (CO_DE_VS, algo, NULL, nbits, NULL)) +- es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); ++ { ++ hashalgo = gcry_md_map_name (ksba_cert_get_digest_algo (cert)); ++ if (gnupg_digest_is_compliant (CO_DE_VS, hashalgo)) ++ { ++ es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); ++ } ++ } + } + + +@@ -526,7 +535,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, + es_putc (':', fp); /* End of field 15. */ + es_putc (':', fp); /* End of field 16. */ + es_putc (':', fp); /* End of field 17. */ +- print_compliance_flags (algo, nbits, fp); ++ print_compliance_flags (cert, algo, nbits, fp); + es_putc (':', fp); /* End of field 18. */ + es_putc ('\n', fp); + diff --git a/patches/from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch b/patches/from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch new file mode 100644 index 0000000..6bcca6d --- /dev/null +++ b/patches/from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch @@ -0,0 +1,95 @@ +From: Werner Koch +Date: Fri, 1 Mar 2019 15:23:49 +0100 +Subject: sm: Print Yubikey attestation extensions with --dump-cert. + +* sm/keylist.c (oidtranstbl): Add Yubikey OIDs. +(OID_FLAG_HEX): New. +(print_hex_extn): New. +(list_cert_raw): Make use of that flag. + +Signed-off-by: Werner Koch +(cherry picked from commit 86c241a8c9a952ea8007066b70b04f435e2e483e) +(cherry picked from commit b3c8ce9e4343f1b68b9ba94bdd71b7d8e13b139a) +--- + sm/keylist.c | 40 +++++++++++++++++++++++++++++++++++++--- + 1 file changed, 37 insertions(+), 3 deletions(-) + +diff --git a/sm/keylist.c b/sm/keylist.c +index 3fe75a1..6efc6bd 100644 +--- a/sm/keylist.c ++++ b/sm/keylist.c +@@ -84,6 +84,8 @@ struct + #define OID_FLAG_SKIP 1 + /* The extension is a simple UTF8String and should be printed. */ + #define OID_FLAG_UTF8 2 ++/* The extension can be trnted as a hex string. */ ++#define OID_FLAG_HEX 4 + + /* A table mapping OIDs to a descriptive string. */ + static struct +@@ -193,6 +195,12 @@ static struct + /* Extensions used by the Bundesnetzagentur. */ + { "1.3.6.1.4.1.8301.3.5", "validityModel" }, + ++ /* Yubikey extensions for attestation certificates. */ ++ { "1.3.6.1.4.1.41482.3.3", "yubikey-firmware-version", OID_FLAG_HEX }, ++ { "1.3.6.1.4.1.41482.3.7", "yubikey-serial-number", OID_FLAG_HEX }, ++ { "1.3.6.1.4.1.41482.3.8", "yubikey-pin-touch-policy", OID_FLAG_HEX }, ++ { "1.3.6.1.4.1.41482.3.9", "yubikey-formfactor", OID_FLAG_HEX }, ++ + { NULL } + }; + +@@ -685,6 +693,21 @@ print_utf8_extn (estream_t fp, int indent, + } + + ++/* Print the extension described by (DER,DERLEN) in hex. */ ++static void ++print_hex_extn (estream_t fp, int indent, ++ const unsigned char *der, size_t derlen) ++{ ++ if (indent < 0) ++ indent = - indent; ++ ++ es_fprintf (fp, "%*s(", indent, ""); ++ for (; derlen; der++, derlen--) ++ es_fprintf (fp, "%02X%s", *der, derlen > 1? " ":""); ++ es_fprintf (fp, ")\n"); ++} ++ ++ + /* List one certificate in raw mode useful to have a closer look at + the certificate. This one does no beautification and only minimal + output sanitation. It is mainly useful for debugging. */ +@@ -1022,16 +1045,27 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, + if ((flag & OID_FLAG_SKIP)) + continue; + +- es_fprintf (fp, " %s: %s%s%s%s [%d octets]\n", ++ es_fprintf (fp, " %s: %s%s%s%s", + i? "critExtn":" extn", +- oid, s?" (":"", s?s:"", s?")":"", (int)len); ++ oid, s?" (":"", s?s:"", s?")":""); + if ((flag & OID_FLAG_UTF8)) + { + if (!cert_der) + cert_der = ksba_cert_get_image (cert, NULL); +- assert (cert_der); ++ log_assert (cert_der); ++ es_fprintf (fp, "\n"); + print_utf8_extn_raw (fp, -15, cert_der+off, len); + } ++ else if ((flag & OID_FLAG_HEX)) ++ { ++ if (!cert_der) ++ cert_der = ksba_cert_get_image (cert, NULL); ++ log_assert (cert_der); ++ es_fprintf (fp, "\n"); ++ print_hex_extn (fp, -15, cert_der+off, len); ++ } ++ else ++ es_fprintf (fp, " [%d octets]\n", (int)len); + } + + diff --git a/patches/from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch b/patches/from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch new file mode 100644 index 0000000..40ebad6 --- /dev/null +++ b/patches/from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch @@ -0,0 +1,98 @@ +From: NIIBE Yutaka +Date: Thu, 21 Feb 2019 12:26:09 +0900 +Subject: tests: Add "disable-scdaemon" in gpg-agent.conf. + +* tests/openpgp/defs.scm: Add "disable-scdaemon". Remove + "scdaemon-program". +* tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise. +* tests/inittests, tests/pkits/inittests: Add "disable-scdaemon" + +-- + +Before this change, running "make check" accesses USB device by +scdaemon on host computer. If there is any smartcard/token available, +it may affect test results. Because default key choice depends on +smartcard/token availability now and existing tests have nothing about +testing smartcard/token, disabling scdaemon is good. + +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 64b7c6fd1945bc206cf56979633dfca8a7494374) +(cherry picked from commit 150d5452318eafa6aa800ff3b87f8f8eb35ed203) +--- + tests/gpgme/gpgme-defs.scm | 3 +-- + tests/gpgsm/gpgsm-defs.scm | 5 +---- + tests/inittests | 1 + + tests/openpgp/defs.scm | 5 +---- + tests/pkits/inittests | 1 + + 5 files changed, 5 insertions(+), 10 deletions(-) + +diff --git a/tests/gpgme/gpgme-defs.scm b/tests/gpgme/gpgme-defs.scm +index 0de589f..bc40b3c 100644 +--- a/tests/gpgme/gpgme-defs.scm ++++ b/tests/gpgme/gpgme-defs.scm +@@ -67,8 +67,7 @@ + (create-file + "gpg-agent.conf" + (string-append "pinentry-program " (tool 'pinentry)) +- (string-append "scdaemon-program " (tool 'scdaemon)) +- ) ++ "disable-scdaemon") + + (start-agent) + +diff --git a/tests/gpgsm/gpgsm-defs.scm b/tests/gpgsm/gpgsm-defs.scm +index f118642..848bc75 100644 +--- a/tests/gpgsm/gpgsm-defs.scm ++++ b/tests/gpgsm/gpgsm-defs.scm +@@ -67,10 +67,7 @@ + "faked-system-time 1008241200") + (create-file "gpg-agent.conf" + (string-append "pinentry-program " (tool 'pinentry)) +- (if (assoc "scdaemon" gpg-components) +- (string-append "scdaemon-program " (tool 'scdaemon)) +- "# No scdaemon available") +- ) ++ "disable-scdaemon") + (start-agent) + (create-file + "trustlist.txt" +diff --git a/tests/inittests b/tests/inittests +index 6fbccfb..9090674 100755 +--- a/tests/inittests ++++ b/tests/inittests +@@ -85,6 +85,7 @@ EOF + cat > gpg-agent.conf < trustlist.txt < gpg-agent.conf < +Date: Fri, 15 Mar 2019 19:40:02 +0100 +Subject: tests: Add sample secret key w/o binding signatures. + +-- + +GnuPG-bug-id: 4392 +(cherry picked from commit 8c20a363c221438373439cde8c242e04c1bd925e) +(cherry picked from commit 61fc831885b0860e2143587b614c5a57f8c3f45f) +--- + tests/openpgp/samplekeys/README | 10 +++++ + tests/openpgp/samplekeys/pgp-desktop-skr.asc | 56 ++++++++++++++++++++++++++++ + 2 files changed, 66 insertions(+) + create mode 100644 tests/openpgp/samplekeys/pgp-desktop-skr.asc + +diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README +index 6f2399f..9f1648b 100644 +--- a/tests/openpgp/samplekeys/README ++++ b/tests/openpgp/samplekeys/README +@@ -14,8 +14,18 @@ whats-new-in-2.1.asc Collection of sample keys. + e2e-p256-1-clr.asc Google End-end-End test key (no protection) + e2e-p256-1-prt.asc Ditto, but protected with passphrase "a". + E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection) ++pgp-desktop-skr.asc Secret key with subkeys w/o signatures + rsa-rsa-sample-1.asc RSA+RSA sample key (no passphrase) + ed25519-cv25519-sample-1.asc Ed25519+CV25519 sample key (no passphrase) + silent-running.asc Collection of sample secret keys (no passphrases) + rsa-primary-auth-only.pub.asc rsa2408 primary only, usage: cert,auth + rsa-primary-auth-only.sec.asc Ditto but the secret keyblock. ++ ++ ++Notes: ++ ++- pgp-desktop-skr.asc is a secret keyblock without the uid and subkey ++ binding signatures. When exporting a secret key from PGP desktop ++ such a file is created which is then directly followed by a separate ++ armored public key block. To create such a sample concatenate ++ pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc +diff --git a/tests/openpgp/samplekeys/pgp-desktop-skr.asc b/tests/openpgp/samplekeys/pgp-desktop-skr.asc +new file mode 100644 +index 0000000..58f384c +--- /dev/null ++++ b/tests/openpgp/samplekeys/pgp-desktop-skr.asc +@@ -0,0 +1,56 @@ ++-----BEGIN PGP PRIVATE KEY BLOCK----- ++Version: Made up as if from PGP Encryption Desktop 10.3.2 ++ ++lQHYBFZfWcgBBAC+RQIbTFhpMiRmJPB3XAJQXxpDb5h2sEaNJ/MLIHwPNs+jNgDb ++144BrIOD1G56xAYhKYVDphFIg2wCiB019mYq7yNUyn/aZFBHqd5xbg4qR212cAjw ++HpBqP9yUEm333RFqFdytcbXd9rSfvZOlFvGZRSxjgpGlsJGbjitH0ABY+wARAQAB ++AAP+IvI/yc3C60dXYh9kvzd6AVMGWt5zTVFhE+oDfMaxooW5q0tu6vHzViFeYmcx ++B4FbctnSbTNiN0RUIT7oxpGEAAumKRejGAaMwiKZz3bMV05l0LI0Yn10GzXsLtRx +++iKzpUxThZETRU43BJeMqP5/rVqdQAu47pClgTwQWn6bXNkCANe2+XwJgMv9D72p ++kMLIi0TmPtfjBFV6f3f190N6m5gCCwstzvKqcNQ7NqNdbLHo/HKCmdGzlzCajbNu ++1nLJYoUCAOHNiNhWU/IEC5fRNyxfE5AQAmc7Bm/7d5gVIWDUjWe1ukfwJGQESyNy ++GTraOcYQa8X0GskSEktjwZN/dM9yZX8B/02prLprc1+8GjTM7q7ePJJbiOWcvYrB ++qcHhqadU/uC/g4lzDAG4RVutIHaqqOPr85J9jPzP/AT6ygsNU5Q5902gYbQjQmFy ++cmV0dCBCcm93biA8YmFycmV0dEBleGFtcGxlLm9yZz6dAdgEVl9ZyAEEAMfR5EvR ++HsEQXjKwf+LvMD2qXZerKRJYv+Ok6O1nJgYZrxGSXRtGUGrWDb4JERKjmnbIHePa ++J42GgpAUibaya0lDkvjKOehX/+dno06Bcn7mbOistFBpvbbyhCcN2mYhjQGeT8r6 ++fiX/sSw8L49MRxwI/JRBITkqyKxr6uMsf/p1ABEBAAEAA/wN9hFQZs0SSjV6rzBQ ++R8wEEvo1FaVp/b9yhVws8i8K8BJ2VNaiiDgoLsqJA5MozTuGnxbPi7eFwOcwb+7r ++T+4E8c8cJlOFiWkYtUyFDAjjo1m0xxFI0GnWuEnl238URxIW+x4k6Bx7g8P/3psH ++f5x1ue8pxYzudxEuPTBV8HMp4QIA2p74/ZJafVJAIDcEcbMDoIhTpRgbMyeHaQmR ++81gwo2FHd3hlonspwJ37r3LRk2jMgecU+0cK7p7W4HkYD6Xo2QIA6fv/DFn2WVRA ++ODQVQQGGxsvO2cM847IFJu96BbbxOLaZJ536RE980c2a9q/9B4hOYzKV4B4NI03u ++5/BqoOY8/QH/ZIvWN1fksXhQMypVTLg8R81igqS3GXKmQ+KrVEfTIHnXKxH7tyfD ++eJSS6nfpfARhAe2mP3TIrbjX+9PR+Qmkg6GqnQHYBFZfWusBBACoJjGH5zSYYpWQ ++1EuJJ7X2tJs6AtUlwvp0fUSdrA7qSXLKkhusOibsM01OWntMyXBD5SwpuZPyPCRT ++Tz9rCDpb1arksIAFRK1itVzAkmV/eniUGu7QFJGVoq4iyWmTk+jB+PaU9dfqjV5E ++eyfGT0VMP4wZxaSF8v0cX5Gry89yJwARAQABAAP+NPUmd199hJrT8TOzgIRlvkfe ++dZRLziNM3yBO2nvEjMxKH3uJxKHh/VUg/VLo72On/HIyiQeeDVYcuLJGTm7edegk ++/9C85hT5K4VUF9+LXXDX1Vz/jQdZxq+JwUE/AdlAEC9fkFQzc0ftI832mgjROASw ++MVphqYUQERz00ve+NDUCAMmgeUzmQB+ZDcdCzKQfZChafEDqZNpqIKfhcg8SytcK ++LA5uLBYGPcj7DY5NZuh3PFaV3EGxpjJUIzdspHp6V0UCANV+jbkookz+pUHAKp6D ++wt+yxOj1HqKIRdOYVaEaLTpvv7CHL3u2a4FQbxCxK6umVPH1HglEKDHNs7UBB8gv ++tHsB/Rzk2o5+LyWT18v6ubDVoUO6WQx3iXJakorJrSML7gld8DAEDCFK/jlk5Rhz ++gmGvBZwZ+z2xOk3rxnQxBPAkHHyb8p0B2ARWX1uVAQQA5Hj2C3jzD8OGtLaw7+P2 ++gYdAfR4s4YS3/AK+kYYtbm5EX4srysyUbylbQDQXUvRzw4FPkjXbboF6KjHw8icN ++WHCazwSfPTfCDvi0JIildkfNqwBzCmNDRn++X8rvAeDCEJ/BtfcgfgmDTElSJOd+ ++3B4XwnmtnBW54KlR42PLobsAEQEAAQAD+gJL6SGioplwMH9xtZtZ5fixAynaOeYK ++LK8vF06EGpL3Xl8lHqwpKZU0tbmsfLJjkFL6yD2L750Ge0vcLj5YtxVh+pfzvtgo ++HbYvfcU0j3iUQXgrn9r792wILv9LcgfDGYEUTPY+TSQnhju6OA8EYFJC1l9vkeae ++HWiNi0VH5leBAgDr3h6mXHrLT4qSNexzz8BAvK/PlHMAMAJcy76lXSkl92+c4Bcp ++jFDr5Vpaq/VXoLC4L/IlnEEqY967pAycdLH7AgD3+UB/qEnh0dDq7HkEfwMiarY6 ++Nb6wre0jPN/p+lWQ+MO6o5iJ2b44vZIUIlrKZJZ1WraBBhuRx1Fd0YpUlYNBAf41 ++4cEsS5z9Vf6HeJ87WPIyWH72dmwcuRDNTKLYeetcnbbhyO+BzfXbC+0FAxTIsBFa ++4S4xUwDBah+Nf4ZlcvPSop+dAdgEVl9unAEEAOnl30hwc47rLL9QH6g0TX1BEPdW ++MV4Ou6+rQOErIMAr1AOlUzpjwJllvQqf2OHnQWaTr9kbNLn7XUEUhjkH3uHDYMHM ++dyAb7YJrk3ECDqnmr34VV/F/H5BH7D6AiFktl1SpUTczPxBxvPNlJ4joPmTm+ahf ++g+zL+4pVu6tIhM0LABEBAAEAA/9fHMTxVhkHswZdPZ3B7pLcLktR6NDmaKNVyhP1 ++/G2y95+dY+s2QT4eosp+uYWeR0XHCqNla7TDND41qrzyEAtHiAF3OoydMK4lb0lq ++fKORRI4tr017wgMxRBLs82Gk5ehtI7AwSca7WvaoAJwKZp42th4MOeykeGRRMagJ ++I420QQIA8zdj89HUQ9tIRyhenoqgGWGmYZgO6SlrloxwlVzvbOsxn59A7PpE0CZb ++TsVPwFCwEzf3316k7V0oqa8TVL8J2wIA9jEY4AFhxY6kmffl5KiKwHThC06BPk6k ++CX90tt5on5iH0q2tjrAt/+ZfTcWAT5huQh9OZ4Hq0N/hFhtcJjIokQH+OcGoGiG3 ++pNBeU0bZqnVZNcHhJP9F13chv5jSAOJf6rfyx3HbgTeOqh2BCpyocgzAgQ8JUkX+ ++OeRRvDotcfiTGKBc ++=VlTT ++-----END PGP PRIVATE KEY BLOCK----- diff --git a/patches/from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch b/patches/from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch new file mode 100644 index 0000000..7ca5145 --- /dev/null +++ b/patches/from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch @@ -0,0 +1,69 @@ +From: Werner Koch +Date: Tue, 26 Mar 2019 09:02:19 +0100 +Subject: agent: Allow other ssh fingerprint algos in KEYINFO. + +* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO. Default to +the standard algo. + +Signed-off-by: Werner Koch +(cherry picked from commit 1c2fa8b6d747aa171bfef35a50754893aa80a562) +--- + agent/command.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/agent/command.c b/agent/command.c +index 50385b8..41fb394 100644 +--- a/agent/command.c ++++ b/agent/command.c +@@ -1048,7 +1048,7 @@ cmd_readkey (assuan_context_t ctx, char *line) + + + static const char hlp_keyinfo[] = +- "KEYINFO [--[ssh-]list] [--data] [--ssh-fpr] [--with-ssh] \n" ++ "KEYINFO [--[ssh-]list] [--data] [--ssh-fpr[=algo]] [--with-ssh] \n" + "\n" + "Return information about the key specified by the KEYGRIP. If the\n" + "key is not available GPG_ERR_NOT_FOUND is returned. If the option\n" +@@ -1084,7 +1084,9 @@ static const char hlp_keyinfo[] = + " '-' - Unknown protection.\n" + "\n" + "FPR returns the formatted ssh-style fingerprint of the key. It is only\n" +- " printed if the option --ssh-fpr has been used. It defaults to '-'.\n" ++ " printed if the option --ssh-fpr has been used. If ALGO is not given\n" ++ " to that option the default ssh fingerprint algo is used. Without the\n" ++ " option a '-' is printed.\n" + "\n" + "TTL is the TTL in seconds for that key or '-' if n/a.\n" + "\n" +@@ -1171,7 +1173,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, + + if (!agent_raw_key_from_file (ctrl, grip, &key)) + { +- ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr); ++ ssh_get_fingerprint_string (key, with_ssh_fpr, &fpr); + gcry_sexp_release (key); + } + } +@@ -1252,7 +1254,21 @@ cmd_keyinfo (assuan_context_t ctx, char *line) + else + list_mode = has_option (line, "--list"); + opt_data = has_option (line, "--data"); +- opt_ssh_fpr = has_option (line, "--ssh-fpr"); ++ ++ if (has_option_name (line, "--ssh-fpr")) ++ { ++ if (has_option (line, "--ssh-fpr=md5")) ++ opt_ssh_fpr = GCRY_MD_MD5; ++ else if (has_option (line, "--ssh-fpr=sha1")) ++ opt_ssh_fpr = GCRY_MD_SHA1; ++ else if (has_option (line, "--ssh-fpr=sha256")) ++ opt_ssh_fpr = GCRY_MD_SHA256; ++ else ++ opt_ssh_fpr = opt.ssh_fingerprint_digest; ++ } ++ else ++ opt_ssh_fpr = 0; ++ + opt_with_ssh = has_option (line, "--with-ssh"); + line = skip_options (line); + diff --git a/patches/from-2.2.15/doc-Clarify-option-no-keyring.patch b/patches/from-2.2.15/doc-Clarify-option-no-keyring.patch new file mode 100644 index 0000000..5bbaf39 --- /dev/null +++ b/patches/from-2.2.15/doc-Clarify-option-no-keyring.patch @@ -0,0 +1,27 @@ +From: Werner Koch +Date: Mon, 25 Mar 2019 14:47:31 +0100 +Subject: doc: Clarify option --no-keyring. + +-- +GnuPG-bug-id: 4424 + +Signed-off-by: Werner Koch +(cherry picked from commit 7a38af6a1015a7a0b47502850cf3bfd60d61ee56) +--- + doc/gpg.texi | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index b6eda9d..22813c7 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -3230,7 +3230,8 @@ secret keyrings. + + @item --no-keyring + @opindex no-keyring +-Do not add use any keyrings even if specified as options. ++Do not use any keyring at all. This overrides the default and all ++options which specify keyrings. + + @item --skip-verify + @opindex skip-verify diff --git a/patches/from-2.2.15/doc-fix-formatting-error.patch b/patches/from-2.2.15/doc-fix-formatting-error.patch new file mode 100644 index 0000000..fc81f92 --- /dev/null +++ b/patches/from-2.2.15/doc-fix-formatting-error.patch @@ -0,0 +1,24 @@ +From: Daniel Kahn Gillmor +Date: Fri, 22 Mar 2019 23:49:03 +0100 +Subject: doc: fix formatting error + +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit 93782de23fe45e7f7f86140fda6de39395c3a9d8) +--- + doc/gpg.texi | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 1597f9e..b6eda9d 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -2320,7 +2320,8 @@ opposite meaning. The options are: + on the keyring. This option is the same as running the @option{--edit-key} + command "clean" after import. Defaults to no. + +- @item repair-keys. After import, fix various problems with the ++ @item repair-keys ++ After import, fix various problems with the + keys. For example, this reorders signatures, and strips duplicate + signatures. Defaults to yes. + diff --git a/patches/from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch b/patches/from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch new file mode 100644 index 0000000..bc8b0d5 --- /dev/null +++ b/patches/from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch @@ -0,0 +1,49 @@ +From: Werner Koch +Date: Tue, 26 Mar 2019 13:31:06 +0100 +Subject: sm: Allow decryption even if expired other keys are configured. + +* sm/gpgsm.c (main): Add special handling for bad keys in decrypt +mode. +-- + +The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to +a decryption command. With that patch the errors are printed but +decryption continues and the process returns success unless other +errors occur. + +GnuPG-bug-id: 4431 +Signed-off-by: Werner Koch +(cherry picked from commit 30972d21824264aef2088d30b4f2e5ce3aca889e) +--- + sm/gpgsm.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/sm/gpgsm.c b/sm/gpgsm.c +index 52f26e2..598caa2 100644 +--- a/sm/gpgsm.c ++++ b/sm/gpgsm.c +@@ -1732,6 +1732,8 @@ main ( int argc, char **argv) + + if (!do_not_setup_keys) + { ++ int errcount = log_get_errorcount (0); ++ + for (sl = locusr; sl ; sl = sl->next) + { + int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0); +@@ -1760,6 +1762,15 @@ main ( int argc, char **argv) + if ((sl->flags & 1)) + do_add_recipient (&ctrl, sl->d, &recplist, 1, recp_required); + } ++ ++ /* We do not require a recipient for decryption but because ++ * recipients and signers are always checked and log_error is ++ * sometimes used (for failed signing keys or due to a failed ++ * CRL checking) that would have bumbed up the error counter. ++ * We clear the counter in the decryption case because there is ++ * no reason to force decryption to fail. */ ++ if (cmd == aDecrypt && !errcount) ++ log_get_errorcount (1); /* clear counter */ + } + + if (log_get_errorcount(0)) diff --git a/patches/from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch b/patches/from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch new file mode 100644 index 0000000..db03d78 --- /dev/null +++ b/patches/from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch @@ -0,0 +1,295 @@ +From: Werner Koch +Date: Fri, 22 Mar 2019 11:40:01 +0100 +Subject: wkd: New command --print-wkd-hash for gpg-wks-client. + +* tools/gpg-wks-client.c (aPrintWKDHash): New. +(opts) : Add "--print-wkd-hash". +(main): Implement that command. +(proc_userid_from_stdin): New. +* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY. +(wks_cmd_print_wkd_hash): New. +-- + +GnuPG-bug-id: 4418 +Signed-off-by: Werner Koch +(cherry picked from commit 64621f1f40c31c7f453da98efb860ff8cf11edbc) +--- + doc/wks.texi | 4 +++ + tools/gpg-wks-client.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++-- + tools/gpg-wks-server.c | 2 +- + tools/gpg-wks.h | 3 +- + tools/wks-util.c | 47 +++++++++++++++++++++++----- + 5 files changed, 129 insertions(+), 12 deletions(-) + +diff --git a/doc/wks.texi b/doc/wks.texi +index 5fe2a33..0c8a59a 100644 +--- a/doc/wks.texi ++++ b/doc/wks.texi +@@ -101,6 +101,10 @@ fingerprint and the mailbox separated by a space. The command + @option{--remove-key} removes a key from that directory, its only + argument is a user-id. + ++The command @option{--print-wkd-hash} prints a WKD user id identifier ++and the corresponding mailbox from the user-ids given on the command ++line or via stdin (one user-id per line). ++ + @command{gpg-wks-client} is not commonly invoked directly and thus it + is not installed in the bin directory. Here is an example how it can + be invoked manually to check for a Web Key Directory entry for +diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c +index 78e4fe4..f1750bf 100644 +--- a/tools/gpg-wks-client.c ++++ b/tools/gpg-wks-client.c +@@ -61,6 +61,7 @@ enum cmd_and_opt_values + aRead, + aInstallKey, + aRemoveKey, ++ aPrintWKDHash, + + oGpgProgram, + oSend, +@@ -90,6 +91,8 @@ static ARGPARSE_OPTS opts[] = { + "install a key into a directory"), + ARGPARSE_c (aRemoveKey, "remove-key", + "remove a key from a directory"), ++ ARGPARSE_c (aPrintWKDHash, "print-wkd-hash", ++ "Print the WKD identifier for the given user ids"), + + ARGPARSE_group (301, ("@\nOptions:\n ")), + +@@ -129,6 +132,8 @@ const char *fake_submission_addr; + + + static void wrong_args (const char *text) GPGRT_ATTR_NORETURN; ++static gpg_error_t proc_userid_from_stdin (gpg_error_t (*func)(const char *), ++ const char *text); + static gpg_error_t command_supported (char *userid); + static gpg_error_t command_check (char *userid); + static gpg_error_t command_send (const char *fingerprint, const char *userid); +@@ -230,6 +235,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) + case aCheck: + case aInstallKey: + case aRemoveKey: ++ case aPrintWKDHash: + cmd = pargs->r_opt; + break; + +@@ -246,7 +252,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) + int + main (int argc, char **argv) + { +- gpg_error_t err; ++ gpg_error_t err, delayed_err; + ARGPARSE_ARGS pargs; + enum cmd_and_opt_values cmd; + +@@ -377,6 +383,28 @@ main (int argc, char **argv) + err = wks_cmd_remove_key (*argv); + break; + ++ case aPrintWKDHash: ++ if (!argc) ++ err = proc_userid_from_stdin (wks_cmd_print_wkd_hash, "printing hash"); ++ else ++ { ++ for (err = delayed_err = 0; !err && argc; argc--, argv++) ++ { ++ err = wks_cmd_print_wkd_hash (*argv); ++ if (gpg_err_code (err) == GPG_ERR_INV_USER_ID) ++ { ++ /* Diagnostic already printed. */ ++ delayed_err = err; ++ err = 0; ++ } ++ else if (err) ++ log_error ("printing hash failed: %s\n", gpg_strerror (err)); ++ } ++ if (!err) ++ err = delayed_err; ++ } ++ break; ++ + default: + usage (1); + err = 0; +@@ -390,10 +418,63 @@ main (int argc, char **argv) + wks_write_status (STATUS_FAILURE, "- %u", GPG_ERR_GENERAL); + else + wks_write_status (STATUS_SUCCESS, NULL); +- return log_get_errorcount (0)? 1:0; ++ return (err || log_get_errorcount (0))? 1:0; + } + + ++/* Read user ids from stdin and call FUNC for each user id. TEXT is ++ * used for error messages. */ ++static gpg_error_t ++proc_userid_from_stdin (gpg_error_t (*func)(const char *), const char *text) ++{ ++ gpg_error_t err = 0; ++ gpg_error_t delayed_err = 0; ++ char line[2048]; ++ size_t n = 0; ++ ++ /* If we are on a terminal disable buffering to get direct response. */ ++ if (gnupg_isatty (es_fileno (es_stdin)) ++ && gnupg_isatty (es_fileno (es_stdout))) ++ { ++ es_setvbuf (es_stdin, NULL, _IONBF, 0); ++ es_setvbuf (es_stdout, NULL, _IOLBF, 0); ++ } ++ ++ while (es_fgets (line, sizeof line - 1, es_stdin)) ++ { ++ n = strlen (line); ++ if (!n || line[n-1] != '\n') ++ { ++ err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG ++ : GPG_ERR_INCOMPLETE_LINE); ++ log_error ("error reading stdin: %s\n", gpg_strerror (err)); ++ break; ++ } ++ trim_spaces (line); ++ err = func (line); ++ if (gpg_err_code (err) == GPG_ERR_INV_USER_ID) ++ { ++ delayed_err = err; ++ err = 0; ++ } ++ else if (err) ++ log_error ("%s failed: %s\n", text, gpg_strerror (err)); ++ } ++ if (es_ferror (es_stdin)) ++ { ++ err = gpg_error_from_syserror (); ++ log_error ("error reading stdin: %s\n", gpg_strerror (err)); ++ goto leave; ++ } ++ ++ leave: ++ if (!err) ++ err = delayed_err; ++ return err; ++} ++ ++ ++ + + /* Add the user id UID to the key identified by FINGERPRINT. */ + static gpg_error_t +diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c +index f83ef65..2082fb8 100644 +--- a/tools/gpg-wks-server.c ++++ b/tools/gpg-wks-server.c +@@ -1939,7 +1939,7 @@ command_check_key (const char *userid) + char *addrspec = NULL; + char *fname = NULL; + +- err = wks_fname_from_userid (userid, &fname, &addrspec); ++ err = wks_fname_from_userid (userid, 0, &fname, &addrspec); + if (err) + goto leave; + +diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h +index e369430..99969c1 100644 +--- a/tools/gpg-wks.h ++++ b/tools/gpg-wks.h +@@ -98,11 +98,12 @@ gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream, + int ignore_unknown); + void wks_free_policy (policy_flags_t policy); + +-gpg_error_t wks_fname_from_userid (const char *userid, ++gpg_error_t wks_fname_from_userid (const char *userid, int hash_only, + char **r_fname, char **r_addrspec); + gpg_error_t wks_compute_hu_fname (char **r_fname, const char *addrspec); + gpg_error_t wks_cmd_install_key (const char *fname, const char *userid); + gpg_error_t wks_cmd_remove_key (const char *userid); ++gpg_error_t wks_cmd_print_wkd_hash (const char *userid); + + + /*-- wks-receive.c --*/ +diff --git a/tools/wks-util.c b/tools/wks-util.c +index 3e48709..fee46d6 100644 +--- a/tools/wks-util.c ++++ b/tools/wks-util.c +@@ -749,9 +749,12 @@ write_to_file (estream_t src, const char *fname) + + + /* Return the filename and optionally the addrspec for USERID at +- * R_FNAME and R_ADDRSPEC. R_ADDRSPEC might also be set on error. */ ++ * R_FNAME and R_ADDRSPEC. R_ADDRSPEC might also be set on error. If ++ * HASH_ONLY is set only the has is returned at R_FNAME and no file is ++ * created. */ + gpg_error_t +-wks_fname_from_userid (const char *userid, char **r_fname, char **r_addrspec) ++wks_fname_from_userid (const char *userid, int hash_only, ++ char **r_fname, char **r_addrspec) + { + gpg_error_t err; + char *addrspec = NULL; +@@ -767,7 +770,7 @@ wks_fname_from_userid (const char *userid, char **r_fname, char **r_addrspec) + addrspec = mailbox_from_userid (userid); + if (!addrspec) + { +- if (opt.verbose) ++ if (opt.verbose || hash_only) + log_info ("\"%s\" is not a proper mail address\n", userid); + err = gpg_error (GPG_ERR_INV_USER_ID); + goto leave; +@@ -788,11 +791,20 @@ wks_fname_from_userid (const char *userid, char **r_fname, char **r_addrspec) + goto leave; + } + +- *r_fname = make_filename_try (opt.directory, domain, "hu", hash, NULL); +- if (!*r_fname) +- err = gpg_error_from_syserror (); ++ if (hash_only) ++ { ++ *r_fname = hash; ++ hash = NULL; ++ err = 0; ++ } + else +- err = 0; ++ { ++ *r_fname = make_filename_try (opt.directory, domain, "hu", hash, NULL); ++ if (!*r_fname) ++ err = gpg_error_from_syserror (); ++ else ++ err = 0; ++ } + + leave: + if (r_addrspec && addrspec) +@@ -1062,7 +1074,7 @@ wks_cmd_remove_key (const char *userid) + char *addrspec = NULL; + char *fname = NULL; + +- err = wks_fname_from_userid (userid, &fname, &addrspec); ++ err = wks_fname_from_userid (userid, 0, &fname, &addrspec); + if (err) + goto leave; + +@@ -1090,3 +1102,22 @@ wks_cmd_remove_key (const char *userid) + xfree (addrspec); + return err; + } ++ ++ ++/* Print the WKD hash for the user ids to stdout. */ ++gpg_error_t ++wks_cmd_print_wkd_hash (const char *userid) ++{ ++ gpg_error_t err; ++ char *addrspec, *fname; ++ ++ err = wks_fname_from_userid (userid, 1, &fname, &addrspec); ++ if (err) ++ return err; ++ ++ es_printf ("%s %s\n", fname, addrspec); ++ ++ xfree (fname); ++ xfree (addrspec); ++ return err; ++} diff --git a/patches/from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch b/patches/from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch new file mode 100644 index 0000000..226e999 --- /dev/null +++ b/patches/from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch @@ -0,0 +1,149 @@ +From: Werner Koch +Date: Mon, 25 Mar 2019 15:13:59 +0100 +Subject: wkd: New command --print-wkd-url for gpg-wks-client. + +* tools/gpg-wks-client.c (aPrintWKDURL): New. +(opts): Add option. +(main): Implement. +* tools/wks-util.c (wks_cmd_print_wkd_url): New. + +Signed-off-by: Werner Koch +(cherry picked from commit 2f3eebf1865a85f8c09a1c052513260ed55acec6) +--- + doc/wks.texi | 8 ++++++-- + tools/gpg-wks-client.c | 19 +++++++++++++++++-- + tools/gpg-wks.h | 1 + + tools/wks-util.c | 27 ++++++++++++++++++++++++++- + 4 files changed, 50 insertions(+), 5 deletions(-) + +diff --git a/doc/wks.texi b/doc/wks.texi +index 0c8a59a..ced418a 100644 +--- a/doc/wks.texi ++++ b/doc/wks.texi +@@ -101,10 +101,14 @@ fingerprint and the mailbox separated by a space. The command + @option{--remove-key} removes a key from that directory, its only + argument is a user-id. + +-The command @option{--print-wkd-hash} prints a WKD user id identifier +-and the corresponding mailbox from the user-ids given on the command ++The command @option{--print-wkd-hash} prints the WKD user-id identifiers ++and the corresponding mailboxes from the user-ids given on the command + line or via stdin (one user-id per line). + ++The command @option{--print-wkd-url} prints the URLs used to fetch the ++key for the given user-ids from WKD. The meanwhile preferred format ++with sub-domains is used here. ++ + @command{gpg-wks-client} is not commonly invoked directly and thus it + is not installed in the bin directory. Here is an example how it can + be invoked manually to check for a Web Key Directory entry for +diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c +index f1750bf..050c8aa 100644 +--- a/tools/gpg-wks-client.c ++++ b/tools/gpg-wks-client.c +@@ -62,6 +62,7 @@ enum cmd_and_opt_values + aInstallKey, + aRemoveKey, + aPrintWKDHash, ++ aPrintWKDURL, + + oGpgProgram, + oSend, +@@ -93,6 +94,8 @@ static ARGPARSE_OPTS opts[] = { + "remove a key from a directory"), + ARGPARSE_c (aPrintWKDHash, "print-wkd-hash", + "Print the WKD identifier for the given user ids"), ++ ARGPARSE_c (aPrintWKDURL, "print-wkd-url", ++ "Print the WKD URL for the given user id"), + + ARGPARSE_group (301, ("@\nOptions:\n ")), + +@@ -236,6 +239,7 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) + case aInstallKey: + case aRemoveKey: + case aPrintWKDHash: ++ case aPrintWKDURL: + cmd = pargs->r_opt; + break; + +@@ -384,13 +388,24 @@ main (int argc, char **argv) + break; + + case aPrintWKDHash: ++ case aPrintWKDURL: + if (!argc) +- err = proc_userid_from_stdin (wks_cmd_print_wkd_hash, "printing hash"); ++ { ++ if (cmd == aPrintWKDHash) ++ err = proc_userid_from_stdin (wks_cmd_print_wkd_hash, ++ "printing WKD hash"); ++ else ++ err = proc_userid_from_stdin (wks_cmd_print_wkd_url, ++ "printing WKD URL"); ++ } + else + { + for (err = delayed_err = 0; !err && argc; argc--, argv++) + { +- err = wks_cmd_print_wkd_hash (*argv); ++ if (cmd == aPrintWKDHash) ++ err = wks_cmd_print_wkd_hash (*argv); ++ else ++ err = wks_cmd_print_wkd_url (*argv); + if (gpg_err_code (err) == GPG_ERR_INV_USER_ID) + { + /* Diagnostic already printed. */ +diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h +index 99969c1..9acd7c3 100644 +--- a/tools/gpg-wks.h ++++ b/tools/gpg-wks.h +@@ -104,6 +104,7 @@ gpg_error_t wks_compute_hu_fname (char **r_fname, const char *addrspec); + gpg_error_t wks_cmd_install_key (const char *fname, const char *userid); + gpg_error_t wks_cmd_remove_key (const char *userid); + gpg_error_t wks_cmd_print_wkd_hash (const char *userid); ++gpg_error_t wks_cmd_print_wkd_url (const char *userid); + + + /*-- wks-receive.c --*/ +diff --git a/tools/wks-util.c b/tools/wks-util.c +index fee46d6..29e9248 100644 +--- a/tools/wks-util.c ++++ b/tools/wks-util.c +@@ -1104,7 +1104,7 @@ wks_cmd_remove_key (const char *userid) + } + + +-/* Print the WKD hash for the user ids to stdout. */ ++/* Print the WKD hash for the user id to stdout. */ + gpg_error_t + wks_cmd_print_wkd_hash (const char *userid) + { +@@ -1121,3 +1121,28 @@ wks_cmd_print_wkd_hash (const char *userid) + xfree (addrspec); + return err; + } ++ ++ ++/* Print the WKD URL for the user id to stdout. */ ++gpg_error_t ++wks_cmd_print_wkd_url (const char *userid) ++{ ++ gpg_error_t err; ++ char *addrspec, *fname; ++ char *domain; ++ ++ err = wks_fname_from_userid (userid, 1, &fname, &addrspec); ++ if (err) ++ return err; ++ ++ domain = strchr (addrspec, '@'); ++ if (domain) ++ *domain++ = 0; ++ ++ es_printf ("https://openpgpkey.%s/.well-known/openpgpkey/%s/hu/%s?l=%s\n", ++ domain, domain, fname, addrspec); ++ ++ xfree (fname); ++ xfree (addrspec); ++ return err; ++} diff --git a/patches/from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch b/patches/from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch new file mode 100644 index 0000000..4a47f29 --- /dev/null +++ b/patches/from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch @@ -0,0 +1,31 @@ +From: NIIBE Yutaka +Date: Tue, 21 May 2019 15:50:28 +0900 +Subject: agent: For SSH key, don't put NUL-byte at the end. + +* agent/command-ssh.c (ssh_key_to_protected_buffer): Update +the length by the second call of gcry_sexp_sprint. + +-- + +GnuPG-bug-id: 4502 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 6e39541f4f488fe59eac399bad18c465f373a784) +--- + agent/command-ssh.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/agent/command-ssh.c b/agent/command-ssh.c +index 9255830..ce621f7 100644 +--- a/agent/command-ssh.c ++++ b/agent/command-ssh.c +@@ -3033,8 +3033,8 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase, + goto out; + } + +- gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n); +- /* FIXME: guarantee? */ ++ buffer_new_n = gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, ++ buffer_new, buffer_new_n); + + if (*passphrase) + err = agent_protect (buffer_new, passphrase, buffer, buffer_n, 0, -1); diff --git a/patches/from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch b/patches/from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch new file mode 100644 index 0000000..9fb1f28 --- /dev/null +++ b/patches/from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch @@ -0,0 +1,61 @@ +From: NIIBE Yutaka +Date: Thu, 23 May 2019 10:15:18 +0900 +Subject: agent: Stop scdaemon after reload when disable_scdaemon. + +* agent/call-scd.c (agent_card_killscd): New. +* agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd. + +-- + +GnuPG-bug-id: 4326 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 9ccdd59e4e1e0b0e3b03b288f52f3c71e86a04dd) +--- + agent/agent.h | 1 + + agent/call-scd.c | 9 +++++++++ + agent/gpg-agent.c | 3 +++ + 3 files changed, 13 insertions(+) + +diff --git a/agent/agent.h b/agent/agent.h +index b07ea57..f047757 100644 +--- a/agent/agent.h ++++ b/agent/agent.h +@@ -598,6 +598,7 @@ int agent_card_scd (ctrl_t ctrl, const char *cmdline, + int (*getpin_cb)(void *, const char *, + const char *, char*, size_t), + void *getpin_cb_arg, void *assuan_context); ++void agent_card_killscd (void); + + + /*-- learncard.c --*/ +diff --git a/agent/call-scd.c b/agent/call-scd.c +index e852c0d..ee69bb4 100644 +--- a/agent/call-scd.c ++++ b/agent/call-scd.c +@@ -1326,3 +1326,12 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, + + return unlock_scd (ctrl, 0); + } ++ ++void ++agent_card_killscd (void) ++{ ++ if (primary_scd_ctx == NULL) ++ return; ++ assuan_transact (primary_scd_ctx, "KILLSCD", ++ NULL, NULL, NULL, NULL, NULL, NULL); ++} +diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c +index d68b5ad..16aa0d4 100644 +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -2452,6 +2452,9 @@ agent_sighup_action (void) + "pinentry" binary that one can be used in case the + "pinentry-basic" fallback was in use. */ + gnupg_module_name_flush_some (); ++ ++ if (opt.disable_scdaemon) ++ agent_card_killscd (); + } + + diff --git a/patches/from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch b/patches/from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch new file mode 100644 index 0000000..91b635d --- /dev/null +++ b/patches/from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch @@ -0,0 +1,63 @@ +From: Daniel Kahn Gillmor +Date: Tue, 14 May 2019 00:05:42 -0400 +Subject: agent: correct length for uri and comment on 64-bit big-endian + platforms + +* agent/findkey.c (agent_public_key_from_file): pass size_t as int to +gcry_sexp_build_array's %b. + +-- + +This is only a problem on big-endian systems where size_t is not the +same size as an int. It was causing failures on debian's s390x, +powerpc64, and sparc64 platforms. + +There may well be other failures with %b on those platforms in the +codebase, and it probably needs an audit. + +Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment +or a uri of reasonable length associated with it, this fix can be +tested with: + + gpg-agent --server <<<"READKEY $KEYGRIP" + +On the failing platforms, the printed comment will be of length 0. + +Gnupg-bug-id: 4501 +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit 110932925ba8e0169da18d7774440f8d1fd8a344) +--- + agent/findkey.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/agent/findkey.c b/agent/findkey.c +index 89a18fa..bdb6ab4 100644 +--- a/agent/findkey.c ++++ b/agent/findkey.c +@@ -1230,6 +1230,7 @@ agent_public_key_from_file (ctrl_t ctrl, + gcry_sexp_t uri_sexp, comment_sexp; + const char *uri, *comment; + size_t uri_length, comment_length; ++ int uri_intlen, comment_intlen; + char *format, *p; + void *args[2+7+2+2+1]; /* Size is 2 + max. # of elements + 2 for uri + 2 + for comment + end-of-list. */ +@@ -1311,14 +1312,16 @@ agent_public_key_from_file (ctrl_t ctrl, + { + p = stpcpy (p, "(uri %b)"); + assert (argidx+1 < DIM (args)); +- args[argidx++] = (void *)&uri_length; ++ uri_intlen = (int)uri_length; ++ args[argidx++] = (void *)&uri_intlen; + args[argidx++] = (void *)&uri; + } + if (comment) + { + p = stpcpy (p, "(comment %b)"); + assert (argidx+1 < DIM (args)); +- args[argidx++] = (void *)&comment_length; ++ comment_intlen = (int)comment_length; ++ args[argidx++] = (void *)&comment_intlen; + args[argidx++] = (void*)&comment; + } + *p++ = ')'; diff --git a/patches/from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch b/patches/from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch new file mode 100644 index 0000000..93370e7 --- /dev/null +++ b/patches/from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch @@ -0,0 +1,43 @@ +From: Werner Koch +Date: Thu, 9 May 2019 14:49:59 +0200 +Subject: dirmngr: Add a CSRF expection for pm.me + +-- + +Also comment typo fix. + +(cherry picked from commit 7c4029110ab45d02e746ddcc13a87952ca0099f5) +--- + agent/command.c | 4 ++-- + dirmngr/http.c | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/agent/command.c b/agent/command.c +index 41fb394..cf8a2e4 100644 +--- a/agent/command.c ++++ b/agent/command.c +@@ -1231,8 +1231,8 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, + } + + +-/* Entry int for the command KEYINFO. This function handles the +- command option processing. For details see hlp_keyinfo above. */ ++/* Entry into the command KEYINFO. This function handles the ++ * command option processing. For details see hlp_keyinfo above. */ + static gpg_error_t + cmd_keyinfo (assuan_context_t ctx, char *line) + { +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 7fdd06a..384f256 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -3530,7 +3530,8 @@ same_host_p (parsed_uri_t a, parsed_uri_t b) + { "protonmail.com", "api.protonmail.com" }, + { NULL, "api.protonmail.ch" }, + { "protonmail.ch", "api.protonmail.com" }, +- { NULL, "api.protonmail.ch" } ++ { NULL, "api.protonmail.ch" }, ++ { "pm.me", "api.protonmail.ch" } + }; + int i; + const char *from; diff --git a/patches/from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch b/patches/from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch new file mode 100644 index 0000000..ffe9825 --- /dev/null +++ b/patches/from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch @@ -0,0 +1,235 @@ +From: Werner Koch +Date: Tue, 28 May 2019 12:27:00 +0200 +Subject: dirmngr: Allow for other hash algorithms than SHA-1 in OCSP. + +* dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval, +r_produced_at, and r_md. Get the hash algo from the signature and +create the context here. +(check_signature): Allow any hash algo. Print a diagnostic if the +signature does not verify. +-- + +GnuPG-bug-id: 3966 +Signed-off-by: Werner Koch +(cherry picked from commit 5281ecbe3ae8364407d9831243b81d664b040805) +--- + dirmngr/ocsp.c | 105 +++++++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 80 insertions(+), 25 deletions(-) + +diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c +index 7edac80..13e6120 100644 +--- a/dirmngr/ocsp.c ++++ b/dirmngr/ocsp.c +@@ -116,10 +116,15 @@ read_response (estream_t fp, unsigned char **r_buffer, size_t *r_buflen) + + /* Construct an OCSP request, send it to the configured OCSP responder + and parse the response. On success the OCSP context may be used to +- further process the response. */ ++ further process the response. The signature value and the ++ production date are returned at R_SIGVAL and R_PRODUCED_AT; they ++ may be NULL or an empty string if not available. A new hash ++ context is returned at R_MD. */ + static gpg_error_t +-do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, +- const char *url, ksba_cert_t cert, ksba_cert_t issuer_cert) ++do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, ++ const char *url, ksba_cert_t cert, ksba_cert_t issuer_cert, ++ ksba_sexp_t *r_sigval, ksba_isotime_t r_produced_at, ++ gcry_md_hd_t *r_md) + { + gpg_error_t err; + unsigned char *request, *response; +@@ -132,6 +137,10 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, + + (void)ctrl; + ++ *r_sigval = NULL; ++ *r_produced_at = 0; ++ *r_md = NULL; ++ + if (dirmngr_use_tor ()) + { + /* For now we do not allow OCSP via Tor due to possible privacy +@@ -263,6 +272,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, + xfree (free_this); + return err; + } ++ /* log_printhex (response, responselen, "ocsp response"); */ + + err = ksba_ocsp_parse_response (ocsp, response, responselen, + &response_status); +@@ -290,11 +300,34 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, + } + if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS) + { ++ int hash_algo; ++ + if (opt.verbose) + log_info (_("OCSP responder at '%s' status: %s\n"), url, t); + ++ /* Get the signature value now because we can all this fucntion ++ * only once. */ ++ *r_sigval = ksba_ocsp_get_sig_val (ocsp, r_produced_at); ++ ++ hash_algo = hash_algo_from_sigval (*r_sigval); ++ if (!hash_algo) ++ { ++ if (opt.verbose) ++ log_info ("ocsp: using SHA-256 as fallback hash algo.\n"); ++ hash_algo = GCRY_MD_SHA256; ++ } ++ err = gcry_md_open (r_md, hash_algo, 0); ++ if (err) ++ { ++ log_error (_("failed to establish a hashing context for OCSP: %s\n"), ++ gpg_strerror (err)); ++ goto leave; ++ } ++ if (DBG_HASHING) ++ gcry_md_debug (*r_md, "ocsp"); ++ + err = ksba_ocsp_hash_response (ocsp, response, responselen, +- HASH_FNC, md); ++ HASH_FNC, *r_md); + if (err) + log_error (_("hashing the OCSP response for '%s' failed: %s\n"), + url, gpg_strerror (err)); +@@ -305,8 +338,17 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, + err = gpg_error (GPG_ERR_GENERAL); + } + ++ leave: + xfree (response); + xfree (free_this); ++ if (err) ++ { ++ xfree (*r_sigval); ++ *r_sigval = NULL; ++ *r_produced_at = 0; ++ gcry_md_close (*r_md); ++ *r_md = NULL; ++ } + return err; + } + +@@ -391,7 +433,7 @@ check_signature_core (ctrl_t ctrl, ksba_cert_t cert, gcry_sexp_t s_sig, + + /* We simply ignore all errors. */ + gcry_sexp_release (s_pkey); +- return -1; ++ return err; + } + + +@@ -410,18 +452,27 @@ check_signature (ctrl_t ctrl, + int algo, cert_idx; + gcry_sexp_t s_hash; + ksba_cert_t cert; ++ const char *s; + + /* Create a suitable S-expression with the hash value of our response. */ + gcry_md_final (md); + algo = gcry_md_get_algo (md); +- if (algo != GCRY_MD_SHA1 ) ++ s = gcry_md_algo_name (algo); ++ if (algo && s && strlen (s) < 16) + { +- log_error (_("only SHA-1 is supported for OCSP responses\n")); +- return gpg_error (GPG_ERR_DIGEST_ALGO); ++ char hashalgostr[16+1]; ++ int i; ++ ++ for (i=0; s[i]; i++) ++ hashalgostr[i] = ascii_tolower (s[i]); ++ hashalgostr[i] = 0; ++ err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))", ++ hashalgostr, ++ (int)gcry_md_get_algo_dlen (algo), ++ gcry_md_read (md, algo)); + } +- err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash sha1 %b))", +- gcry_md_get_algo_dlen (algo), +- gcry_md_read (md, algo)); ++ else ++ err = gpg_error (GPG_ERR_DIGEST_ALGO); + if (err) + { + log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err)); +@@ -465,6 +516,7 @@ check_signature (ctrl_t ctrl, + { + cert_ref_t cref; + ++ /* dump_cert ("from ocsp response", cert); */ + cref = xtrymalloc (sizeof *cref); + if (!cref) + log_error (_("allocating list item failed: %s\n"), +@@ -500,8 +552,6 @@ check_signature (ctrl_t ctrl, + } + log_printf ("not found\n"); + } +- ksba_free (name); +- ksba_free (keyid); + + if (cert) + { +@@ -510,10 +560,24 @@ check_signature (ctrl_t ctrl, + ksba_cert_release (cert); + if (!err) + { ++ ksba_free (name); ++ ksba_free (keyid); + gcry_sexp_release (s_hash); + return 0; /* Successfully verified the signature. */ + } ++ log_error ("responder certificate "); ++ if (name) ++ log_printf ("'/%s' ", name); ++ if (keyid) ++ { ++ log_printf ("{"); ++ dump_serial (keyid); ++ log_printf ("} "); ++ } ++ log_printf ("did not verify: %s\n", gpg_strerror (err)); + } ++ ksba_free (name); ++ ksba_free (keyid); + } + + gcry_sexp_release (s_hash); +@@ -588,8 +652,6 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, + goto leave; + } + +- +- + /* Figure out the OCSP responder to use. + 1. Try to get the reponder from the certificate. + We do only take http and https style URIs into account. +@@ -646,14 +708,8 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, + } + + /* Ask the OCSP responder. */ +- err = gcry_md_open (&md, GCRY_MD_SHA1, 0); +- if (err) +- { +- log_error (_("failed to establish a hashing context for OCSP: %s\n"), +- gpg_strerror (err)); +- goto leave; +- } +- err = do_ocsp_request (ctrl, ocsp, md, url, cert, issuer_cert); ++ err = do_ocsp_request (ctrl, ocsp, url, cert, issuer_cert, ++ &sigval, produced_at, &md); + if (err) + goto leave; + +@@ -685,8 +741,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr, + } + + /* We got a useful answer, check that the answer has a valid signature. */ +- sigval = ksba_ocsp_get_sig_val (ocsp, produced_at); +- if (!sigval || !*produced_at) ++ if (!sigval || !*produced_at || !md) + { + err = gpg_error (GPG_ERR_INV_OBJ); + goto leave; diff --git a/patches/from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch b/patches/from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch new file mode 100644 index 0000000..9c388b9 --- /dev/null +++ b/patches/from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch @@ -0,0 +1,62 @@ +From: Werner Koch +Date: Fri, 29 Mar 2019 14:20:47 +0100 +Subject: dirmngr: Better error code for http status 413. + +* dirmngr/ks-engine-hkp.c (send_request): New case for 413. +* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. +* dirmngr/ocsp.c (do_ocsp_request): Ditto. +-- + +Signed-off-by: Werner Koch +(cherry picked from commit 0a30ce036a615bc95382e0640d185b031f8c6a63) +--- + dirmngr/ks-engine-hkp.c | 4 ++++ + dirmngr/ks-engine-http.c | 4 ++++ + dirmngr/ocsp.c | 4 ++++ + 3 files changed, 12 insertions(+) + +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index 68d2064..8754a6b 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -1266,6 +1266,10 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + goto leave; + ++ case 413: /* Payload too large */ ++ err = gpg_error (GPG_ERR_TOO_LARGE); ++ goto leave; ++ + default: + log_error (_("error accessing '%s': http status %u\n"), + request, http_get_status_code (http)); +diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c +index 1abb350..a9600db 100644 +--- a/dirmngr/ks-engine-http.c ++++ b/dirmngr/ks-engine-http.c +@@ -174,6 +174,10 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags, + } + goto once_more; + ++ case 413: /* Payload too large */ ++ err = gpg_error (GPG_ERR_TOO_LARGE); ++ goto leave; ++ + default: + log_error (_("error accessing '%s': http status %u\n"), + url, http_get_status_code (http)); +diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c +index 2067b7b..7edac80 100644 +--- a/dirmngr/ocsp.c ++++ b/dirmngr/ocsp.c +@@ -238,6 +238,10 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, + } + break; + ++ case 413: /* Payload too large */ ++ err = gpg_error (GPG_ERR_TOO_LARGE); ++ break; ++ + default: + log_error (_("error accessing '%s': http status %u\n"), + url, http_get_status_code (http)); diff --git a/patches/from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch b/patches/from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch new file mode 100644 index 0000000..7847e10 --- /dev/null +++ b/patches/from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch @@ -0,0 +1,82 @@ +From: Werner Koch +Date: Wed, 15 May 2019 09:18:28 +0200 +Subject: doc: Do not mention gpg's deprecated --keyserver option. + +-- +GnuPG-bug-id: 4466 + +(cherry picked from commit 0d669a360c6e6729e2423534847a5ad47830bb9a) +--- + doc/gpg.texi | 34 +++++++++++++++------------------- + 1 file changed, 15 insertions(+), 19 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index e3efb3d..7858baf 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -434,9 +434,8 @@ file given with option @option{--output}. Use together with + @item --send-keys @var{keyIDs} + @opindex send-keys + Similar to @option{--export} but sends the keys to a keyserver. +-Fingerprints may be used instead of key IDs. Option +-@option{--keyserver} must be used to give the name of this +-keyserver. Don't send your complete keyring to a keyserver --- select ++Fingerprints may be used instead of key IDs. ++Don't send your complete keyring to a keyserver --- select + only those keys which are new or changed by you. If no @var{keyIDs} + are given, @command{@gpgname} does nothing. + +@@ -491,27 +490,25 @@ signatures, user-IDs and subkeys. + @opindex receive-keys + @itemx --recv-keys @var{keyIDs} + @opindex recv-keys +-Import the keys with the given @var{keyIDs} from a keyserver. Option +-@option{--keyserver} must be used to give the name of this keyserver. ++Import the keys with the given @var{keyIDs} from a keyserver. + + @item --refresh-keys + @opindex refresh-keys + Request updates from a keyserver for keys that already exist on the + local keyring. This is useful for updating a key with the latest + signatures, user IDs, etc. Calling this with no arguments will refresh +-the entire keyring. Option @option{--keyserver} must be used to give the +-name of the keyserver for all keys that do not have preferred keyservers +-set (see @option{--keyserver-options honor-keyserver-url}). ++the entire keyring. + + @item --search-keys @var{names} + @opindex search-keys +-Search the keyserver for the given @var{names}. Multiple names given here will +-be joined together to create the search string for the keyserver. +-Option @option{--keyserver} must be used to give the name of this +-keyserver. Keyservers that support different search methods allow using +-the syntax specified in "How to specify a user ID" below. Note that +-different keyserver types support different search methods. Currently +-only LDAP supports them all. ++Search the keyserver for the given @var{names}. Multiple names given ++here will be joined together to create the search string for the ++keyserver. Note that keyservers search for @var{names} in a different ++and simpler way than gpg does. The best choice is to use a mail ++address. Due to data privacy reasons keyservers may even not even ++allow searching by user id or mail address and thus may only return ++results when being used with the @option{--recv-key} command to ++search by key fingerprint or keyid. + + @item --fetch-keys @var{URIs} + @opindex fetch-keys +@@ -1766,12 +1763,11 @@ list. The default is "local,wkd". + PGP Universal method of checking @samp{ldap://keys.(thedomain)}. + + @item keyserver +- Locate a key using whatever keyserver is defined using the +- @option{--keyserver} option. ++ Locate a key using a keyserver. + + @item keyserver-URL +- In addition, a keyserver URL as used in the @option{--keyserver} option +- may be used here to query that particular keyserver. ++ In addition, a keyserver URL as used in the @command{dirmngr} ++ configuration may be used here to query that particular keyserver. + + @item local + Locate the key using the local keyrings. This mechanism allows the user to diff --git a/patches/from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch b/patches/from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch new file mode 100644 index 0000000..d22f9fa --- /dev/null +++ b/patches/from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch @@ -0,0 +1,31 @@ +From: Werner Koch +Date: Fri, 3 May 2019 16:15:04 +0200 +Subject: doc: Minor doc fix to dirmngr. + +-- + +Reported-by: dkg +(cherry picked from commit 781d2c5c8995b92e58fcf344fa8931523583f537) +--- + doc/dirmngr.texi | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi +index 742658e..8e6cbc6 100644 +--- a/doc/dirmngr.texi ++++ b/doc/dirmngr.texi +@@ -251,7 +251,7 @@ The option @option{--use-tor} switches Dirmngr and thus GnuPG into + ``Tor mode'' to route all network access via Tor (an anonymity + network). Certain other features are disabled in this mode. The + effect of @option{--use-tor} cannot be overridden by any other command +-or even be reloading gpg-agent. The use of @option{--no-use-tor} ++or even by reloading dirmngr. The use of @option{--no-use-tor} + disables the use of Tor. The default is to use Tor if it is available + on startup or after reloading dirmngr. + +@@ -1179,5 +1179,3 @@ as a binary blob. + @c used for this. The first one starts a search and the second one is + @c used to retrieve certificate after certificate. + @c +- +- diff --git a/patches/from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch b/patches/from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch new file mode 100644 index 0000000..df6741e --- /dev/null +++ b/patches/from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch @@ -0,0 +1,27 @@ +From: Werner Koch +Date: Tue, 14 May 2019 10:07:06 +0200 +Subject: doc: Minor edit for a gpg option. + +-- +GnuPG-bug-id: 4507 + +(cherry picked from commit 49a679eb3596ef273afacb49ef9044c4a063694b) +--- + doc/gpg.texi | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 22813c7..e3efb3d 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1330,8 +1330,8 @@ give the opposite meaning. The options are: + + @item show-only-fpr-mbox + @opindex list-options:show-only-fpr-mbox +- For each valid user-id which also has a valid mail address print +- only the fingerprint and the mail address. ++ For each user-id which has a valid mail address print ++ only the fingerprint followed by the mail address. + @end table + + @item --verify-options @var{parameters} diff --git a/patches/from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch b/patches/from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch new file mode 100644 index 0000000..a0dc31d --- /dev/null +++ b/patches/from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch @@ -0,0 +1,35 @@ +From: Daniel Kahn Gillmor +Date: Fri, 10 May 2019 12:39:45 -0400 +Subject: doc: correct documentation for gpgconf --kill + +* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill. + +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016) +(cherry picked from commit be116f871dbf14dd44d3a7909c2a052f8979c480) +--- + doc/tools.texi | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/doc/tools.texi b/doc/tools.texi +index 6256c05..b1e8b0b 100644 +--- a/doc/tools.texi ++++ b/doc/tools.texi +@@ -352,11 +352,12 @@ may use this command to ensure that they are started. Using "all" for + + @item --kill [@var{component}] + @opindex kill +-Kill the given component. Components which support killing are +-@command{gpg-agent} and @command{scdaemon}. Components which don't +-support reloading are ignored. Using "all" for @var{component} kills +-all components running as daemons. Note that as of now reload and +-kill have the same effect for @command{scdaemon}. ++Kill the given component that runs as a daemon, including ++@command{gpg-agent}, @command{dirmngr}, and @command{scdaemon}. A ++@command{component} which does not run as a daemon will be ignored. ++Using "all" for @var{component} kills all components running as ++daemons. Note that as of now reload and kill have the same effect for ++@command{scdaemon}. + + @item --create-socketdir + @opindex create-socketdir diff --git a/patches/from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch b/patches/from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch new file mode 100644 index 0000000..959e2df --- /dev/null +++ b/patches/from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch @@ -0,0 +1,44 @@ +From: Andre Heinecke +Date: Thu, 18 Apr 2019 13:19:05 +0200 +Subject: g10: Fix double free when locating by mbox + +* g10/getkey.c (get_best_pubkey_byname): Set new.uid always +to NULL after use. + +-- +pubkey_cmp is not guranteed to set new.uid. +So if the diff < 0 case is reached best is set to new. + +If then diff > 0 is reached without modifying new.uid +e.g. if the key has no matching mboxes. new.uid is +free'd even though the uid is still referenced in +best. + +GnuPG-Bug-Id: T4462 +(cherry picked from commit e57954ed278cb5e6e725005b1ecaf7ce70006ce0) +(cherry picked from commit 35899dc2903b118620e6f9f0fa6b21c8568abbf1) +--- + g10/getkey.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/g10/getkey.c b/g10/getkey.c +index c4afe45..1b699a4 100644 +--- a/g10/getkey.c ++++ b/g10/getkey.c +@@ -1495,15 +1495,14 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk, + /* Old key is better. */ + release_public_key_parts (&new.key); + free_user_id (new.uid); +- new.uid = NULL; + } + else + { + /* A tie. Keep the old key. */ + release_public_key_parts (&new.key); + free_user_id (new.uid); +- new.uid = NULL; + } ++ new.uid = NULL; + } + getkey_end (ctrl, ctx); + ctx = NULL; diff --git a/patches/from-2.2.16/g10-Fix-possible-null-dereference.patch b/patches/from-2.2.16/g10-Fix-possible-null-dereference.patch new file mode 100644 index 0000000..200f891 --- /dev/null +++ b/patches/from-2.2.16/g10-Fix-possible-null-dereference.patch @@ -0,0 +1,35 @@ +From: NIIBE Yutaka +Date: Tue, 14 May 2019 11:20:07 +0900 +Subject: g10: Fix possible null dereference. + +* g10/armor.c (armor_filter): Access ->d in the internal loop. + +-- + +Cherry-picked master commit of: + 802a2aa300bad3d4385d17a2deeb0966da4e737d + +GnuPG-bug-id: 4494 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 5b22d2c400890fc366ccb7ca74ee886d9cef22a3) +--- + g10/armor.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/g10/armor.c b/g10/armor.c +index cc80968..36215a3 100644 +--- a/g10/armor.c ++++ b/g10/armor.c +@@ -1156,10 +1156,10 @@ armor_filter( void *opaque, int control, + } + + /* write the comment strings */ +- for(s=comment->d;comment;comment=comment->next,s=comment->d) ++ for(;comment;comment=comment->next) + { + iobuf_writestr(a, "Comment: " ); +- for( ; *s; s++ ) ++ for( s=comment->d; *s; s++ ) + { + if( *s == '\n' ) + iobuf_writestr(a, "\\n" ); diff --git a/patches/from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch b/patches/from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch new file mode 100644 index 0000000..bbd5401 --- /dev/null +++ b/patches/from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch @@ -0,0 +1,46 @@ +From: NIIBE Yutaka +Date: Wed, 13 Mar 2019 09:12:14 +0900 +Subject: g10: Fix symmetric cipher algo constant for ECDH. + +* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for +ECC strength 384, according to RFC-6637. + +-- + +Reported-by: Trevor Bentley +Signed-off-by: NIIBE Yutaka +(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c) +(cherry picked from commit 38c2a9a644e0bc1e2594ea437a5930982f7b8c4e) +--- + g10/ecdh.c | 2 +- + scd/app-openpgp.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/g10/ecdh.c b/g10/ecdh.c +index 6c2a56b..dcb3cde 100644 +--- a/g10/ecdh.c ++++ b/g10/ecdh.c +@@ -39,7 +39,7 @@ static const struct + /* Note: Must be sorted by ascending values for QBITS. */ + { + { 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES }, +- { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 }, ++ { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES192 }, + + /* Note: 528 is 521 rounded to the 8 bit boundary */ + { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } +diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c +index fa23fbe..e4a1fba 100644 +--- a/scd/app-openpgp.c ++++ b/scd/app-openpgp.c +@@ -1442,8 +1442,8 @@ ecdh_params (const char *curve) + /* See RFC-6637 for those constants. + 0x03: Number of bytes + 0x01: Version for this parameter format +- KDF algo +- KEK algo ++ KDF hash algo ++ KEK symmetric cipher algo + */ + if (nbits <= 256) + return (const unsigned char*)"\x03\x01\x08\x07"; diff --git a/patches/from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch b/patches/from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch new file mode 100644 index 0000000..f347305 --- /dev/null +++ b/patches/from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch @@ -0,0 +1,33 @@ +From: Werner Koch +Date: Thu, 11 Apr 2019 09:54:28 +0200 +Subject: gpg: Accept also armored data from the WKD. + +* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR. +-- + +We may even adjust the specs to allow that. It should not be a +problem for any OpenPGP implementation because armored keys are very +common and de-armoring code is de-facto a mandatory feature. + +Signed-off-by: Werner Koch +(cherry picked from commit dc4c7f65e32a0cddc075d06fa0132e099bcb6455) +--- + g10/keyserver.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/g10/keyserver.c b/g10/keyserver.c +index 8509d83..865e1e9 100644 +--- a/g10/keyserver.c ++++ b/g10/keyserver.c +@@ -2072,8 +2072,9 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick, + int armor_status = opt.no_armor; + import_filter_t save_filt; + +- /* Keys returned via WKD are in binary format. */ +- opt.no_armor = 1; ++ /* Keys returned via WKD are in binary format. However, we ++ * relax that requirement and allow also for armored data. */ ++ opt.no_armor = 0; + save_filt = save_and_clear_import_filter (); + if (!save_filt) + err = gpg_error_from_syserror (); diff --git a/patches/from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch b/patches/from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch new file mode 100644 index 0000000..aa34d0a --- /dev/null +++ b/patches/from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch @@ -0,0 +1,279 @@ +From: Werner Koch +Date: Mon, 27 May 2019 10:40:38 +0200 +Subject: gpg: Allow deletion of subkeys with --delete-[secret-]key. + +* common/userids.c (classify_user_id): Do not set the EXACT flag in +the default case. +* g10/export.c (exact_subkey_match_p): Make static, +* g10/delkey.c (do_delete_key): Implement subkey only deleting. +-- + +GnuPG-bug-id: 4457 +(cherry picked from commit d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a) +--- + common/userids.c | 7 ++-- + doc/gpg.texi | 10 ++++-- + g10/delkey.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++---- + g10/export.c | 4 +-- + g10/main.h | 2 ++ + 5 files changed, 113 insertions(+), 13 deletions(-) + +diff --git a/common/userids.c b/common/userids.c +index 01f2cd8..00f26b7 100644 +--- a/common/userids.c ++++ b/common/userids.c +@@ -351,8 +351,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) + } + else if (!hexprefix) + { +- /* The fingerprint in an X.509 listing is often delimited by +- colons, so we try to single this case out. */ ++ /* The fingerprint of an X.509 listing is often delimited by ++ * colons, so we try to single this case out. Note that the ++ * OpenPGP bang suffix is not supported here. */ ++ desc->exact = 0; + mode = 0; + hexlength = strspn (s, ":0123456789abcdefABCDEF"); + if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) +@@ -414,7 +416,6 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) + } + if (!mode) /* Default to substring search. */ + { +- desc->exact = 0; + desc->u.name = s; + mode = KEYDB_SEARCH_MODE_SUBSTR; + } +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 7858baf..9853f69 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -404,7 +404,10 @@ functionality is also available as the subcommand "passwd" with the + @opindex delete-keys + Remove key from the public keyring. In batch mode either @option{--yes} is + required or the key must be specified by fingerprint. This is a +-safeguard against accidental deletion of multiple keys. ++safeguard against accidental deletion of multiple keys. If the ++exclamation mark syntax is used with the fingerprint of a subkey only ++that subkey is deleted; if the exclamation mark is used with the ++fingerprint of the primary key the entire public key is deleted. + + @item --delete-secret-keys @var{name} + @opindex delete-secret-keys +@@ -413,7 +416,10 @@ specified by fingerprint. The option @option{--yes} can be used to + advice gpg-agent not to request a confirmation. This extra + pre-caution is done because @command{@gpgname} can't be sure that the + secret key (as controlled by gpg-agent) is only used for the given +-OpenPGP public key. ++OpenPGP public key. If the exclamation mark syntax is used with the ++fingerprint of a subkey only the secret part of that subkey is ++deleted; if the exclamation mark is used with the fingerprint of the ++primary key only the secret part of the primary key is deleted. + + + @item --delete-secret-and-public-key @var{name} +diff --git a/g10/delkey.c b/g10/delkey.c +index 461a2c8..e91acb0 100644 +--- a/g10/delkey.c ++++ b/g10/delkey.c +@@ -1,7 +1,7 @@ + /* delkey.c - delete keys + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, + * 2005, 2006 Free Software Foundation, Inc. +- * Copyright (C) 2014 Werner Koch ++ * Copyright (C) 2014, 2019 Werner Koch + * + * This file is part of GnuPG. + * +@@ -53,13 +53,15 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + gpg_error_t err; + kbnode_t keyblock = NULL; + kbnode_t node, kbctx; ++ kbnode_t targetnode; + KEYDB_HANDLE hd; + PKT_public_key *pk = NULL; + u32 keyid[2]; + int okay=0; + int yes; + KEYDB_SEARCH_DESC desc; +- int exactmatch; ++ int exactmatch; /* True if key was found by fingerprint. */ ++ int thiskeyonly; /* 0 = false, 1 = is primary key, 2 = is a subkey. */ + + *r_sec_avail = 0; + +@@ -72,6 +74,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR + || desc.mode == KEYDB_SEARCH_MODE_FPR16 + || desc.mode == KEYDB_SEARCH_MODE_FPR20); ++ thiskeyonly = desc.exact; + if (!err) + err = keydb_search (hd, &desc, 1, NULL); + if (err) +@@ -97,7 +100,35 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + err = gpg_error (GPG_ERR_GENERAL); + goto leave; + } +- pk = node->pkt->pkt.public_key; ++ ++ /* If an operation only on a subkey is requested, find that subkey ++ * now. */ ++ if (thiskeyonly) ++ { ++ kbnode_t tmpnode; ++ ++ for (kbctx=NULL; (tmpnode = walk_kbnode (keyblock, &kbctx, 0)); ) ++ { ++ if (!(tmpnode->pkt->pkttype == PKT_PUBLIC_KEY ++ || tmpnode->pkt->pkttype == PKT_PUBLIC_SUBKEY)) ++ continue; ++ if (exact_subkey_match_p (&desc, tmpnode)) ++ break; ++ } ++ if (!tmpnode) ++ { ++ log_error ("Oops; requested subkey not found anymore!\n"); ++ err = gpg_error (GPG_ERR_GENERAL); ++ goto leave; ++ } ++ /* Set NODE to this specific subkey or primary key. */ ++ thiskeyonly = node == tmpnode? 1 : 2; ++ targetnode = tmpnode; ++ } ++ else ++ targetnode = node; ++ ++ pk = targetnode->pkt->pkt.public_key; + keyid_from_pk (pk, keyid); + + if (!secret && !force) +@@ -143,6 +174,32 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + print_pubkey_info (ctrl, NULL, pk ); + tty_printf( "\n" ); + ++ if (thiskeyonly == 1 && !secret) ++ { ++ /* We need to delete the entire public key despite the use ++ * of the thiskeyonly request. */ ++ tty_printf (_("Note: The public primary key and all its subkeys" ++ " will be deleted.\n")); ++ } ++ else if (thiskeyonly == 2 && !secret) ++ { ++ tty_printf (_("Note: Only the shown public subkey" ++ " will be deleted.\n")); ++ } ++ if (thiskeyonly == 1 && secret) ++ { ++ tty_printf (_("Note: Only the secret part of the shown primary" ++ " key will be deleted.\n")); ++ } ++ else if (thiskeyonly == 2 && secret) ++ { ++ tty_printf (_("Note: Only the secret part of the shown subkey" ++ " will be deleted.\n")); ++ } ++ ++ if (thiskeyonly) ++ tty_printf ("\n"); ++ + yes = cpr_get_answer_is_yes + (secret? "delete_key.secret.okay": "delete_key.okay", + _("Delete this key from the keyring? (y/N) ")); +@@ -178,6 +235,9 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)) + continue; + ++ if (thiskeyonly && targetnode != node) ++ continue; ++ + if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key)) + continue; /* No secret key for that public (sub)key. */ + +@@ -219,9 +279,38 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + if (firsterr) + goto leave; + } ++ else if (thiskeyonly == 2) ++ { ++ int selected = 0; ++ ++ /* Delete the specified public subkey. */ ++ for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) ++ { ++ if (thiskeyonly && targetnode != node) ++ continue; ++ ++ if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ++ { ++ selected = targetnode == node; ++ if (selected) ++ delete_kbnode (node); ++ } ++ else if (selected && node->pkt->pkttype == PKT_SIGNATURE) ++ delete_kbnode (node); ++ else ++ selected = 0; ++ } ++ commit_kbnode (&keyblock); ++ err = keydb_update_keyblock (ctrl, hd, keyblock); ++ if (err) ++ { ++ log_error (_("update failed: %s\n"), gpg_strerror (err)); ++ goto leave; ++ } ++ } + else + { +- err = opt.dry_run? 0 : keydb_delete_keyblock (hd); ++ err = keydb_delete_keyblock (hd); + if (err) + { + log_error (_("deleting keyblock failed: %s\n"), +@@ -234,7 +323,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + revalidation_mark(). This makes sense - only deleting keys + that have ownertrust set should trigger this. */ + +- if (!secret && pk && !opt.dry_run && clear_ownertrusts (ctrl, pk)) ++ if (!secret && pk && !opt.dry_run && thiskeyonly != 2 ++ && clear_ownertrusts (ctrl, pk)) + { + if (opt.verbose) + log_info (_("ownertrust information cleared\n")); +@@ -247,7 +337,8 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + return err; + } + +-/**************** ++ ++/* + * Delete a public or secret key from a keyring. + */ + gpg_error_t +diff --git a/g10/export.c b/g10/export.c +index 70f5261..4216a24 100644 +--- a/g10/export.c ++++ b/g10/export.c +@@ -428,8 +428,8 @@ new_subkey_list_item (KBNODE node) + (keyID or fingerprint) and does match the one at NODE. It is + assumed that the packet at NODE is either a public or secret + subkey. */ +-static int +-exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node) ++int ++exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node) + { + u32 kid[2]; + byte fpr[MAX_FINGERPRINT_LEN]; +diff --git a/g10/main.h b/g10/main.h +index d3d6060..e14fcbb 100644 +--- a/g10/main.h ++++ b/g10/main.h +@@ -396,6 +396,8 @@ void export_print_stats (export_stats_t stats); + int parse_export_options(char *str,unsigned int *options,int noisy); + gpg_error_t parse_and_set_export_filter (const char *string); + ++int exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, kbnode_t node); ++ + int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, + export_stats_t stats); + int export_seckeys (ctrl_t ctrl, strlist_t users, unsigned int options, diff --git a/patches/from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch b/patches/from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch new file mode 100644 index 0000000..652f759 --- /dev/null +++ b/patches/from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch @@ -0,0 +1,39 @@ +From: Werner Koch +Date: Mon, 13 May 2019 19:01:28 +0200 +Subject: gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. + +* g10/sign.c (update_keysig_packet): Convert digest algo when needed. +-- + +Several gpg commands try to keep most properties of a key signature +when updating (i.e. creating a new version of a key signature). This +included the use of the current hash-algorithm. This patch changes +this so that SHA-1 or RMD160 are replaced by SHA-256 if +possible (i.e. for RSA signatures). Affected commands are for example +--quick-set-expire and --quick-set-primary-uid. + +GnuPG-bug-id: 4508 +Signed-off-by: Werner Koch +(cherry picked from commit c1dc7a832921fdf5686d377f33db78707c0345e2) +--- + g10/sign.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/g10/sign.c b/g10/sign.c +index 095fa11..92ff361 100644 +--- a/g10/sign.c ++++ b/g10/sign.c +@@ -1593,6 +1593,13 @@ update_keysig_packet (ctrl_t ctrl, + + if ( opt.cert_digest_algo ) + digest_algo = opt.cert_digest_algo; ++ else if (pksk->pubkey_algo == PUBKEY_ALGO_DSA ++ || pksk->pubkey_algo == PUBKEY_ALGO_ECDSA ++ || pksk->pubkey_algo == PUBKEY_ALGO_EDDSA) ++ digest_algo = orig_sig->digest_algo; ++ else if (orig_sig->digest_algo == DIGEST_ALGO_SHA1 ++ || orig_sig->digest_algo == DIGEST_ALGO_RMD160) ++ digest_algo = DEFAULT_DIGEST_ALGO; + else + digest_algo = orig_sig->digest_algo; + diff --git a/patches/from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch b/patches/from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch new file mode 100644 index 0000000..9b0f9fe --- /dev/null +++ b/patches/from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch @@ -0,0 +1,142 @@ +From: Werner Koch +Date: Tue, 21 May 2019 16:25:56 +0200 +Subject: gpg: Do not allow creation of user ids larger than our parser + allows. + +* g10/parse-packet.c: Move max packet lengths constants to ... +* g10/packet.h: ... here. +* g10/build-packet.c (do_user_id): Return an error if too data is too +large. +* g10/keygen.c (write_uid): Return an error for too large data. +-- + +This can lead to keyring corruption becuase we expect that our parser +is abale to parse packts created by us. Test case is + + gpg --batch --passphrase 'abc' -v \ + --quick-gen-key $(yes 'a'| head -4000|tr -d '\n') + +GnuPG-bug-id: 4532 +Signed-off-by: Werner Koch +(cherry picked from commit d32963eeb33fd3053d40a4e7071fb0e8b28a8651) +--- + g10/build-packet.c | 8 +++++++- + g10/keygen.c | 35 ++++++++++++++++++++--------------- + g10/packet.h | 5 +++++ + g10/parse-packet.c | 6 ------ + 4 files changed, 32 insertions(+), 22 deletions(-) + +diff --git a/g10/build-packet.c b/g10/build-packet.c +index b83ea84..14e40a1 100644 +--- a/g10/build-packet.c ++++ b/g10/build-packet.c +@@ -424,15 +424,21 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) + * Without forcing HDRLEN to 2 in this case an indeterminate length + * packet would be written which is not allowed. Note that we are + * always called with a CTB indicating an old packet header format, +- * so that forcing a 2 octet header works. */ ++ * so that forcing a 2 octet header works. We also check for the ++ * maximum allowed packet size by the parser using an arbitrary ++ * extra 10 bytes for header data. */ + if (uid->attrib_data) + { ++ if (uid->attrib_len > MAX_ATTR_PACKET_LENGTH - 10) ++ return gpg_error (GPG_ERR_TOO_LARGE); + hdrlen = uid->attrib_len? 0 : 2; + write_header2 (out, ctb, uid->attrib_len, hdrlen); + rc = iobuf_write( out, uid->attrib_data, uid->attrib_len ); + } + else + { ++ if (uid->len > MAX_UID_PACKET_LENGTH - 10) ++ return gpg_error (GPG_ERR_TOO_LARGE); + hdrlen = uid->len? 0 : 2; + write_header2 (out, ctb, uid->len, hdrlen); + rc = iobuf_write( out, uid->name, uid->len ); +diff --git a/g10/keygen.c b/g10/keygen.c +index 9edbdff..28ef898 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -217,18 +217,22 @@ print_status_key_not_created (const char *handle) + + + +-static void +-write_uid( KBNODE root, const char *s ) ++static gpg_error_t ++write_uid (kbnode_t root, const char *s) + { +- PACKET *pkt = xmalloc_clear(sizeof *pkt ); +- size_t n = strlen(s); +- +- pkt->pkttype = PKT_USER_ID; +- pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); +- pkt->pkt.user_id->len = n; +- pkt->pkt.user_id->ref = 1; +- strcpy(pkt->pkt.user_id->name, s); +- add_kbnode( root, new_kbnode( pkt ) ); ++ PACKET *pkt = xmalloc_clear (sizeof *pkt); ++ size_t n = strlen (s); ++ ++ if (n > MAX_UID_PACKET_LENGTH - 10) ++ return gpg_error (GPG_ERR_INV_USER_ID); ++ ++ pkt->pkttype = PKT_USER_ID; ++ pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); ++ pkt->pkt.user_id->len = n; ++ pkt->pkt.user_id->ref = 1; ++ strcpy (pkt->pkt.user_id->name, s); ++ add_kbnode (root, new_kbnode (pkt)); ++ return 0; + } + + static void +@@ -4750,10 +4754,11 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, + + if (!err && (s = get_parameter_value (para, pUSERID))) + { +- write_uid (pub_root, s ); +- err = write_selfsigs (ctrl, pub_root, pri_psk, +- get_parameter_uint (para, pKEYUSAGE), timestamp, +- cache_nonce); ++ err = write_uid (pub_root, s ); ++ if (!err) ++ err = write_selfsigs (ctrl, pub_root, pri_psk, ++ get_parameter_uint (para, pKEYUSAGE), timestamp, ++ cache_nonce); + } + + /* Write the auth key to the card before the encryption key. This +diff --git a/g10/packet.h b/g10/packet.h +index 6d01b10..6e326b5 100644 +--- a/g10/packet.h ++++ b/g10/packet.h +@@ -33,6 +33,11 @@ + + #define DEBUG_PARSE_PACKET 1 + ++/* Maximum length of packets to avoid excessive memory allocation. */ ++#define MAX_KEY_PACKET_LENGTH (256 * 1024) ++#define MAX_UID_PACKET_LENGTH ( 2 * 1024) ++#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) ++#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) + + /* Constants to allocate static MPI arrays. */ + #define PUBKEY_MAX_NPKEY 5 +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +index 3aa11a4..2d6ec92 100644 +--- a/g10/parse-packet.c ++++ b/g10/parse-packet.c +@@ -38,12 +38,6 @@ + #include "../common/mbox-util.h" + + +-/* Maximum length of packets to avoid excessive memory allocation. */ +-#define MAX_KEY_PACKET_LENGTH (256 * 1024) +-#define MAX_UID_PACKET_LENGTH ( 2 * 1024) +-#define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024) +-#define MAX_ATTR_PACKET_LENGTH ( 16 * 1024*1024) +- + static int mpi_print_mode; + static int list_mode; + static estream_t listfp; diff --git a/patches/from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch b/patches/from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch new file mode 100644 index 0000000..40c1ce3 --- /dev/null +++ b/patches/from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch @@ -0,0 +1,49 @@ +From: Werner Koch +Date: Tue, 21 May 2019 17:27:42 +0200 +Subject: gpg: Do not bail on an invalid packet in the local keyring. + +* g10/keydb.c (parse_keyblock_image): Treat invalid packet special. +-- + +This is in particular useful to run --list-keys on a keyring with +corrupted packets. The extra flush is to keep the diagnostic close to +the regular --list-key output. + +Signed-off-by: Werner Koch + +This is a backport from master with support for the unsupported v5 key +handling. + +(cherry picked from commit 30f44957ccd1433846709911798af3da4e437900) +--- + g10/keydb.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/g10/keydb.c b/g10/keydb.c +index 0475f85..670a8a1 100644 +--- a/g10/keydb.c ++++ b/g10/keydb.c +@@ -1249,12 +1249,19 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, + } + if (err) + { +- if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) ++ es_fflush (es_stdout); ++ log_error ("parse_keyblock_image: read error: %s\n", ++ gpg_strerror (err)); ++ if (gpg_err_code (err) == GPG_ERR_INV_PACKET) + { +- log_error ("parse_keyblock_image: read error: %s\n", +- gpg_strerror (err)); +- err = gpg_error (GPG_ERR_INV_KEYRING); ++ free_packet (pkt, &parsectx); ++ init_packet (pkt); ++ continue; + } ++ /* Unknown version maybe due to v5 keys - we treat this ++ * error different. */ ++ if (gpg_err_code (err) != GPG_ERR_UNKNOWN_VERSION) ++ err = gpg_error (GPG_ERR_INV_KEYRING); + break; + } + diff --git a/patches/from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch b/patches/from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch new file mode 100644 index 0000000..d64fefd --- /dev/null +++ b/patches/from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch @@ -0,0 +1,46 @@ +From: Werner Koch +Date: Mon, 20 May 2019 12:31:55 +0200 +Subject: gpg: Do not delete any keys if --dry-run is passed. + +* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs. +Do not clear the ownertrust. Do not let the agent delete the key. +-- + +Co-authored-by: Matheus Afonso Martins Moreira +Signed-off-by: Werner Koch +(cherry picked from commit 5c46c5f74540ad753b925b74593332ca92de47fa) +--- + g10/delkey.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/g10/delkey.c b/g10/delkey.c +index bf8c4e9..461a2c8 100644 +--- a/g10/delkey.c ++++ b/g10/delkey.c +@@ -190,7 +190,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + * pre-caution is that since 2.1 the secret key may also + * be used for other protocols and thus deleting it from + * the gpg would also delete the key for other tools. */ +- if (!err) ++ if (!err && !opt.dry_run) + err = agent_delete_key (NULL, hexgrip, prompt, + opt.answer_yes); + xfree (prompt); +@@ -221,7 +221,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + } + else + { +- err = keydb_delete_keyblock (hd); ++ err = opt.dry_run? 0 : keydb_delete_keyblock (hd); + if (err) + { + log_error (_("deleting keyblock failed: %s\n"), +@@ -234,7 +234,7 @@ do_delete_key (ctrl_t ctrl, const char *username, int secret, int force, + revalidation_mark(). This makes sense - only deleting keys + that have ownertrust set should trigger this. */ + +- if (!secret && pk && clear_ownertrusts (ctrl, pk)) ++ if (!secret && pk && !opt.dry_run && clear_ownertrusts (ctrl, pk)) + { + if (opt.verbose) + log_info (_("ownertrust information cleared\n")); diff --git a/patches/from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch b/patches/from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch new file mode 100644 index 0000000..01c9ccd --- /dev/null +++ b/patches/from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch @@ -0,0 +1,35 @@ +From: Werner Koch +Date: Tue, 14 May 2019 07:56:10 +0200 +Subject: gpg: Do not print a hint to use the deprecated --keyserver option. + +* g10/keyserver.c (keyserver_search): Remove a specialized error +message. +-- + +Dirmngr comes with a default keyserver and the suggestion to use +gpg --keyserver +is not good because that option is deprecated. An error message +"No keyserver available" is sufficient. + +GnuPG-bug-id: 4512 +Signed-off-by: Werner Koch +(cherry picked from commit 8d645f1d1f2b0f4e2d3b72f2a585acac4bdd8846) +--- + g10/keyserver.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/g10/keyserver.c b/g10/keyserver.c +index 865e1e9..cadb71f 100644 +--- a/g10/keyserver.c ++++ b/g10/keyserver.c +@@ -1537,9 +1537,7 @@ keyserver_search (ctrl_t ctrl, strlist_t tokens) + log_info (_("key not found on keyserver\n")); + } + +- if (gpg_err_code (err) == GPG_ERR_NO_KEYSERVER) +- log_error (_("no keyserver known (use option --keyserver)\n")); +- else if (gpg_err_code (err) == GPG_ERR_NO_DATA) ++ if (gpg_err_code (err) == GPG_ERR_NO_DATA) + err = gpg_error (GPG_ERR_NOT_FOUND); + else if (err) + log_error ("error searching keyserver: %s\n", gpg_strerror (err)); diff --git a/patches/from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch b/patches/from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch new file mode 100644 index 0000000..af725c1 --- /dev/null +++ b/patches/from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch @@ -0,0 +1,56 @@ +From: Trevor Bentley +Date: Mon, 25 Mar 2019 15:19:47 +0100 +Subject: gpg: Don't use EdDSA algo ID for ECDSA curves. + +* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from +an EdDSA curve. + +-- + +(cherry picked from commit 4324560b2c0bb76a1769535c383424a042e505ae) + +This change matters when it is called from ask_card_keyattr. + +Some-comments-by: NIIBE Yutaka +(cherry picked from commit 2f455d18ab99a1d94029d3f607ae918bd5c9fecf) +--- + g10/keygen.c | 25 ++++++++++++++++++------- + 1 file changed, 18 insertions(+), 7 deletions(-) + +diff --git a/g10/keygen.c b/g10/keygen.c +index a8333b0..9edbdff 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -2355,14 +2355,25 @@ ask_curve (int *algo, int *subkey_algo, const char *current) + else + { + /* If the user selected a signing algorithm and Curve25519 +- we need to set the algo to EdDSA and update the curve name. */ +- if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) +- && curves[idx].eddsa_curve) ++ we need to set the algo to EdDSA and update the curve name. ++ If switching away from EdDSA, we need to set the algo back ++ to ECDSA. */ ++ if (*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) + { +- if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) +- *subkey_algo = PUBKEY_ALGO_EDDSA; +- *algo = PUBKEY_ALGO_EDDSA; +- result = curves[idx].eddsa_curve; ++ if (curves[idx].eddsa_curve) ++ { ++ if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) ++ *subkey_algo = PUBKEY_ALGO_EDDSA; ++ *algo = PUBKEY_ALGO_EDDSA; ++ result = curves[idx].eddsa_curve; ++ } ++ else ++ { ++ if (subkey_algo && *subkey_algo == PUBKEY_ALGO_EDDSA) ++ *subkey_algo = PUBKEY_ALGO_ECDSA; ++ *algo = PUBKEY_ALGO_ECDSA; ++ result = curves[idx].name; ++ } + } + else + result = curves[idx].name; diff --git a/patches/from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch b/patches/from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch new file mode 100644 index 0000000..66ced95 --- /dev/null +++ b/patches/from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch @@ -0,0 +1,74 @@ +From: Werner Koch +Date: Thu, 11 Apr 2019 09:43:33 +0200 +Subject: gpg: Set a limit of 5 to the number of keys imported from the WKD. + +* g10/import.c (import): Limit the number of considered keys to 5. +(import_one): Return the first fingerprint in case of WKD. +-- + +The Web Key Directory should carry only one key. However, some +providers like to put old or expired keys also into the WKD. I don't +thunk that this is a good idea but I heard claims that this is needed +for them to migrate existing key data bases. + +This patch puts a limit on 5 on it (we had none right now) and also +fixes the issue that gpg could not work immediately with the requested +key because the code uses the fingerprint of the key to use the +imported key. Now the first key is used. On a second try (w/o +accessing the WKD) the regular key selection mechanism would be in +effect. I think this is the most conservative approach. Let's see +whether it helps. + +Signed-off-by: Werner Koch +(cherry picked from commit e9fcb0361ab4ef1f6fb0ea235f1b15667932aba2) +--- + g10/import.c | 25 +++++++++++++++++++++---- + 1 file changed, 21 insertions(+), 4 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index aeab4e0..3c8d0fe 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -665,6 +665,18 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, + + if (!(++stats->count % 100) && !opt.quiet) + log_info (_("%lu keys processed so far\n"), stats->count ); ++ ++ if (origin == KEYORG_WKD && stats->count >= 5) ++ { ++ /* We limit the number of keys _received_ from the WKD to 5. ++ * In fact there should be only one key but some sites want ++ * to store a few expired keys there also. gpg's key ++ * selection will later figure out which key to use. Note ++ * that for WKD we always return the fingerprint of the ++ * first imported key. */ ++ log_info ("import from WKD stopped after %d keys\n", 5); ++ break; ++ } + } + stats->v3keys += v3keys; + if (rc == -1) +@@ -2183,14 +2195,19 @@ import_one (ctrl_t ctrl, + fingerprint of the key in all cases. */ + if (fpr) + { +- xfree (*fpr); + /* Note that we need to compare against 0 here because + COUNT gets only incremented after returning from this + function. */ + if (!stats->count) +- *fpr = fingerprint_from_pk (pk, NULL, fpr_len); +- else +- *fpr = NULL; ++ { ++ xfree (*fpr); ++ *fpr = fingerprint_from_pk (pk, NULL, fpr_len); ++ } ++ else if (origin != KEYORG_WKD) ++ { ++ xfree (*fpr); ++ *fpr = NULL; ++ } + } + } + diff --git a/patches/from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch b/patches/from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch new file mode 100644 index 0000000..b23b5b1 --- /dev/null +++ b/patches/from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch @@ -0,0 +1,52 @@ +From: Werner Koch +Date: Fri, 3 May 2019 10:53:34 +0200 +Subject: gpg: Use just the addrspec from the Signer's UID. + +* g10/parse-packet.c (parse_signature): Take only the addrspec from a +Signer's UID subpacket. +-- + +This is to address a problem in the currentr OpenKeychain which put +the entire UID into the subpacket. For example our Tofu code can only +use the addrspec and not the entire UID. + +Reported-by: Wiktor Kwapisiewicz +Signed-off-by: Werner Koch +(cherry picked from commit 05204b72497db093f5d2da4a2446c0264a946296) +--- + g10/parse-packet.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +index 05f63e9..3aa11a4 100644 +--- a/g10/parse-packet.c ++++ b/g10/parse-packet.c +@@ -35,6 +35,7 @@ + #include "main.h" + #include "../common/i18n.h" + #include "../common/host2net.h" ++#include "../common/mbox-util.h" + + + /* Maximum length of packets to avoid excessive memory allocation. */ +@@ -2064,12 +2065,20 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIGNERS_UID, &len); + if (p && len) + { ++ char *mbox; ++ + sig->signers_uid = try_make_printable_string (p, len, 0); + if (!sig->signers_uid) + { + rc = gpg_error_from_syserror (); + goto leave; + } ++ mbox = mailbox_from_userid (sig->signers_uid); ++ if (mbox) ++ { ++ xfree (sig->signers_uid); ++ sig->signers_uid = mbox; ++ } + } + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL); diff --git a/patches/from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch b/patches/from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch new file mode 100644 index 0000000..6fb5048 --- /dev/null +++ b/patches/from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch @@ -0,0 +1,38 @@ +From: Daniel Kahn Gillmor +Date: Mon, 13 May 2019 21:22:38 -0400 +Subject: gpg: enable OpenPGP export of cleartext keys with comments + +* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing +sublists in private-key S-expression. + +-- + +When gpg-agent learns about a private key from its ssh-agent +interface, it stores its S-expression with the comment attached. The +export mechanism for OpenPGP keys already in cleartext was too brittle +because it would choke on these comments. This change lets it ignore +any additional trailing sublists. + +Signed-off-by: Daniel Kahn Gillmor +Gnupg-Bug-Id: 4490 +(cherry picked from commit 9c704d9d46338769a66bfc6c378efeda3c4bd9ec) +--- + g10/export.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/g10/export.c b/g10/export.c +index e94e959..70f5261 100644 +--- a/g10/export.c ++++ b/g10/export.c +@@ -596,7 +596,10 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk) + top_list = gcry_sexp_find_token (s_key, "private-key", 0); + if (!top_list) + goto bad_seckey; +- if (gcry_sexp_length(top_list) != 2) ++ ++ /* ignore all S-expression after the first sublist -- we assume that ++ they are comments or otherwise irrelevant to OpenPGP */ ++ if (gcry_sexp_length(top_list) < 2) + goto bad_seckey; + key = gcry_sexp_nth (top_list, 1); + if (!key) diff --git a/patches/from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch b/patches/from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch new file mode 100644 index 0000000..4873c3b --- /dev/null +++ b/patches/from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch @@ -0,0 +1,63 @@ +From: Werner Koch +Date: Thu, 16 May 2019 12:24:08 +0200 +Subject: gpgconf: Before --launch check that the config file is fine. + +* tools/gpgconf-comp.c (gc_component_launch): Check the conf file. +* tools/gpgconf.c (gpgconf_failure): Call log_flush. +-- +GnuPG-bug-id: 4497 +Signed-off-by: Werner Koch +(cherry picked from commit 3a28706cfd960ff84dda9a22aa2f160b4c2efbb5) +--- + tools/gpgconf-comp.c | 18 ++++++++++++++---- + tools/gpgconf.c | 1 + + 2 files changed, 15 insertions(+), 4 deletions(-) + +diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c +index adecfde..7f7440b 100644 +--- a/tools/gpgconf-comp.c ++++ b/tools/gpgconf-comp.c +@@ -1297,8 +1297,17 @@ gc_component_launch (int component) + if (!(component == GC_COMPONENT_GPG_AGENT + || component == GC_COMPONENT_DIRMNGR)) + { +- es_fputs (_("Component not suitable for launching"), es_stderr); +- es_putc ('\n', es_stderr); ++ log_error ("%s\n", _("Component not suitable for launching")); ++ gpgconf_failure (0); ++ } ++ ++ if (gc_component_check_options (component, NULL, NULL)) ++ { ++ log_error (_("Configuration file of component %s is broken\n"), ++ gc_component[component].name); ++ if (!opt.quiet) ++ log_info (_("Note: Use the command \"%s%s\" to get details.\n"), ++ "gpgconf --check-options ", gc_component[component].name); + gpgconf_failure (0); + } + +@@ -1709,8 +1718,9 @@ collect_error_output (estream_t fp, const char *tag) + } + + +-/* Check the options of a single component. Returns 0 if everything +- is OK. */ ++/* Check the options of a single component. If CONF_FILE is NULL the ++ * standard config file is used. If OUT is not NULL the output is ++ * written to that stream. Returns 0 if everything is OK. */ + int + gc_component_check_options (int component, estream_t out, const char *conf_file) + { +diff --git a/tools/gpgconf.c b/tools/gpgconf.c +index 59085d8..bca6efb 100644 +--- a/tools/gpgconf.c ++++ b/tools/gpgconf.c +@@ -881,6 +881,7 @@ main (int argc, char **argv) + void + gpgconf_failure (gpg_error_t err) + { ++ log_flush (); + if (!err) + err = gpg_error (GPG_ERR_GENERAL); + gpgconf_write_status diff --git a/patches/from-2.2.16/gpgconf-Support-homedir-for-launch.patch b/patches/from-2.2.16/gpgconf-Support-homedir-for-launch.patch new file mode 100644 index 0000000..f6a5e0d --- /dev/null +++ b/patches/from-2.2.16/gpgconf-Support-homedir-for-launch.patch @@ -0,0 +1,99 @@ +From: Werner Koch +Date: Wed, 15 May 2019 08:50:15 +0200 +Subject: gpgconf: Support --homedir for --launch. + +* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because +gnupg_homedir already returns abd absolute name. +(scdaemon_runtime_change): Ditto. +(dirmngr_runtime_change): Ditto. +(gc_component_launch): Support --homedir. +-- + +GnuPG-bug-id: 4496 +Signed-off-by: Werner Koch +(cherry picked from commit 31e26037bd727a6ee9c96ba168a55c4f9def43b6) +--- + doc/tools.texi | 2 ++ + tools/gpgconf-comp.c | 25 +++++++++---------------- + 2 files changed, 11 insertions(+), 16 deletions(-) + +diff --git a/doc/tools.texi b/doc/tools.texi +index b1e8b0b..467fcdc 100644 +--- a/doc/tools.texi ++++ b/doc/tools.texi +@@ -393,6 +393,8 @@ extends numerical field values by human-readable descriptions. + @opindex quiet + Try to be as quiet as possible. + ++@include opt-homedir.texi ++ + @item -n + @itemx --dry-run + Do not actually change anything. This is currently only implemented +diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c +index b10b146..adecfde 100644 +--- a/tools/gpgconf-comp.c ++++ b/tools/gpgconf-comp.c +@@ -1180,12 +1180,8 @@ gpg_agent_runtime_change (int killflag) + pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); + if (!gnupg_default_homedir_p ()) + { +- abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); +- if (!abs_homedir) +- err = gpg_error_from_syserror (); +- + argv[i++] = "--homedir"; +- argv[i++] = abs_homedir; ++ argv[i++] = gnupg_homedir (); + } + argv[i++] = "--no-autostart"; + argv[i++] = killflag? "KILLAGENT" : "RELOADAGENT"; +@@ -1223,12 +1219,8 @@ scdaemon_runtime_change (int killflag) + pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); + if (!gnupg_default_homedir_p ()) + { +- abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); +- if (!abs_homedir) +- err = gpg_error_from_syserror (); +- + argv[i++] = "--homedir"; +- argv[i++] = abs_homedir; ++ argv[i++] = gnupg_homedir (); + } + argv[i++] = "-s"; + argv[i++] = "--no-autostart"; +@@ -1267,12 +1259,8 @@ dirmngr_runtime_change (int killflag) + argv[3] = NULL; + else + { +- abs_homedir = make_absfilename_try (gnupg_homedir (), NULL); +- if (!abs_homedir) +- err = gpg_error_from_syserror (); +- + argv[3] = "--homedir"; +- argv[4] = abs_homedir; ++ argv[4] = gnupg_homedir (); + argv[5] = NULL; + } + +@@ -1294,7 +1282,7 @@ gc_component_launch (int component) + { + gpg_error_t err; + const char *pgmname; +- const char *argv[3]; ++ const char *argv[5]; + int i; + pid_t pid; + +@@ -1316,6 +1304,11 @@ gc_component_launch (int component) + + pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); + i = 0; ++ if (!gnupg_default_homedir_p ()) ++ { ++ argv[i++] = "--homedir"; ++ argv[i++] = gnupg_homedir (); ++ } + if (component == GC_COMPONENT_DIRMNGR) + argv[i++] = "--dirmngr"; + argv[i++] = "NOP"; diff --git a/patches/from-2.2.17/Mention-sender-in-documentation.patch b/patches/from-2.2.17/Mention-sender-in-documentation.patch new file mode 100644 index 0000000..ce21dd2 --- /dev/null +++ b/patches/from-2.2.17/Mention-sender-in-documentation.patch @@ -0,0 +1,30 @@ +From: Peter Lebbing +Date: Tue, 2 Jul 2019 10:28:56 +0200 +Subject: Mention --sender in documentation + +(cherry picked from commit 37b549dfe0acd362399debd7c93794eb75937402) +--- + doc/gpg.texi | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index ff2c0cf..5c3bd48 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -2609,11 +2609,11 @@ allows for this. + + @item --disable-signer-uid + @opindex disable-signer-uid +-By default the user ID of the signing key is embedded in the data +-signature. As of now this is only done if the signing key has been +-specified with @option{local-user} using a mail address. This +-information can be helpful for verifier to locate the key; see +-option @option{--auto-key-retrieve}. ++By default the user ID of the signing key is embedded in the data signature. ++As of now this is only done if the signing key has been specified with ++@option{local-user} using a mail address, or with @option{sender}. This ++information can be helpful for verifier to locate the key; see option ++@option{--auto-key-retrieve}. + + @item --personal-cipher-preferences @var{string} + @opindex personal-cipher-preferences diff --git a/patches/from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch b/patches/from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch new file mode 100644 index 0000000..7077fa6 --- /dev/null +++ b/patches/from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch @@ -0,0 +1,86 @@ +From: Werner Koch +Date: Mon, 3 Jun 2019 16:31:58 +0200 +Subject: Return better error code for some getinfo IPC commands. + +* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False. +* g13/server.c (cmd_getinfo): Ditto. +* sm/server.c (cmd_getinfo): Ditto. +-- + +GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require +a later version for gnupg 2. Thus we can switch to this more +descriptive code. + +Signed-off-by: Werner Koch +(cherry picked from commit f3251023750d6bd9023dbb8373c804d7d4540a56) +--- + agent/command.c | 6 +++--- + g13/server.c | 2 +- + sm/server.c | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/agent/command.c b/agent/command.c +index cf8a2e4..72b5973 100644 +--- a/agent/command.c ++++ b/agent/command.c +@@ -2887,7 +2887,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) + { + cmdopt = line; + if (!command_has_option (cmd, cmdopt)) +- rc = gpg_error (GPG_ERR_GENERAL); ++ rc = gpg_error (GPG_ERR_FALSE); + } + } + } +@@ -2901,7 +2901,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) + } + else if (!strcmp (line, "restricted")) + { +- rc = ctrl->restricted? 0 : gpg_error (GPG_ERR_GENERAL); ++ rc = ctrl->restricted? 0 : gpg_error (GPG_ERR_FALSE); + } + else if (ctrl->restricted) + { +@@ -2935,7 +2935,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) + } + else if (!strcmp (line, "scd_running")) + { +- rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_GENERAL); ++ rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_FALSE); + } + else if (!strcmp (line, "std_env_names")) + { +diff --git a/g13/server.c b/g13/server.c +index defde6c..7802952 100644 +--- a/g13/server.c ++++ b/g13/server.c +@@ -530,7 +530,7 @@ cmd_getinfo (assuan_context_t ctx, char *line) + { + cmdopt = line; + if (!command_has_option (cmd, cmdopt)) +- err = gpg_error (GPG_ERR_GENERAL); ++ err = gpg_error (GPG_ERR_FALSE); + } + } + } +diff --git a/sm/server.c b/sm/server.c +index 98505e2..77ec07f 100644 +--- a/sm/server.c ++++ b/sm/server.c +@@ -1162,14 +1162,14 @@ cmd_getinfo (assuan_context_t ctx, char *line) + { + cmdopt = line; + if (!command_has_option (cmd, cmdopt)) +- rc = gpg_error (GPG_ERR_GENERAL); ++ rc = gpg_error (GPG_ERR_FALSE); + } + } + } + } + else if (!strcmp (line, "offline")) + { +- rc = ctrl->offline? 0 : gpg_error (GPG_ERR_GENERAL); ++ rc = ctrl->offline? 0 : gpg_error (GPG_ERR_FALSE); + } + else + rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); diff --git a/patches/from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch b/patches/from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch new file mode 100644 index 0000000..e0b828c --- /dev/null +++ b/patches/from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch @@ -0,0 +1,143 @@ +From: Werner Koch +Date: Wed, 3 Jul 2019 17:39:53 +0200 +Subject: dirmngr: Avoid endless loop in case of HTTP error 503. + +* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New. +(handle_send_request_error): Use it for 503 and 504. +(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for +extra_tries. +-- + +This is a pretty stupid fix but one which works without much risk of +regressions. We could have used the existing TRIES but in that case +the fallback to other host would have been too limited. With the used +value we can have several fallbacks to other hosts. Note that the +TRIES is still cumulative and not per host. + +GnuPG-bug-id: 4600 +Signed-off-by: Werner Koch +(cherry picked from commit 8b113bb148f273524682252233b3c65954e1419e) +(cherry picked from commit d2e8d71251813e61b15a07637497fabe823b822c) +--- + dirmngr/ks-engine-hkp.c | 43 +++++++++++++++++++++++++++++++++---------- + 1 file changed, 33 insertions(+), 10 deletions(-) + +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index 8754a6b..3ebd651 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -67,6 +67,10 @@ + /* Number of retries done for a dead host etc. */ + #define SEND_REQUEST_RETRIES 3 + ++/* Number of retries done in case of transient errors. */ ++#define SEND_REQUEST_EXTRA_RETRIES 5 ++ ++ + enum ks_protocol { KS_PROTOCOL_HKP, KS_PROTOCOL_HKPS, KS_PROTOCOL_MAX }; + + /* Objects used to maintain information about hosts. */ +@@ -1306,10 +1310,12 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, + with REQUEST. The function returns true if the caller shall try + again. TRIES_LEFT points to a variable to track the number of + retries; this function decrements it and won't return true if it is +- down to zero. */ ++ down to zero. EXTRA_TRIES_LEFT does the same but only for ++ transient http status codes. */ + static int + handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request, +- unsigned int http_status, unsigned int *tries_left) ++ unsigned int http_status, unsigned int *tries_left, ++ unsigned int *extra_tries_left) + { + int retry = 0; + +@@ -1365,9 +1371,12 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request, + + case 503: /* Service Unavailable */ + case 504: /* Gateway Timeout */ +- log_info ("selecting a different host due to a %u (%s)", +- http_status, http_status2string (http_status)); +- retry = 1; ++ if (*extra_tries_left) ++ { ++ log_info ("selecting a different host due to a %u (%s)", ++ http_status, http_status2string (http_status)); ++ retry = 2; ++ } + break; + } + } +@@ -1377,8 +1386,16 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request, + break; + } + +- if (*tries_left) +- --*tries_left; ++ if (retry == 2) ++ { ++ if (*extra_tries_left) ++ --*extra_tries_left; ++ } ++ else ++ { ++ if (*tries_left) ++ --*tries_left; ++ } + + return retry; + } +@@ -1403,6 +1420,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, + char *httphost = NULL; + unsigned int http_status; + unsigned int tries = SEND_REQUEST_RETRIES; ++ unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; + + *r_fp = NULL; + +@@ -1484,7 +1502,8 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, + /* Send the request. */ + err = send_request (ctrl, request, hostport, httphost, httpflags, + NULL, NULL, &fp, &http_status); +- if (handle_send_request_error (ctrl, err, request, http_status, &tries)) ++ if (handle_send_request_error (ctrl, err, request, http_status, ++ &tries, &extra_tries)) + { + reselect = 1; + goto again; +@@ -1554,6 +1573,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) + unsigned int httpflags; + unsigned int http_status; + unsigned int tries = SEND_REQUEST_RETRIES; ++ unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; + + *r_fp = NULL; + +@@ -1626,7 +1646,8 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) + /* Send the request. */ + err = send_request (ctrl, request, hostport, httphost, httpflags, + NULL, NULL, &fp, &http_status); +- if (handle_send_request_error (ctrl, err, request, http_status, &tries)) ++ if (handle_send_request_error (ctrl, err, request, http_status, ++ &tries, &extra_tries)) + { + reselect = 1; + goto again; +@@ -1702,6 +1723,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) + unsigned int httpflags; + unsigned int http_status; + unsigned int tries = SEND_REQUEST_RETRIES; ++ unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; + + parm.datastring = NULL; + +@@ -1740,7 +1762,8 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) + /* Send the request. */ + err = send_request (ctrl, request, hostport, httphost, 0, + put_post_cb, &parm, &fp, &http_status); +- if (handle_send_request_error (ctrl, err, request, http_status, &tries)) ++ if (handle_send_request_error (ctrl, err, request, http_status, ++ &tries, &extra_tries)) + { + reselect = 1; + goto again; diff --git a/patches/from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch b/patches/from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch new file mode 100644 index 0000000..411ea39 --- /dev/null +++ b/patches/from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch @@ -0,0 +1,55 @@ +From: Werner Koch +Date: Wed, 3 Jul 2019 16:20:00 +0200 +Subject: dirmngr: Do not rewrite the redirection for the "openpgpkey" + subdomain. + +* dirmngr/http.c (same_host_p): Consider certain subdomains to be the +same. +-- + +GnuPG-bug-id: 4603 +Signed-off-by: Werner Koch +(cherry picked from commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36) +(cherry picked from commit c9b133a54e93b7f2365b5d6b1c39ec2cc6dac8f9) +--- + dirmngr/http.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 384f256..d2456c6 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -3533,6 +3533,10 @@ same_host_p (parsed_uri_t a, parsed_uri_t b) + { NULL, "api.protonmail.ch" }, + { "pm.me", "api.protonmail.ch" } + }; ++ static const char *subdomains[] = ++ { ++ "openpgpkey." ++ }; + int i; + const char *from; + +@@ -3554,6 +3558,22 @@ same_host_p (parsed_uri_t a, parsed_uri_t b) + return 1; + } + ++ /* Also consider hosts the same if they differ only in a subdomain; ++ * in both direction. This allows to have redirection between the ++ * WKD advanced and direct lookup methods. */ ++ for (i=0; i < DIM (subdomains); i++) ++ { ++ const char *subdom = subdomains[i]; ++ size_t subdomlen = strlen (subdom); ++ ++ if (!ascii_strncasecmp (a->host, subdom, subdomlen) ++ && !ascii_strcasecmp (a->host + subdomlen, b->host)) ++ return 1; ++ if (!ascii_strncasecmp (b->host, subdom, subdomlen) ++ && !ascii_strcasecmp (b->host + subdomlen, a->host)) ++ return 1; ++ } ++ + return 0; + } + diff --git a/patches/from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch b/patches/from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch new file mode 100644 index 0000000..5518865 --- /dev/null +++ b/patches/from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch @@ -0,0 +1,143 @@ +From: Werner Koch +Date: Wed, 3 Jul 2019 15:29:41 +0200 +Subject: dirmngr: Support the new WKD draft with the openpgpkey subdomain. + +* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain +method. + +-- +Also includes actual backport fix from +2c6d94702a676de9fadaaf003b9c80dc76c02f92 + +GnuPG-bug-id: 4590 +Signed-off-by: Werner Koch +(cherry picked from commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd) +(cherry picked from commit 458973f502b9a43ecf29e804a2c0c86e78f5927a) +--- + dirmngr/server.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 56 insertions(+), 8 deletions(-) + +diff --git a/dirmngr/server.c b/dirmngr/server.c +index 272b95a..5e8ea5e 100644 +--- a/dirmngr/server.c ++++ b/dirmngr/server.c +@@ -837,8 +837,11 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + gpg_error_t err = 0; + char *mbox = NULL; + char *domainbuf = NULL; +- char *domain; /* Points to mbox or domainbuf. */ +- char *domain_orig;/* Points to mbox. */ ++ char *domain; /* Points to mbox or domainbuf. This is used to ++ * connect to the host. */ ++ char *domain_orig;/* Points to mbox. This is the used for the ++ * query; i.e. the domain part of the ++ * addrspec. */ + char sha1buf[20]; + char *uri = NULL; + char *encodedhash = NULL; +@@ -847,6 +850,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + int is_wkd_query; /* True if this is a real WKD query. */ + int no_log = 0; + char portstr[20] = { 0 }; ++ int subdomain_mode = 0; + + opt_submission_addr = has_option (line, "--submission-address"); + opt_policy_flags = has_option (line, "--policy-flags"); +@@ -864,7 +868,8 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + *domain++ = 0; + domain_orig = domain; + +- /* First check whether we already know that the domain does not ++ ++ /* Let's check whether we already know that the domain does not + * support WKD. */ + if (is_wkd_query) + { +@@ -875,8 +880,41 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + } + } + +- /* Check for SRV records. */ +- if (1) ++ ++ /* First try the new "openpgp" subdomain. We check that the domain ++ * is valid because it is later used as an unescaped filename part ++ * of the URI. */ ++ if (is_valid_domain_name (domain_orig)) ++ { ++ dns_addrinfo_t aibuf; ++ ++ domainbuf = strconcat ( "openpgpkey.", domain_orig, NULL); ++ if (!domainbuf) ++ { ++ err = gpg_error_from_syserror (); ++ goto leave; ++ } ++ ++ /* FIXME: We should put a cache into dns-stuff because the same ++ * query (with a different port and socket type, though) will be ++ * done later by http function. */ ++ err = resolve_dns_name (domainbuf, 0, 0, 0, &aibuf, NULL); ++ if (err) ++ { ++ err = 0; ++ xfree (domainbuf); ++ domainbuf = NULL; ++ } ++ else /* Got a subdomain. */ ++ { ++ free_dns_addrinfo (aibuf); ++ subdomain_mode = 1; ++ domain = domainbuf; ++ } ++ } ++ ++ /* Check for SRV records unless we have a subdomain. */ ++ if (!subdomain_mode) + { + struct srventry *srvs; + unsigned int srvscount; +@@ -931,6 +969,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + xfree (srvs); + } + ++ /* Prepare the hash of the local part. */ + gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox)); + encodedhash = zb32_encode (sha1buf, 8*20); + if (!encodedhash) +@@ -944,7 +983,10 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + uri = strconcat ("https://", + domain, + portstr, +- "/.well-known/openpgpkey/submission-address", ++ "/.well-known/openpgpkey/", ++ subdomain_mode? domain_orig : "", ++ subdomain_mode? "/" : "", ++ "submission-address", + NULL); + } + else if (opt_policy_flags) +@@ -952,7 +994,10 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + uri = strconcat ("https://", + domain, + portstr, +- "/.well-known/openpgpkey/policy", ++ "/.well-known/openpgpkey/", ++ subdomain_mode? domain_orig : "", ++ subdomain_mode? "/" : "", ++ "policy", + NULL); + } + else +@@ -965,7 +1010,10 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line) + uri = strconcat ("https://", + domain, + portstr, +- "/.well-known/openpgpkey/hu/", ++ "/.well-known/openpgpkey/", ++ subdomain_mode? domain_orig : "", ++ subdomain_mode? "/" : "", ++ "hu/", + encodedhash, + "?l=", + escapedmbox, diff --git a/patches/from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch b/patches/from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch new file mode 100644 index 0000000..db0ab12 --- /dev/null +++ b/patches/from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch @@ -0,0 +1,46 @@ +From: Daniel Kahn Gillmor +Date: Tue, 11 Jun 2019 08:25:46 +0100 +Subject: dirmngr: fix handling of HTTPS redirections during HKP + +* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when +following a HTTP redirection. + +-- +inspired by patch from Damien Goutte-Gattat + +GnuPG-Bug_id: 4566 +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit efb6e08ea2ca1cf2d39135d94195802cd69b9ea6) +--- + dirmngr/ks-engine-hkp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index 3ebd651..9ca1cae 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -1174,6 +1174,7 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, + /* FIXME: I am not sure whey we allow a downgrade for hkp requests. + * Needs at least an explanation here.. */ + ++ once_more: + err = http_session_new (&session, httphost, + ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0) + | HTTP_FLAG_TRUST_DEF), +@@ -1183,7 +1184,6 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, + http_session_set_log_cb (session, cert_log_cb); + http_session_set_timeout (session, ctrl->timeout); + +- once_more: + err = http_open (&http, + post_cb? HTTP_REQ_POST : HTTP_REQ_GET, + request, +@@ -1263,6 +1263,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, + request = request_buffer; + http_close (http, 0); + http = NULL; ++ http_session_release (session); ++ session = NULL; + } + goto once_more; + diff --git a/patches/from-2.2.17/doc-wks.texi-fix-typo.patch b/patches/from-2.2.17/doc-wks.texi-fix-typo.patch new file mode 100644 index 0000000..f47d09d --- /dev/null +++ b/patches/from-2.2.17/doc-wks.texi-fix-typo.patch @@ -0,0 +1,23 @@ +From: Daniel Kahn Gillmor +Date: Tue, 28 May 2019 21:09:13 -0400 +Subject: doc/wks.texi: fix typo + +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit 175d194b5d6063895ecfcfed6ed2154e4a0d1421) +--- + doc/wks.texi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/wks.texi b/doc/wks.texi +index ced418a..536f1fe 100644 +--- a/doc/wks.texi ++++ b/doc/wks.texi +@@ -61,7 +61,7 @@ Service provider. This is usuallay done to upload a key into a Web + Key Directory. + + With the @option{--supported} command the caller can test whether a +-site supports the Web Key Service. The argument is an arbitray ++site supports the Web Key Service. The argument is an arbitrary + address in the to be tested domain. For example + @file{foo@@example.net}. The command returns success if the Web Key + Service is supported. The operation is silent; to get diagnostic diff --git a/patches/from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch b/patches/from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch new file mode 100644 index 0000000..f21f961 --- /dev/null +++ b/patches/from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch @@ -0,0 +1,59 @@ +From: Werner Koch +Date: Thu, 4 Jul 2019 15:45:39 +0200 +Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver + options. + +* g10/gpg.c (main): Change default. +-- + +Due to the DoS attack on the keyeservers we do not anymore default to +import key signatures. That makes the keyserver unsuable for getting +keys for the WoT but it still allows to retriev keys - even if that +takes long to download the large keyblocks. + +To revert to the old behavior add + + keyserver-optiions no-self-sigs-only,no-import-clean + +to gpg.conf. + +GnuPG-bug-id: 4607 +Signed-off-by: Werner Koch +(cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93) +(cherry picked from commit 2b7151b0a57f5fe7d67fd76dfa1ba7a8731642c6) +--- + doc/gpg.texi | 5 +++++ + g10/gpg.c | 4 +++- + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 5c3bd48..c8fb241 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1907,6 +1907,11 @@ are available for all keyserver types, some common options are: + + @end table + ++The default list of options is: "self-sigs-only, import-clean, ++repair-keys, repair-pks-subkey-bug, export-attributes, ++honor-pka-record". ++ ++ + @item --completes-needed @var{n} + @opindex compliant-needed + Number of completely trusted users to introduce a new +diff --git a/g10/gpg.c b/g10/gpg.c +index 0e98c1a..6e5e901 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2373,7 +2373,9 @@ main (int argc, char **argv) + opt.import_options = IMPORT_REPAIR_KEYS; + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS +- | IMPORT_REPAIR_PKS_SUBKEY_BUG); ++ | IMPORT_REPAIR_PKS_SUBKEY_BUG ++ | IMPORT_SELF_SIGS_ONLY ++ | IMPORT_CLEAN); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY diff --git a/patches/from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch b/patches/from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch new file mode 100644 index 0000000..2327a8d --- /dev/null +++ b/patches/from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch @@ -0,0 +1,27 @@ +From: Werner Koch +Date: Tue, 9 Jul 2019 11:13:51 +0200 +Subject: gpg: Do not try the import fallback if the options are already used. + +* g10/import.c (import_one): Check options. + +Signed-off-by: Werner Koch +(cherry picked from commit 3c2cf5ea952015a441ee5701c41dadc63be60d87) +--- + g10/import.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/g10/import.c b/g10/import.c +index d509c8c..12f8f28 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -2310,7 +2310,9 @@ import_one (ctrl_t ctrl, + from_sk, silent, screener, screener_arg, + origin, url, r_valid); + if (gpg_err_code (err) == GPG_ERR_TOO_LARGE +- && gpg_err_source (err) == GPG_ERR_SOURCE_KEYBOX) ++ && gpg_err_source (err) == GPG_ERR_SOURCE_KEYBOX ++ && ((options & (IMPORT_SELF_SIGS_ONLY | IMPORT_CLEAN)) ++ != (IMPORT_SELF_SIGS_ONLY | IMPORT_CLEAN))) + { + /* We hit the maximum image length. Ask the wrapper to do + * everything again but this time with some extra options. */ diff --git a/patches/from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch b/patches/from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch new file mode 100644 index 0000000..1f0c637 --- /dev/null +++ b/patches/from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch @@ -0,0 +1,222 @@ +From: Werner Koch +Date: Mon, 1 Jul 2019 21:53:55 +0200 +Subject: gpg: Fallback to import with self-sigs-only on too large keyblocks. + +* g10/import.c (import_one): Rename to ... +(import_one_real): this. Do not print and update stats on keyring +write errors. +(import_one): New. Add fallback code. +-- + +GnuPG-bug-id: 4591 +Signed-off-by: Werner Koch +(cherry picked from commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160) +(cherry picked from commit a1f2f38dfb2ba5ed66d3aef66fc3be9b67f9b800) +--- + g10/import.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++----------- + 1 file changed, 102 insertions(+), 22 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index a5b68e9..91222d2 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -128,6 +128,7 @@ static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, + static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, + u32 *keyid, unsigned int options); + static int any_uid_left (kbnode_t keyblock); ++static void remove_all_non_self_sigs (kbnode_t *keyblock, u32 *keyid); + static int merge_blocks (ctrl_t ctrl, unsigned int options, + kbnode_t keyblock_orig, + kbnode_t keyblock, u32 *keyid, +@@ -1765,12 +1766,12 @@ update_key_origin (kbnode_t keyblock, u32 curtime, int origin, const char *url) + * has valid parts. + */ + static gpg_error_t +-import_one (ctrl_t ctrl, +- kbnode_t keyblock, struct import_stats_s *stats, +- unsigned char **fpr, size_t *fpr_len, unsigned int options, +- int from_sk, int silent, +- import_screener_t screener, void *screener_arg, +- int origin, const char *url, int *r_valid) ++import_one_real (ctrl_t ctrl, ++ kbnode_t keyblock, struct import_stats_s *stats, ++ unsigned char **fpr, size_t *fpr_len, unsigned int options, ++ int from_sk, int silent, ++ import_screener_t screener, void *screener_arg, ++ int origin, const char *url, int *r_valid) + { + gpg_error_t err = 0; + PKT_public_key *pk; +@@ -1851,6 +1852,13 @@ import_one (ctrl_t ctrl, + return 0; + } + ++ /* Remove all non-self-sigs if requested. Noe that this is a NOP if ++ * that option has been globally set but we may also be called ++ * latter with the already parsed keyblock and a locally changed ++ * option. This is why we need to remove them here as well. */ ++ if ((options & IMPORT_SELF_SIGS_ONLY)) ++ remove_all_non_self_sigs (&keyblock, keyid); ++ + collapse_uids(&keyblock); + + /* Clean the key that we're about to import, to cut down on things +@@ -2053,22 +2061,25 @@ import_one (ctrl_t ctrl, + hd = NULL; + + /* We are ready. */ +- if (!opt.quiet && !silent) ++ if (!err && !opt.quiet && !silent) + { + char *p = get_user_id_byfpr_native (ctrl, fpr2); + log_info (_("key %s: public key \"%s\" imported\n"), + keystr(keyid), p); + xfree(p); + } +- if (is_status_enabled()) ++ if (!err && is_status_enabled()) + { + char *us = get_long_user_id_string (ctrl, keyid); + write_status_text( STATUS_IMPORTED, us ); + xfree(us); + print_import_ok (pk, 1); + } +- stats->imported++; +- new_key = 1; ++ if (!err) ++ { ++ stats->imported++; ++ new_key = 1; ++ } + } + else /* Key already exists - merge. */ + { +@@ -2138,8 +2149,10 @@ import_one (ctrl_t ctrl, + keydb_release (hd); + hd = NULL; + +- /* We are ready. */ +- if (!opt.quiet && !silent) ++ /* We are ready. Print and update stats if we got no error. ++ * An error here comes from writing the keyblock and thus ++ * very likely means that no update happened. */ ++ if (!err && !opt.quiet && !silent) + { + char *p = get_user_id_byfpr_native (ctrl, fpr2); + if (n_uids == 1 ) +@@ -2175,14 +2188,17 @@ import_one (ctrl_t ctrl, + xfree(p); + } + +- stats->n_uids +=n_uids; +- stats->n_sigs +=n_sigs; +- stats->n_subk +=n_subk; +- stats->n_sigs_cleaned +=n_sigs_cleaned; +- stats->n_uids_cleaned +=n_uids_cleaned; +- +- if (is_status_enabled () && !silent) +- print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0))); ++ if (!err) ++ { ++ stats->n_uids +=n_uids; ++ stats->n_sigs +=n_sigs; ++ stats->n_subk +=n_subk; ++ stats->n_sigs_cleaned +=n_sigs_cleaned; ++ stats->n_uids_cleaned +=n_uids_cleaned; ++ ++ if (is_status_enabled () && !silent) ++ print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0))); ++ } + } + else + { +@@ -2269,6 +2285,39 @@ import_one (ctrl_t ctrl, + } + + ++/* Wrapper around import_one_real to retry the import in some cases. */ ++static gpg_error_t ++import_one (ctrl_t ctrl, ++ kbnode_t keyblock, struct import_stats_s *stats, ++ unsigned char **fpr, size_t *fpr_len, unsigned int options, ++ int from_sk, int silent, ++ import_screener_t screener, void *screener_arg, ++ int origin, const char *url, int *r_valid) ++{ ++ gpg_error_t err; ++ ++ err = import_one_real (ctrl, keyblock, stats, fpr, fpr_len, options, ++ from_sk, silent, screener, screener_arg, ++ origin, url, r_valid); ++ if (gpg_err_code (err) == GPG_ERR_TOO_LARGE ++ && gpg_err_source (err) == GPG_ERR_SOURCE_KEYBOX) ++ { ++ /* We hit the maximum image length. Ask the wrapper to do ++ * everything again but this time with some extra options. */ ++ u32 keyid[2]; ++ ++ keyid_from_pk (keyblock->pkt->pkt.public_key, keyid); ++ log_info ("key %s: keyblock too large, retrying with self-sigs-only\n", ++ keystr (keyid)); ++ options |= IMPORT_SELF_SIGS_ONLY | IMPORT_CLEAN; ++ err = import_one_real (ctrl, keyblock, stats, fpr, fpr_len, options, ++ from_sk, silent, screener, screener_arg, ++ origin, url, r_valid); ++ } ++ return err; ++} ++ ++ + /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The + * function prints diagnostics and returns an error code. If BATCH is + * true the secret keys are stored by gpg-agent in the transfer format +@@ -2946,7 +2995,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, + /* The secret keyblock may not have nodes which are deleted in + * the public keyblock. Otherwise we would import just the + * secret key without having the public key. That would be +- * surprising and clutters out private-keys-v1.d. */ ++ * surprising and clutters our private-keys-v1.d. */ + err = resync_sec_with_pub_keyblock (&keyblock, pub_keyblock, &attic); + if (err) + goto leave; +@@ -3759,8 +3808,39 @@ any_uid_left (kbnode_t keyblock) + } + + ++/* Delete all non-self-sigs from KEYBLOCK. ++ * Returns: True if the keyblock has changed. */ ++static void ++remove_all_non_self_sigs (kbnode_t *keyblock, u32 *keyid) ++{ ++ kbnode_t node; ++ unsigned int dropped = 0; + +-/**************** ++ for (node = *keyblock; node; node = node->next) ++ { ++ if (is_deleted_kbnode (node)) ++ continue; ++ ++ if (node->pkt->pkttype != PKT_SIGNATURE) ++ continue; ++ ++ if (node->pkt->pkt.signature->keyid[0] == keyid[0] ++ && node->pkt->pkt.signature->keyid[1] == keyid[1]) ++ continue; ++ delete_kbnode (node); ++ dropped++; ++ } ++ ++ if (dropped) ++ commit_kbnode (keyblock); ++ ++ if (dropped && opt.verbose) ++ log_info ("key %s: number of dropped non-self-signatures: %u\n", ++ keystr (keyid), dropped); ++} ++ ++ ++/* + * It may happen that the imported keyblock has duplicated user IDs. + * We check this here and collapse those user IDs together with their + * sigs into one. diff --git a/patches/from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch b/patches/from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch new file mode 100644 index 0000000..5d34f80 --- /dev/null +++ b/patches/from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch @@ -0,0 +1,68 @@ +From: Werner Koch +Date: Tue, 9 Jul 2019 11:07:35 +0200 +Subject: gpg: Fix regression in option "self-sigs-only". + +* g10/import.c (read_block): Make sure KEYID is availabale also on a +pending packet. +-- + +Reported-by: Phil Pennock +Fixes-commit: adb120e663fc5e78f714976c6e42ae233c1990b0 +Signed-off-by: Werner Koch +(cherry picked from commit b6effaf4669b2c3707932e3c5f2f57df886d759e) +--- + g10/import.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/g10/import.c b/g10/import.c +index 91222d2..d509c8c 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -855,6 +855,7 @@ read_block( IOBUF a, unsigned int options, + kbnode_t root = NULL; + int in_cert, in_v3key, skip_sigs; + u32 keyid[2]; ++ int got_keyid = 0; + unsigned int dropped_nonselfsigs = 0; + + *r_v3keys = 0; +@@ -863,7 +864,11 @@ read_block( IOBUF a, unsigned int options, + { + root = new_kbnode( *pending_pkt ); + *pending_pkt = NULL; ++ log_assert (root->pkt->pkttype == PKT_PUBLIC_KEY ++ || root->pkt->pkttype == PKT_SECRET_KEY); + in_cert = 1; ++ keyid_from_pk (root->pkt->pkt.public_key, keyid); ++ got_keyid = 1; + } + else + in_cert = 0; +@@ -985,6 +990,7 @@ read_block( IOBUF a, unsigned int options, + goto x_default; + if (!(options & IMPORT_SELF_SIGS_ONLY)) + goto x_default; ++ log_assert (got_keyid); + if (pkt->pkt.signature->keyid[0] == keyid[0] + && pkt->pkt.signature->keyid[1] == keyid[1]) + { /* This is likely a self-signature. We import this one. +@@ -1007,6 +1013,11 @@ read_block( IOBUF a, unsigned int options, + + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: ++ if (!got_keyid) ++ { ++ keyid_from_pk (pkt->pkt.public_key, keyid); ++ got_keyid = 1; ++ } + if (in_cert) /* Store this packet. */ + { + *pending_pkt = pkt; +@@ -1014,7 +1025,6 @@ read_block( IOBUF a, unsigned int options, + goto ready; + } + in_cert = 1; +- keyid_from_pk (pkt->pkt.public_key, keyid); + goto x_default; + + default: diff --git a/patches/from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch b/patches/from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch new file mode 100644 index 0000000..fbfd648 --- /dev/null +++ b/patches/from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch @@ -0,0 +1,72 @@ +From: Werner Koch +Date: Mon, 1 Jul 2019 14:01:08 +0200 +Subject: gpg: Make read_block in import.c more flexible. + +* g10/import.c: Change arg 'with_meta' to 'options'. Change callers. +-- + +This chnage allows to pass more options to read_block. + +Signed-off-by: Werner Koch +(cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0) +--- + g10/import.c | 23 +++++++++++------------ + 1 file changed, 11 insertions(+), 12 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 3c8d0fe..6215d2b 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -102,7 +102,7 @@ static int import (ctrl_t ctrl, + unsigned char **fpr, size_t *fpr_len, unsigned int options, + import_screener_t screener, void *screener_arg, + int origin, const char *url); +-static int read_block (IOBUF a, int with_meta, ++static int read_block (IOBUF a, unsigned int options, + PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); + static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); + static gpg_error_t import_one (ctrl_t ctrl, +@@ -585,8 +585,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, + release_armor_context (afx); + } + +- while (!(rc = read_block (inp, !!(options & IMPORT_RESTORE), +- &pending_pkt, &keyblock, &v3keys))) ++ while (!(rc = read_block (inp, options, &pending_pkt, &keyblock, &v3keys))) + { + stats->v3keys += v3keys; + if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) +@@ -834,16 +833,16 @@ valid_keyblock_packet (int pkttype) + } + + +-/**************** +- * Read the next keyblock from stream A. +- * Meta data (ring trust packets) are only considered of WITH_META is set. +- * PENDING_PKT should be initialized to NULL and not changed by the caller. +- * Return: 0 = okay, -1 no more blocks or another errorcode. +- * The int at R_V3KEY counts the number of unsupported v3 +- * keyblocks. ++/* Read the next keyblock from stream A. Meta data (ring trust ++ * packets) are only considered if OPTIONS has the IMPORT_RESTORE flag ++ * set. PENDING_PKT should be initialized to NULL and not changed by ++ * the caller. ++ * ++ * Returns 0 for okay, -1 no more blocks, or any other errorcode. The ++ * integer at R_V3KEY counts the number of unsupported v3 keyblocks. + */ + static int +-read_block( IOBUF a, int with_meta, ++read_block( IOBUF a, unsigned int options, + PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys) + { + int rc; +@@ -866,7 +865,7 @@ read_block( IOBUF a, int with_meta, + pkt = xmalloc (sizeof *pkt); + init_packet (pkt); + init_parse_packet (&parsectx, a); +- if (!with_meta) ++ if (!(options & IMPORT_RESTORE)) + parsectx.skip_meta = 1; + in_v3key = 0; + skip_sigs = 0; diff --git a/patches/from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch b/patches/from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch new file mode 100644 index 0000000..e06e9b8 --- /dev/null +++ b/patches/from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch @@ -0,0 +1,136 @@ +From: Werner Koch +Date: Mon, 1 Jul 2019 15:14:59 +0200 +Subject: gpg: New import and keyserver option "self-sigs-only" + +* g10/options.h (IMPORT_SELF_SIGS_ONLY): New. +* g10/import.c (parse_import_options): Add option "self-sigs-only". +(read_block): Handle that option. +-- + +This option is intended to help against importing keys with many bogus +key-signatures. It has obvious drawbacks and is not a bullet-proof +solution because a self-signature can also be faked and would be +detected only later. + +GnuPG-bug-id: 4591 +Signed-off-by: Werner Koch + +(cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0) +(cherry picked from commit adb120e663fc5e78f714976c6e42ae233c1990b0) +--- + doc/gpg.texi | 8 ++++++++ + g10/import.c | 40 ++++++++++++++++++++++++++++++++++++++-- + g10/options.h | 1 + + 3 files changed, 47 insertions(+), 2 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 9853f69..ff2c0cf 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -2322,6 +2322,14 @@ opposite meaning. The options are: + on the keyring. This option is the same as running the @option{--edit-key} + command "clean" after import. Defaults to no. + ++ @item self-sigs-only ++ Accept only self-signatures while importing a key. All other ++ key-signatures are skipped at an early import stage. This option ++ can be used with @code{keyserver-options} to mitigate attempts to ++ flood a key with bogus signatures from a keyserver. The drawback is ++ that all other valid key-signatures, as required by the Web of Trust ++ are also not imported. ++ + @item repair-keys + After import, fix various problems with the + keys. For example, this reorders signatures, and strips duplicate +diff --git a/g10/import.c b/g10/import.c +index 6215d2b..a5b68e9 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -188,6 +188,9 @@ parse_import_options(char *str,unsigned int *options,int noisy) + {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, + N_("remove as much as possible from key after import")}, + ++ {"self-sigs-only", IMPORT_SELF_SIGS_ONLY, NULL, ++ N_("ignore key-signatures which are not self-signatures")}, ++ + {"import-export", IMPORT_EXPORT, NULL, + N_("run import filters and export key immediately")}, + +@@ -850,6 +853,8 @@ read_block( IOBUF a, unsigned int options, + PACKET *pkt; + kbnode_t root = NULL; + int in_cert, in_v3key, skip_sigs; ++ u32 keyid[2]; ++ unsigned int dropped_nonselfsigs = 0; + + *r_v3keys = 0; + +@@ -974,16 +979,43 @@ read_block( IOBUF a, unsigned int options, + init_packet(pkt); + break; + ++ case PKT_SIGNATURE: ++ if (!in_cert) ++ goto x_default; ++ if (!(options & IMPORT_SELF_SIGS_ONLY)) ++ goto x_default; ++ if (pkt->pkt.signature->keyid[0] == keyid[0] ++ && pkt->pkt.signature->keyid[1] == keyid[1]) ++ { /* This is likely a self-signature. We import this one. ++ * Eventually we should use the ISSUER_FPR to compare ++ * self-signatures, but that will work only for v5 keys ++ * which are currently not even deployed. ++ * Note that we do not do any crypto verify here because ++ * that would defeat this very mitigation of DoS by ++ * importing a key with a huge amount of faked ++ * key-signatures. A verification will be done later in ++ * the processing anyway. Here we want a cheap an early ++ * way to drop non-self-signatures. */ ++ goto x_default; ++ } ++ /* Skip this signature. */ ++ dropped_nonselfsigs++; ++ free_packet (pkt, &parsectx); ++ init_packet(pkt); ++ break; ++ + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: +- if (in_cert ) /* Store this packet. */ ++ if (in_cert) /* Store this packet. */ + { + *pending_pkt = pkt; + pkt = NULL; + goto ready; + } + in_cert = 1; +- /* fall through */ ++ keyid_from_pk (pkt->pkt.public_key, keyid); ++ goto x_default; ++ + default: + x_default: + if (in_cert && valid_keyblock_packet (pkt->pkttype)) +@@ -1012,6 +1044,10 @@ read_block( IOBUF a, unsigned int options, + free_packet (pkt, &parsectx); + deinit_parse_packet (&parsectx); + xfree( pkt ); ++ if (!rc && dropped_nonselfsigs && opt.verbose) ++ log_info ("key %s: number of dropped non-self-signatures: %u\n", ++ keystr (keyid), dropped_nonselfsigs); ++ + return rc; + } + +diff --git a/g10/options.h b/g10/options.h +index 782c0cb..4877a71 100644 +--- a/g10/options.h ++++ b/g10/options.h +@@ -354,6 +354,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; + #define IMPORT_RESTORE (1<<10) + #define IMPORT_REPAIR_KEYS (1<<11) + #define IMPORT_DRY_RUN (1<<12) ++#define IMPORT_SELF_SIGS_ONLY (1<<14) + + #define EXPORT_LOCAL_SIGS (1<<0) + #define EXPORT_ATTRIBUTES (1<<1) diff --git a/patches/from-2.2.17/spelling-Fix-synchronize.patch b/patches/from-2.2.17/spelling-Fix-synchronize.patch new file mode 100644 index 0000000..45e42ac --- /dev/null +++ b/patches/from-2.2.17/spelling-Fix-synchronize.patch @@ -0,0 +1,88 @@ +From: Daniel Kahn Gillmor +Date: Sun, 23 Jun 2019 20:17:05 -0400 +Subject: spelling: Fix "synchronize" + +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit 520f5d70e4128b61c30da2a463f6c34ca24b628e) +--- + NEWS | 2 +- + g10/cpr.c | 2 +- + kbx/keybox-blob.c | 4 ++-- + scd/app-openpgp.c | 2 +- + scd/ccid-driver.c | 2 +- + 5 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/NEWS b/NEWS +index 294709d..5728cdd 100644 +--- a/NEWS ++++ b/NEWS +@@ -2487,7 +2487,7 @@ Noteworthy changes in version 1.9.2 (2003-11-17) + command but from the menu provided by the new --card-edit command. + + * PINs are now properly cached and there are only 2 PINs visible. +- The 3rd PIN (CHV2) is internally syncronized with the regular PIN. ++ The 3rd PIN (CHV2) is internally synchronized with the regular PIN. + + * All kind of other internal stuff. + +diff --git a/g10/cpr.c b/g10/cpr.c +index 4354426..d40e0a7 100644 +--- a/g10/cpr.c ++++ b/g10/cpr.c +@@ -62,7 +62,7 @@ progress_cb (void *ctx, const char *what, int printchar, + + + /* Return true if the status message NO may currently be issued. We +- need this to avoid syncronisation problem while auto retrieving a ++ need this to avoid synchronization problem while auto retrieving a + key. There it may happen that a status NODATA is issued for a non + available key and the user may falsely interpret this has a missing + signature. */ +diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c +index 6874212..ac259ea 100644 +--- a/kbx/keybox-blob.c ++++ b/kbx/keybox-blob.c +@@ -116,7 +116,7 @@ + Note that this value matches TRUST_FLAG_REVOKED + - u16 RFU + - u32 Recheck_after +- - u32 Latest timestamp in the keyblock (useful for KS syncronsiation?) ++ - u32 Latest timestamp in the keyblock (useful for KS synchronization?) + - u32 Blob created at + - u32 [NRES] Size of reserved space (not including this field) + - bN Reserved space of size NRES for future use. +@@ -126,7 +126,7 @@ + - bN Space for the keyblock or certificate. + - bN RFU. This is the remaining space after keyblock and before + the checksum. It is not covered by the checksum. +- - b20 SHA-1 checksum (useful for KS syncronisation?) ++ - b20 SHA-1 checksum (useful for KS synchronization?) + Note, that KBX versions before GnuPG 2.1 used an MD5 + checksum. However it was only created but never checked. + Thus we do not expect problems if we switch to SHA-1. If +diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c +index e4a1fba..a1f8603 100644 +--- a/scd/app-openpgp.c ++++ b/scd/app-openpgp.c +@@ -640,7 +640,7 @@ count_bits (const unsigned char *a, size_t len) + Where FLAGS is a plain hexadecimal number representing flag values. + The lsb is here the rightmost bit. Defined flags bits are: + +- Bit 0 = CHV1 and CHV2 are not syncronized ++ Bit 0 = CHV1 and CHV2 are not synchronized + Bit 1 = CHV2 has been set to the default PIN of "123456" + (this implies that bit 0 is also set). + +diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c +index ae40f01..94cd8c2 100644 +--- a/scd/ccid-driver.c ++++ b/scd/ccid-driver.c +@@ -2952,7 +2952,7 @@ ccid_transceive_apdu_level (ccid_driver_t handle, + bit 7 1 + bit 6 1 + bit 5 clear=request,set=response +- bit 4..0 0 = resyncronisation request ++ bit 4..0 0 = resynchronization request + 1 = information field size request + 2 = abort request + 3 = extension of BWT request diff --git a/patches/from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch b/patches/from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch new file mode 100644 index 0000000..51f4826 --- /dev/null +++ b/patches/from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch @@ -0,0 +1,39 @@ +From: NIIBE Yutaka +Date: Mon, 1 Jul 2019 13:07:22 +0900 +Subject: tools: gpgconf: Killing order is children-first. + +* tools/gpgconf-comp.c (gc_component_kill): Reverse the order. + +-- + +Cherry-picked from master commit: + 7c877f942a344e7778005840ed7f3e20ace12f4a + +The order matters in a corner case; On a busy machine, there was a +race condition between gpg-agent's running KILLAGENT command and its +accepting incoming request on the socket. If a request by +gpg-connect-agent was accepted, it resulted an error by sudden +shutdown. This change of the order can remove such a race. + +Here, we know backend=0 is none. + +GnuPG-bug-id: 4577 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 526714806da4e50c8e683b25d76460916d58ff41) +--- + tools/gpgconf-comp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c +index 7f7440b..2875c92 100644 +--- a/tools/gpgconf-comp.c ++++ b/tools/gpgconf-comp.c +@@ -1367,7 +1367,7 @@ gc_component_kill (int component) + } + + /* Do the restart for the selected backends. */ +- for (backend = 0; backend < GC_BACKEND_NR; backend++) ++ for (backend = GC_BACKEND_NR-1; backend; backend--) + { + if (runtime[backend] && gc_backend[backend].runtime_change) + (*gc_backend[backend].runtime_change) (1); diff --git a/patches/from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch b/patches/from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch new file mode 100644 index 0000000..97f8df1 --- /dev/null +++ b/patches/from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch @@ -0,0 +1,32 @@ +From: NIIBE Yutaka +Date: Tue, 16 Jul 2019 10:10:52 +0900 +Subject: dirmngr: Don't add system CAs for SKS HKPS pool. + +* dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear +add_system_cas. + +-- + +Cherry-picking the master commit of: + 75e0ec65170b7053743406e3f3b605febcf7312a + +GnuPG-bug-id: 4594 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 58e234fbeb6cc5908b69a73e50428f02e584e504) +--- + dirmngr/http.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index d2456c6..1ba8e79 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -791,6 +791,8 @@ http_session_new (http_session_t *r_session, + pemname, gnutls_strerror (rc)); + xfree (pemname); + } ++ ++ add_system_cas = 0; + } + + /* Add configured certificates to the session. */ diff --git a/patches/from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch b/patches/from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch new file mode 100644 index 0000000..f129a23 --- /dev/null +++ b/patches/from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch @@ -0,0 +1,40 @@ +From: NIIBE Yutaka +Date: Wed, 10 Jul 2019 15:06:54 +0900 +Subject: gpg: Fix keyring retrieval. + +* g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append. + +-- + +Cherry-picking the master commit of: + a7a043e82555a9da984c6fb01bfec4990d904690 + +GnuPG-bug-id: 4592 +Signed-off-by: NIIBE Yutaka +(cherry picked from commit b7df72d3074b72cf8b537ac87416b6b719c1b1b7) +--- + g10/keyring.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/g10/keyring.c b/g10/keyring.c +index a8dd462..f424f94 100644 +--- a/g10/keyring.c ++++ b/g10/keyring.c +@@ -473,11 +473,14 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) + } + + in_cert = 1; +- node = lastnode = new_kbnode (pkt); ++ node = new_kbnode (pkt); + if (!keyblock) +- keyblock = node; ++ keyblock = lastnode = node; + else +- add_kbnode (keyblock, node); ++ { ++ lastnode->next = node; ++ lastnode = node; ++ } + switch (pkt->pkttype) + { + case PKT_PUBLIC_KEY: diff --git a/patches/from-2.2.18-prerelease/gpg-Improve-import-slowness.patch b/patches/from-2.2.18-prerelease/gpg-Improve-import-slowness.patch new file mode 100644 index 0000000..0fcad16 --- /dev/null +++ b/patches/from-2.2.18-prerelease/gpg-Improve-import-slowness.patch @@ -0,0 +1,77 @@ +From: NIIBE Yutaka +Date: Wed, 10 Jul 2019 15:42:07 +0900 +Subject: gpg: Improve import slowness. + +* g10/import.c (read_block): Avoid O(N^2) append. +(sec_to_pub_keyblock): Likewise. + +-- + +Cherry-picking the master commit of: + 33c17a8008c3ba3bb740069f9f97c7467f156b54 + +Signed-off-by: NIIBE Yutaka +(cherry picked from commit eb00a14f6d2de7c53487f39494c5cb9c0598fc96) +--- + g10/import.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 12f8f28..0a72a76 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -853,6 +853,7 @@ read_block( IOBUF a, unsigned int options, + struct parse_packet_ctx_s parsectx; + PACKET *pkt; + kbnode_t root = NULL; ++ kbnode_t lastnode = NULL; + int in_cert, in_v3key, skip_sigs; + u32 keyid[2]; + int got_keyid = 0; +@@ -862,7 +863,7 @@ read_block( IOBUF a, unsigned int options, + + if (*pending_pkt) + { +- root = new_kbnode( *pending_pkt ); ++ root = lastnode = new_kbnode( *pending_pkt ); + *pending_pkt = NULL; + log_assert (root->pkt->pkttype == PKT_PUBLIC_KEY + || root->pkt->pkttype == PKT_SECRET_KEY); +@@ -1032,9 +1033,12 @@ read_block( IOBUF a, unsigned int options, + if (in_cert && valid_keyblock_packet (pkt->pkttype)) + { + if (!root ) +- root = new_kbnode (pkt); ++ root = lastnode = new_kbnode (pkt); + else +- add_kbnode (root, new_kbnode (pkt)); ++ { ++ lastnode->next = new_kbnode (pkt); ++ lastnode = lastnode->next; ++ } + pkt = xmalloc (sizeof *pkt); + } + else +@@ -2636,6 +2640,7 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) + kbnode_t pub_keyblock = NULL; + kbnode_t ctx = NULL; + kbnode_t secnode, pubnode; ++ kbnode_t lastnode = NULL; + unsigned int tag = 0; + + /* Set a tag to all nodes. */ +@@ -2675,9 +2680,12 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) + pubnode->tag = secnode->tag; + + if (!pub_keyblock) +- pub_keyblock = pubnode; ++ pub_keyblock = lastnode = pubnode; + else +- add_kbnode (pub_keyblock, pubnode); ++ { ++ lastnode->next = pubnode; ++ lastnode = pubnode; ++ } + } + + return pub_keyblock; diff --git a/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch b/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch new file mode 100644 index 0000000..ac1abb2 --- /dev/null +++ b/patches/from-master/agent-Fix-cancellation-handling-for-scdaemon.patch @@ -0,0 +1,140 @@ +From: NIIBE Yutaka +Date: Wed, 20 Sep 2017 10:42:28 +0900 +Subject: agent: Fix cancellation handling for scdaemon. + +* agent/call-scd.c (cancel_inquire): Remove. +(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey) +(agent_card_scd): Don't call cancel_inquire. + +-- + +Since libassuan 2.1.0, cancellation command "CAN" is handled within +the library, by assuan_transact. So, cancel_inquire just caused +spurious "CAN" command to scdaemon which resulted an error. + +Signed-off-by: NIIBE Yutaka +(cherry picked from commit 9f5e50e7c85aa8b847d38010241ed570ac114fc3) +--- + agent/call-scd.c | 41 ----------------------------------------- + 1 file changed, 41 deletions(-) + +diff --git a/agent/call-scd.c b/agent/call-scd.c +index bf7732b..e852c0d 100644 +--- a/agent/call-scd.c ++++ b/agent/call-scd.c +@@ -89,7 +89,6 @@ struct inq_needpin_parm_s + const char *getpin_cb_desc; + assuan_context_t passthru; /* If not NULL, pass unknown inquiries + up to the caller. */ +- int any_inq_seen; + + /* The next fields are used by inq_writekey_parm. */ + const unsigned char *keydata; +@@ -729,7 +728,6 @@ inq_needpin (void *opaque, const char *line) + size_t pinlen; + int rc; + +- parm->any_inq_seen = 1; + if ((s = has_leading_keyword (line, "NEEDPIN"))) + { + line = s; +@@ -813,30 +811,6 @@ hash_algo_option (int algo) + } + + +-static gpg_error_t +-cancel_inquire (ctrl_t ctrl, gpg_error_t rc) +-{ +- gpg_error_t oldrc = rc; +- +- /* The inquire callback was called and transact returned a +- cancel error. We assume that the inquired process sent a +- CANCEL. The passthrough code is not able to pass on the +- CANCEL and thus scdaemon would stuck on this. As a +- workaround we send a CANCEL now. */ +- rc = assuan_write_line (ctrl->scd_local->ctx, "CAN"); +- if (!rc) { +- char *line; +- size_t len; +- +- rc = assuan_read_line (ctrl->scd_local->ctx, &line, &len); +- if (!rc) +- rc = oldrc; +- } +- +- return rc; +-} +- +- + /* Create a signature using the current card. MDALGO is either 0 or + * gives the digest algorithm. DESC_TEXT is an additional parameter + * passed to GETPIN_CB. */ +@@ -877,7 +851,6 @@ agent_card_pksign (ctrl_t ctrl, + inqparm.getpin_cb_arg = getpin_cb_arg; + inqparm.getpin_cb_desc = desc_text; + inqparm.passthru = 0; +- inqparm.any_inq_seen = 0; + inqparm.keydata = NULL; + inqparm.keydatalen = 0; + +@@ -890,9 +863,6 @@ agent_card_pksign (ctrl_t ctrl, + put_membuf_cb, &data, + inq_needpin, &inqparm, + NULL, NULL); +- if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || +- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) +- rc = cancel_inquire (ctrl, rc); + + if (rc) + { +@@ -976,7 +946,6 @@ agent_card_pkdecrypt (ctrl_t ctrl, + inqparm.getpin_cb_arg = getpin_cb_arg; + inqparm.getpin_cb_desc = desc_text; + inqparm.passthru = 0; +- inqparm.any_inq_seen = 0; + inqparm.keydata = NULL; + inqparm.keydatalen = 0; + snprintf (line, DIM(line), "PKDECRYPT %s", keyid); +@@ -984,9 +953,6 @@ agent_card_pkdecrypt (ctrl_t ctrl, + put_membuf_cb, &data, + inq_needpin, &inqparm, + padding_info_cb, r_padding); +- if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || +- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) +- rc = cancel_inquire (ctrl, rc); + + if (rc) + { +@@ -1113,15 +1079,11 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, + parms.getpin_cb_arg = getpin_cb_arg; + parms.getpin_cb_desc= NULL; + parms.passthru = 0; +- parms.any_inq_seen = 0; + parms.keydata = keydata; + parms.keydatalen = keydatalen; + + rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL, + inq_writekey_parms, &parms, NULL, NULL); +- if (parms.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || +- gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) +- rc = cancel_inquire (ctrl, rc); + return unlock_scd (ctrl, rc); + } + +@@ -1346,7 +1308,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, + inqparm.getpin_cb_arg = getpin_cb_arg; + inqparm.getpin_cb_desc = NULL; + inqparm.passthru = assuan_context; +- inqparm.any_inq_seen = 0; + inqparm.keydata = NULL; + inqparm.keydatalen = 0; + +@@ -1356,8 +1317,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, + pass_data_thru, assuan_context, + inq_needpin, &inqparm, + pass_status_thru, assuan_context); +- if (inqparm.any_inq_seen && gpg_err_code(rc) == GPG_ERR_ASS_CANCELED) +- rc = cancel_inquire (ctrl, rc); + + assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag); + if (rc) diff --git a/patches/from-master/g10-Fix-garbled-status-messages-in-NOTATION_DATA.patch b/patches/from-master/g10-Fix-garbled-status-messages-in-NOTATION_DATA.patch new file mode 100644 index 0000000..9b91a76 --- /dev/null +++ b/patches/from-master/g10-Fix-garbled-status-messages-in-NOTATION_DATA.patch @@ -0,0 +1,47 @@ +From: Werner Koch +Date: Tue, 14 Jun 2022 11:33:27 +0200 +Subject: g10: Fix garbled status messages in NOTATION_DATA + +* g10/cpr.c (write_status_text_and_buffer): Fix off-by-one +-- + +Depending on the escaping and line wrapping the computed remaining +buffer length could be wrong. Fixed by always using a break to +terminate the escape detection loop. Might have happened for all +status lines which may wrap. + +GnuPG-bug-id: T6027 +(cherry picked from commit 34c649b3601383cd11dbc76221747ec16fd68e1b) +--- + g10/cpr.c | 13 ++++--------- + 1 file changed, 4 insertions(+), 9 deletions(-) + +diff --git a/g10/cpr.c b/g10/cpr.c +index d40e0a7..6a88e9d 100644 +--- a/g10/cpr.c ++++ b/g10/cpr.c +@@ -304,20 +304,15 @@ write_status_text_and_buffer (int no, const char *string, + } + first = 0; + } +- for (esc=0, s=buffer, n=len; n && !esc; s++, n--) ++ for (esc=0, s=buffer, n=len; n; s++, n--) + { + if (*s == '%' || *(const byte*)s <= lower_limit + || *(const byte*)s == 127 ) + esc = 1; + if (wrap && ++count > wrap) +- { +- dowrap=1; +- break; +- } +- } +- if (esc) +- { +- s--; n++; ++ dowrap=1; ++ if (esc || dowrap) ++ break; + } + if (s != buffer) + es_fwrite (buffer, s-buffer, 1, statusfp); diff --git a/patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch b/patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch new file mode 100644 index 0000000..58207c2 --- /dev/null +++ b/patches/from-master/gpg-default-to-3072-bit-RSA-keys.patch @@ -0,0 +1,116 @@ +From: Daniel Kahn Gillmor +Date: Thu, 7 Sep 2017 18:41:10 -0400 +Subject: gpg: default to 3072-bit RSA keys. + +* agent/command.c (hlp_genkey): update help text to suggest the use of +3072 bits. +* doc/wks.texi: Make example match default generation. +* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to +rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment, +(gen_rsa, get_keysize_range): update default from 2048 to 3072). +* g10/keyid.c (pubkey_string): update comment so that first example +is the default 3072-bit RSA. + +-- + +3072-bit RSA is widely considered to be 128-bit-equivalent security. +This is a sensible default in 2017. + +Signed-off-by: Daniel Kahn Gillmor + +(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c) +--- + agent/command.c | 2 +- + doc/wks.texi | 4 ++-- + g10/keygen.c | 9 ++++----- + g10/keyid.c | 4 ++-- + 4 files changed, 9 insertions(+), 10 deletions(-) + +diff --git a/agent/command.c b/agent/command.c +index adb2c00..60eb6ad 100644 +--- a/agent/command.c ++++ b/agent/command.c +@@ -843,7 +843,7 @@ static const char hlp_genkey[] = + "\n" + " C: GENKEY\n" + " S: INQUIRE KEYPARAM\n" +- " C: D (genkey (rsa (nbits 2048)))\n" ++ " C: D (genkey (rsa (nbits 3072)))\n" + " C: END\n" + " S: D (public-key\n" + " S: D (rsa (n 326487324683264) (e 10001)))\n" +diff --git a/doc/wks.texi b/doc/wks.texi +index d6798b1..5fe2a33 100644 +--- a/doc/wks.texi ++++ b/doc/wks.texi +@@ -404,10 +404,10 @@ the submission address: + The output of the last command looks similar to this: + + @example +- sec rsa2048 2016-08-30 [SC] ++ sec rsa3072 2016-08-30 [SC] + C0FCF8642D830C53246211400346653590B3795B + uid [ultimate] key-submission@@example.net +- ssb rsa2048 2016-08-30 [E] ++ ssb rsa3072 2016-08-30 [E] + @end example + + Take the fingerprint from that output and manually publish the key: +diff --git a/g10/keygen.c b/g10/keygen.c +index ed57d5d..492c65f 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -46,11 +46,10 @@ + #include "../common/mbox-util.h" + + +-/* The default algorithms. If you change them remember to change them +- also in gpg.c:gpgconf_list. You should also check that the value ++/* The default algorithms. If you change them, you should ensure the value + is inside the bounds enforced by ask_keysize and gen_xxx. See also + get_keysize_range which encodes the allowed ranges. */ +-#define DEFAULT_STD_KEY_PARAM "rsa2048/cert,sign+rsa2048/encr" ++#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr" + #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" + + /* When generating keys using the streamlined key generation dialog, +@@ -1648,7 +1647,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, + + if (nbits < 1024) + { +- nbits = 2048; ++ nbits = 3072; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } + else if (nbits > maxsize) +@@ -2117,7 +2116,7 @@ get_keysize_range (int algo, unsigned int *min, unsigned int *max) + default: + *min = opt.compliance == CO_DE_VS ? 2048: 1024; + *max = 4096; +- def = 2048; ++ def = 3072; + break; + } + +diff --git a/g10/keyid.c b/g10/keyid.c +index 5b868cd..af9be07 100644 +--- a/g10/keyid.c ++++ b/g10/keyid.c +@@ -73,7 +73,7 @@ pubkey_letter( int algo ) + is copied to the supplied buffer up a length of BUFSIZE-1. + Examples for the output are: + +- "rsa2048" - RSA with 2048 bit ++ "rsa3072" - RSA with 3072 bit + "elg1024" - Elgamal with 1024 bit + "ed25519" - ECC using the curve Ed25519. + "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". +@@ -83,7 +83,7 @@ pubkey_letter( int algo ) + If the option --legacy-list-mode is active, the output use the + legacy format: + +- "2048R" - RSA with 2048 bit ++ "3072R" - RSA with 3072 bit + "1024g" - Elgamal with 1024 bit + "256E" - ECDSA using a curve with 256 bit + diff --git a/patches/from-master/gpg-default-to-AES-256.patch b/patches/from-master/gpg-default-to-AES-256.patch new file mode 100644 index 0000000..4b93103 --- /dev/null +++ b/patches/from-master/gpg-default-to-AES-256.patch @@ -0,0 +1,35 @@ +From: Daniel Kahn Gillmor +Date: Thu, 7 Sep 2017 19:04:00 -0400 +Subject: gpg: default to AES-256. + +* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default. + +-- + +It's 2017, and pretty much everyone has AES-256 available. Symmetric +crypto is also rarely the bottleneck (asymmetric crypto is much more +expensive). AES-256 provides some level of protection against +large-scale decryption efforts, and longer key lengths provide a hedge +against unforseen cryptanalysis. + +Signed-off-by: Daniel Kahn Gillmor +(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa) +--- + g10/main.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/g10/main.h b/g10/main.h +index 389a557..6f93de9 100644 +--- a/g10/main.h ++++ b/g10/main.h +@@ -31,7 +31,9 @@ + (i.e. uncompressed) rather than 1 (zip). However, the real world + issues of speed and size come into play here. */ + +-#if GPG_USE_AES128 ++#if GPG_USE_AES256 ++# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES256 ++#elif GPG_USE_AES128 + # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES + #elif GPG_USE_CAST5 + # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 diff --git a/patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch b/patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch new file mode 100644 index 0000000..285241d --- /dev/null +++ b/patches/gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch @@ -0,0 +1,93 @@ +From: Daniel Kahn Gillmor +Date: Tue, 1 Nov 2016 00:45:23 -0400 +Subject: agent: Allow threads to interrupt main select loop with SIGCONT. + +* agent/gpg-agent.c (interrupt_main_thread_loop): New function on +non-windows platforms, allows other threads to interrupt the main loop +if there's something that the main loop might be interested in. + +-- + +For example, the main loop might be interested in changes in program +state that affect the timers it expects to see. + +I don't know how to do this on Windows platforms, but i welcome any +proposed improvements. + +Signed-off-by: Daniel Kahn Gillmor +--- + agent/agent.h | 1 + + agent/gpg-agent.c | 18 +++++++++++++++++- + 2 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/agent/agent.h b/agent/agent.h +index 2b045f8..97ac15d 100644 +--- a/agent/agent.h ++++ b/agent/agent.h +@@ -361,6 +361,7 @@ void *get_agent_scd_notify_event (void); + #endif + void agent_sighup_action (void); + int map_pk_openpgp_to_gcry (int openpgp_algo); ++void interrupt_main_thread_loop (void); + + /*-- command.c --*/ + gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid, +diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c +index f9c0163..b2ce51f 100644 +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -417,6 +417,9 @@ static int have_homedir_inotify; + * works reliable. */ + static int reliable_homedir_inotify; + ++/* Record the pid of the main thread, for easier signalling */ ++static pid_t main_thread_pid = (pid_t)(-1); ++ + /* Number of active connections. */ + static int active_connections; + +@@ -2123,7 +2126,7 @@ get_agent_scd_notify_event (void) + GetCurrentProcess(), &h2, + EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) + { +- log_error ("setting syncronize for scd notify event failed: %s\n", ++ log_error ("setting synchronize for scd notify event failed: %s\n", + w32_strerror (-1) ); + CloseHandle (h); + } +@@ -2469,6 +2472,10 @@ handle_signal (int signo) + agent_sigusr2_action (); + break; + ++ /* nothing to do here, just take an extra cycle on the select loop */ ++ case SIGCONT: ++ break; ++ + case SIGTERM: + if (!shutdown_pending) + log_info ("SIGTERM received - shutting down ...\n"); +@@ -2807,6 +2814,13 @@ start_connection_thread_ssh (void *arg) + } + + ++void interrupt_main_thread_loop (void) ++{ ++#ifndef HAVE_W32_SYSTEM ++ kill (main_thread_pid, SIGCONT); ++#endif ++} ++ + /* helper function for readability: test whether a given struct + timespec is set to all-zeros */ + static inline int +@@ -2876,8 +2890,10 @@ handle_connections (gnupg_fd_t listen_fd, + npth_sigev_add (SIGUSR1); + npth_sigev_add (SIGUSR2); + npth_sigev_add (SIGINT); ++ npth_sigev_add (SIGCONT); + npth_sigev_add (SIGTERM); + npth_sigev_fini (); ++ main_thread_pid = getpid (); + #else + # ifdef HAVE_W32CE_SYSTEM + /* Use a dummy event. */ diff --git a/patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch b/patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch new file mode 100644 index 0000000..b264457 --- /dev/null +++ b/patches/gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch @@ -0,0 +1,26 @@ +From: Daniel Kahn Gillmor +Date: Tue, 1 Nov 2016 00:57:44 -0400 +Subject: agent: Avoid scheduled checks on socket when inotify is working. + +* agent/gpg-agent.c (handle_connections): When inotify is working, we +do not need to schedule a timer to evaluate whether we control our own +socket or not. + +Signed-off-by: Daniel Kahn Gillmor +--- + agent/gpg-agent.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c +index 5bdbbbe..d68b5ad 100644 +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -3043,6 +3043,8 @@ handle_connections (gnupg_fd_t listen_fd, + + /* avoid a fine-grained timer if we don't need one: */ + timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0; ++ /* avoid waking up to check sockets if we can count on inotify */ ++ timertbl[1].interval.tv_sec = (sock_inotify_fd == -1) ? CHECK_OWN_SOCKET_INTERVAL : 0; + + /* loop through all timers, fire any registered functions, and + plan next timer to trigger */ diff --git a/patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch b/patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch new file mode 100644 index 0000000..8fe1f3a --- /dev/null +++ b/patches/gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch @@ -0,0 +1,101 @@ +From: Daniel Kahn Gillmor +Date: Tue, 1 Nov 2016 00:14:10 -0400 +Subject: agent: Avoid tight timer tick when possible. + +* agent/gpg-agent.c (need_tick): Evaluate whether the short-phase +handle_tick() is needed. +(handle_connections): On each cycle of the select loop, adjust whether +we should call handle_tick() or not. +(start_connection_thread_ssh, do_start_connection_thread): Signal the +main loop when the child terminates. +* agent/call-scd.c (start_scd): Call interrupt_main_thread_loop() once +the scdaemon thread context has started up. + +-- + +With this change, an idle gpg-agent that has no scdaemon running only +wakes up once a minute (to check_own_socket). + +Thanks to Ian Jackson and NIIBE Yutaka who helped me improve some of +the blocking and corner cases. + +Signed-off-by: Daniel Kahn Gillmor +--- + agent/call-scd.c | 2 ++ + agent/gpg-agent.c | 29 +++++++++++++++++++++++++++-- + 2 files changed, 29 insertions(+), 2 deletions(-) + +diff --git a/agent/call-scd.c b/agent/call-scd.c +index 16139fd..bf7732b 100644 +--- a/agent/call-scd.c ++++ b/agent/call-scd.c +@@ -415,6 +415,8 @@ start_scd (ctrl_t ctrl) + + primary_scd_ctx = ctx; + primary_scd_ctx_reusable = 0; ++ /* notify the main loop that something has changed */ ++ interrupt_main_thread_loop (); + + leave: + xfree (abs_homedir); +diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c +index b2ce51f..5bdbbbe 100644 +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -2376,6 +2376,26 @@ create_directories (void) + } + + ++static int ++need_tick (void) ++{ ++#ifdef HAVE_W32_SYSTEM ++ /* We do not know how to interrupt the select loop on Windows, so we ++ always need a short tick there. */ ++ return 1; ++#else ++ /* if we were invoked like "gpg-agent cmd arg1 arg2" then we need to ++ watch our parent. */ ++ if (parent_pid != (pid_t)(-1)) ++ return 1; ++ /* if scdaemon is running, we need to check that it's alive */ ++ if (agent_scd_check_running ()) ++ return 1; ++ /* otherwise, nothing fine-grained to do. */ ++ return 0; ++#endif /*HAVE_W32_SYSTEM*/ ++} ++ + + /* This is the worker for the ticker. It is called every few seconds + and may only do fast operations. */ +@@ -2729,7 +2749,8 @@ do_start_connection_thread (ctrl_t ctrl) + + agent_deinit_default_ctrl (ctrl); + xfree (ctrl); +- active_connections--; ++ if (--active_connections == 0) ++ interrupt_main_thread_loop(); + return NULL; + } + +@@ -2809,7 +2830,8 @@ start_connection_thread_ssh (void *arg) + + agent_deinit_default_ctrl (ctrl); + xfree (ctrl); +- active_connections--; ++ if (--active_connections == 0) ++ interrupt_main_thread_loop(); + return NULL; + } + +@@ -3019,6 +3041,9 @@ handle_connections (gnupg_fd_t listen_fd, + thus a simple assignment is fine to copy the entire set. */ + read_fdset = fdset; + ++ /* avoid a fine-grained timer if we don't need one: */ ++ timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0; ++ + /* loop through all timers, fire any registered functions, and + plan next timer to trigger */ + npth_clock_gettime (&curtime); diff --git a/patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch b/patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch new file mode 100644 index 0000000..bb2c0c0 --- /dev/null +++ b/patches/gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch @@ -0,0 +1,191 @@ +From: Daniel Kahn Gillmor +Date: Mon, 31 Oct 2016 21:27:36 -0400 +Subject: agent: Create framework of scheduled timers. + +agent/gpg-agent.c (handle_tick): Remove intermittent call to +check_own_socket. +(tv_is_set): Add inline helper function for readability. +(handle_connections) Create general table of pending scheduled +timeouts. + +-- + +handle_tick() does fine-grained, rapid activity. check_own_socket() +is supposed to happen at a different interval. + +Mixing the two of them makes it a requirement that one interval be a +multiple of the other, which isn't ideal if there are different delay +strategies that we might want in the future. + +Creating an extensible regular timer framework in handle_connections +should make it possible to have any number of cadenced timers fire +regularly, without requiring that they happen in cadences related to +each other. + +It should also make it possible to dynamically change the cadence of +any regularly-scheduled timeout. + +Signed-off-by: Daniel Kahn Gillmor +--- + agent/gpg-agent.c | 84 +++++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 57 insertions(+), 27 deletions(-) + +diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c +index 591f4fd..f9c0163 100644 +--- a/agent/gpg-agent.c ++++ b/agent/gpg-agent.c +@@ -2379,12 +2379,8 @@ create_directories (void) + static void + handle_tick (void) + { +- static time_t last_minute; + struct stat statbuf; + +- if (!last_minute) +- last_minute = time (NULL); +- + /* Check whether the scdaemon has died and cleanup in this case. */ + agent_scd_check_aliveness (); + +@@ -2404,15 +2400,6 @@ handle_tick (void) + } + #endif /*HAVE_W32_SYSTEM*/ + +- /* Code to be run from time to time. */ +-#if CHECK_OWN_SOCKET_INTERVAL > 0 +- if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL)) +- { +- check_own_socket (); +- last_minute = time (NULL); +- } +-#endif +- + /* Need to check for expired cache entries. */ + agent_cache_housekeeping (); + +@@ -2820,6 +2807,15 @@ start_connection_thread_ssh (void *arg) + } + + ++/* helper function for readability: test whether a given struct ++ timespec is set to all-zeros */ ++static inline int ++tv_is_set (struct timespec tv) ++{ ++ return tv.tv_sec || tv.tv_nsec; ++} ++ ++ + /* Connection handler loop. Wait for connection requests and spawn a + thread after accepting a connection. */ + static void +@@ -2837,9 +2833,11 @@ handle_connections (gnupg_fd_t listen_fd, + gnupg_fd_t fd; + int nfd; + int saved_errno; ++ int idx; + struct timespec abstime; + struct timespec curtime; + struct timespec timeout; ++ struct timespec *select_timeout; + #ifdef HAVE_W32_SYSTEM + HANDLE events[2]; + unsigned int events_set; +@@ -2856,6 +2854,14 @@ handle_connections (gnupg_fd_t listen_fd, + { "browser", start_connection_thread_browser }, + { "ssh", start_connection_thread_ssh } + }; ++ struct { ++ struct timespec interval; ++ void (*func) (void); ++ struct timespec next; ++ } timertbl[] = { ++ { { TIMERTICK_INTERVAL, 0 }, handle_tick }, ++ { { CHECK_OWN_SOCKET_INTERVAL, 0 }, check_own_socket } ++ }; + + + ret = npth_attr_init(&tattr); +@@ -2963,9 +2969,6 @@ handle_connections (gnupg_fd_t listen_fd, + listentbl[2].l_fd = listen_fd_browser; + listentbl[3].l_fd = listen_fd_ssh; + +- npth_clock_gettime (&abstime); +- abstime.tv_sec += TIMERTICK_INTERVAL; +- + for (;;) + { + /* Shutdown test. */ +@@ -3000,18 +3003,46 @@ handle_connections (gnupg_fd_t listen_fd, + thus a simple assignment is fine to copy the entire set. */ + read_fdset = fdset; + ++ /* loop through all timers, fire any registered functions, and ++ plan next timer to trigger */ + npth_clock_gettime (&curtime); +- if (!(npth_timercmp (&curtime, &abstime, <))) +- { +- /* Timeout. */ +- handle_tick (); +- npth_clock_gettime (&abstime); +- abstime.tv_sec += TIMERTICK_INTERVAL; +- } +- npth_timersub (&abstime, &curtime, &timeout); ++ abstime.tv_sec = abstime.tv_nsec = 0; ++ for (idx=0; idx < DIM(timertbl); idx++) ++ { ++ /* schedule any unscheduled timers */ ++ if ((!tv_is_set (timertbl[idx].next)) && tv_is_set (timertbl[idx].interval)) ++ npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next); ++ /* if a timer is due, fire it ... */ ++ if (tv_is_set (timertbl[idx].next)) ++ { ++ if (!(npth_timercmp (&curtime, &timertbl[idx].next, <))) ++ { ++ timertbl[idx].func (); ++ npth_clock_gettime (&curtime); ++ /* ...and reschedule it, if desired: */ ++ if (tv_is_set (timertbl[idx].interval)) ++ npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next); ++ else ++ timertbl[idx].next.tv_sec = timertbl[idx].next.tv_nsec = 0; ++ } ++ } ++ /* accumulate next timer to come due in abstime: */ ++ if (tv_is_set (timertbl[idx].next) && ++ ((!tv_is_set (abstime)) || ++ (npth_timercmp (&abstime, &timertbl[idx].next, >)))) ++ abstime = timertbl[idx].next; ++ } ++ /* choose a timeout for the select loop: */ ++ if (tv_is_set (abstime)) ++ { ++ npth_timersub (&abstime, &curtime, &timeout); ++ select_timeout = &timeout; ++ } ++ else ++ select_timeout = NULL; + + #ifndef HAVE_W32_SYSTEM +- ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, ++ ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, select_timeout, + npth_sigev_sigmask ()); + saved_errno = errno; + +@@ -3021,7 +3052,7 @@ handle_connections (gnupg_fd_t listen_fd, + handle_signal (signo); + } + #else +- ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, ++ ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, select_timeout, + events, &events_set); + saved_errno = errno; + +@@ -3066,7 +3097,6 @@ handle_connections (gnupg_fd_t listen_fd, + + if (!shutdown_pending) + { +- int idx; + ctrl_t ctrl; + npth_t thread; + diff --git a/patches/import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch b/patches/import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch new file mode 100644 index 0000000..ced7570 --- /dev/null +++ b/patches/import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -0,0 +1,32 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:43 +0200 +Subject: gpg: accept subkeys with a good revocation but no self-sig during + import + +* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we +encounter a valid revocation signature. This allows import of subkey +revocation signatures, even in the absence of a corresponding subkey +binding signature. + +-- + +This fixes the remaining test in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/import.c b/g10/import.c +index cddb7c2..cf978e8 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -3619,6 +3619,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) + /* It's valid, so is it newer? */ + if (sig->timestamp >= rsdate) + { ++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ + if (rsnode) + { + /* Delete the last revocation sig since diff --git a/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 0000000..4b82a7f --- /dev/null +++ b/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,106 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 0a72a76..cddb7c2 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1801,7 +1801,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1838,14 +1837,6 @@ import_one_real (ctrl_t ctrl, + log_printf ("\n"); + } + +- +- if (!uidnode ) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -1920,17 +1911,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- { +- if (!silent) +- { +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -1940,24 +1924,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2015,6 +1986,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/patches/import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch b/patches/import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch new file mode 100644 index 0000000..37ddeea --- /dev/null +++ b/patches/import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch @@ -0,0 +1,201 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:41 +0200 +Subject: tests: add test cases for import without uid + +This commit adds a test case that does the following, in order: +- Import of a primary key plus user id +- Check that import of a subkey works, without a user id present in the +imported key +- Check that import of a subkey revocation works, without a user id or +subkey binding signature present in the imported key +- Check that import of a primary key revocation works, without a user id +present in the imported key + +-- + +Note that this test currently fails. The following changesets will +fix gpg so that the tests pass. + +GnuPG-Bug-id: 4393 +Signed-Off-By: Daniel Kahn Gillmor +--- + tests/openpgp/Makefile.am | 1 + + tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ + .../import-incomplete/primary+revocation.asc | 9 +++ + .../primary+subkey+sub-revocation.asc | 10 ++++ + .../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ + .../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ + tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ + 7 files changed, 118 insertions(+) + create mode 100755 tests/openpgp/import-incomplete.scm + create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc + +diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am +index f6014c9..6423da1 100644 +--- a/tests/openpgp/Makefile.am ++++ b/tests/openpgp/Makefile.am +@@ -78,6 +78,7 @@ XTESTS = \ + gpgv-forged-keyring.scm \ + armor.scm \ + import.scm \ ++ import-incomplete.scm \ + import-revocation-certificate.scm \ + ecc.scm \ + 4gb-packet.scm \ +diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm +new file mode 100755 +index 0000000..727a027 +--- /dev/null ++++ b/tests/openpgp/import-incomplete.scm +@@ -0,0 +1,68 @@ ++#!/usr/bin/env gpgscm ++ ++;; Copyright (C) 2016 g10 Code GmbH ++;; ++;; This file is part of GnuPG. ++;; ++;; GnuPG is free software; you can redistribute it and/or modify ++;; it under the terms of the GNU General Public License as published by ++;; the Free Software Foundation; either version 3 of the License, or ++;; (at your option) any later version. ++;; ++;; GnuPG is distributed in the hope that it will be useful, ++;; but WITHOUT ANY WARRANTY; without even the implied warranty of ++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++;; GNU General Public License for more details. ++;; ++;; You should have received a copy of the GNU General Public License ++;; along with this program; if not, see . ++ ++(load (in-srcdir "tests" "openpgp" "defs.scm")) ++(setup-environment) ++ ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) ++ ++(info "Test import of new subkey, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of a subkey revocation, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:r:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of revocation, from a certificate without uid") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "pub:r:") ++ (string-contains? line "0843DA969AA8DAFB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ +diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc +new file mode 100644 +index 0000000..6b7b608 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+revocation.asc +@@ -0,0 +1,9 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [E] primary key, revocation signature over primary (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ ++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 ++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== ++=tM90 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +new file mode 100644 +index 0000000..83a51a5 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [D] primary key, subkey, subkey revocation (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ ++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= ++=dwx2 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +new file mode 100644 +index 0000000..dc47a02 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [B] primary key, subkey, subkey binding sig (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR ++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= ++=xuDu ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc +new file mode 100644 +index 0000000..134607d +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 ++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu ++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN ++9ohXOEBWvdJgVv2YAg== ++=KWIK ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc +new file mode 100644 +index 0000000..055f300 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [A] primary key, user ID, and self-sig expiring in 2021 ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja +++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI ++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= ++=1eII ++-----END PGP PUBLIC KEY BLOCK----- diff --git a/patches/keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch b/patches/keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch new file mode 100644 index 0000000..1ee45e9 --- /dev/null +++ b/patches/keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch @@ -0,0 +1,69 @@ +From: Daniel Kahn Gillmor +Date: Thu, 11 Jul 2019 21:52:11 -0400 +Subject: Use hkps://keys.openpgp.org as the default keyserver + +As of 2.2.17, GnuPG will refuse to accept any third-party +certifications from OpenPGP certificates pulled from the keyserver +network. + +The SKS keyserver network currently has at least a dozen popular +certificates which are flooded with enough unusable third-party +certifications that they cannot be retrieved in any reasonable amount +of time. + +The hkps://keys.openpgp.org keyserver installation offers HKPS, +performs cryptographic validation, and by policy does not distribute +third-party certifications anyway. + +It is not distributed or federated yet, unfortunately, but it is +functional, which is more than can be said for the dying SKS pool. +And given that GnuPG is going to reject all the third-party +certifications anyway, there is no clear "web of trust" rationale for +relying on the SKS pool. + +One sticking point is that keys.openpgp.org does not distribute user +IDs unless the user has proven control of the associated e-mail +address. This means that on standard upstream GnuPG, retrieving +revocations or subkey updates of those certificates will fail, because +upstream GnuPG ignores any incoming certificate without a user ID, +even if it knows a user ID in the local copy of the certificate (see +https://dev.gnupg.org/T4393). + +However, we have three patches in +debian/patches/import-merge-without-userid/ that together fix that +bug. + +Signed-off-by: Daniel Kahn Gillmor + +(cherry picked from commit 59e8aac9d6f2ee322a753373013032bbb13e3eb3) +--- + configure.ac | 2 +- + doc/dirmngr.texi | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8c68cb8..d601356 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1870,7 +1870,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon", + AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr", + [The name of the dirmngr socket]) + AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER, +- "hkps://hkps.pool.sks-keyservers.net", ++ "hkps://keys.openpgp.org", + [The default keyserver for dirmngr to use, if none is explicitly given]) + + AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix]) +diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi +index 8e6cbc6..d79447f 100644 +--- a/doc/dirmngr.texi ++++ b/doc/dirmngr.texi +@@ -328,7 +328,7 @@ whether Tor is locally running or not. The check for a running Tor is + done for each new connection. + + If no keyserver is explicitly configured, dirmngr will use the +-built-in default of hkps://hkps.pool.sks-keyservers.net. ++built-in default of hkps://keys.openpgp.org. + + @item --nameserver @var{ipaddr} + @opindex nameserver diff --git a/patches/keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/patches/keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch new file mode 100644 index 0000000..32a4945 --- /dev/null +++ b/patches/keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch @@ -0,0 +1,31 @@ +From: Daniel Kahn Gillmor +Date: Sun, 30 Jun 2019 11:54:35 -0400 +Subject: dirmngr: Only use SKS pool CA for SKS pool + +* dirmngr/http.c (http_session_new): when checking whether the +keyserver is the HKPS pool, check specifically against the pool name, +as ./configure might have been used to select a different default +keyserver. It makes no sense to apply Kristian's certificate +authority to anything other than the literal host +hkps.pool.sks-keyservers.net. + +Signed-off-by: Daniel Kahn Gillmor + +(cherry picked from commit 3233382068b7c477907daac697164b81ae45a7f4) +--- + dirmngr/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dirmngr/http.c b/dirmngr/http.c +index 1ba8e79..869e146 100644 +--- a/dirmngr/http.c ++++ b/dirmngr/http.c +@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, + + is_hkps_pool = (intended_hostname + && !ascii_strcasecmp (intended_hostname, +- get_default_keyserver (1))); ++ "hkps.pool.sks-keyservers.net")); + + /* If the user has not specified a CA list, and they are looking + * for the hkps pool from sks-keyservers.net, then default to diff --git a/patches/keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch b/patches/keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch new file mode 100644 index 0000000..5c74ab3 --- /dev/null +++ b/patches/keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch @@ -0,0 +1,51 @@ +From: Daniel Kahn Gillmor +Date: Mon, 15 Jul 2019 16:24:35 -0400 +Subject: gpg: drop import-clean from default keyserver import options + +* g10/gpg.c (main): drop IMPORT_CLEAN from the +default opt.keyserver_options.import_options +* doc/gpg.texi: reflect this change in the documentation + +Given that SELF_SIGS_ONLY is already set, it's not clear what +additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN +means that receiving an OpenPGP certificate from a keyserver will +potentially delete data that is otherwise held in the local keyring, +which is surprising to users who expect retrieval from the keyservers +to be purely additive. + +GnuPG-Bug-Id: 4628 +Signed-off-by: Daniel Kahn Gillmor + +(cherry picked from commit 84bce011aaa2db19f10c1f763110e840c7b7019f) +--- + doc/gpg.texi | 2 +- + g10/gpg.c | 3 +-- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index c8fb241..0f13589 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1907,7 +1907,7 @@ are available for all keyserver types, some common options are: + + @end table + +-The default list of options is: "self-sigs-only, import-clean, ++The default list of options is: "self-sigs-only, + repair-keys, repair-pks-subkey-bug, export-attributes, + honor-pka-record". + +diff --git a/g10/gpg.c b/g10/gpg.c +index 6e5e901..f05a493 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2374,8 +2374,7 @@ main (int argc, char **argv) + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS + | IMPORT_REPAIR_PKS_SUBKEY_BUG +- | IMPORT_SELF_SIGS_ONLY +- | IMPORT_CLEAN); ++ | IMPORT_SELF_SIGS_ONLY); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..e0ee341 --- /dev/null +++ b/patches/series @@ -0,0 +1,100 @@ +debian-packaging/avoid-beta-warning.patch +debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch +block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch +dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch +dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch +dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch +gpg-agent-idling/agent-Create-framework-of-scheduled-timers.patch +gpg-agent-idling/agent-Allow-threads-to-interrupt-main-select-loop-wi.patch +gpg-agent-idling/agent-Avoid-tight-timer-tick-when-possible.patch +gpg-agent-idling/agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch +from-master/gpg-default-to-3072-bit-RSA-keys.patch +from-master/gpg-default-to-AES-256.patch +from-master/agent-Fix-cancellation-handling-for-scdaemon.patch +update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch +update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch +Make-gpg-zip-use-tar-from-PATH.patch +fix-spelling.patch +from-2.2.13/wks-Do-not-use-compression-for-the-encrypted-data.patch +from-2.2.13/Silence-compiler-warnings-new-with-gcc-8.patch +from-2.2.13/gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch +from-2.2.13/doc-Mark-keyserver-options-timeout-and-http-proxy-as-obso.patch +from-2.2.13/gpg-Allow-generating-Ed25519-key-from-an-existing-key.patch +from-2.2.13/dirmngr-Fix-initialization-of-assuan-s-nPth-hook.patch +from-2.2.13/agent-Clear-bogus-pinentry-cache-when-it-causes-an-error.patch +from-2.2.13/gpg-Emit-an-ERROR-status-if-no-key-was-found-with-list-ke.patch +from-2.2.14/common-Fix-gnupg_wait_processes.patch +from-2.2.14/scd-Distinguish-cancel-by-user-and-protocol-error.patch +from-2.2.14/gpg-Fix-comparison.patch +from-2.2.14/gpgscm-Build-well-even-if-NDEBUG-defined.patch +from-2.2.14/agent-Fix-for-suggested-Libgcrypt-use.patch +from-2.2.14/gpgsm-default-to-3072-bit-keys.patch +from-2.2.14/sm-Don-t-mark-a-cert-as-de-vs-compliant-if-it-leads-to-SH.patch +from-2.2.14/gpgv-Improve-documentation-for-keyring-choices.patch +from-2.2.14/agent-Support-mode-ssh-option-for-CLEAR_PASSPHRASE.patch +from-2.2.14/tests-Add-disable-scdaemon-in-gpg-agent.conf.patch +from-2.2.14/sm-Print-Yubikey-attestation-extensions-with-dump-cert.patch +from-2.2.14/gpg-Make-invalid-primary-key-algos-obvious-in-key-listing.patch +from-2.2.14/dirmngr-Add-CSRF-protection-exception-for-protonmail.patch +from-2.2.14/gpg-During-secret-key-import-print-sec-instead-of-pub.patch +from-2.2.14/tests-Add-sample-secret-key-w-o-binding-signatures.patch +from-2.2.14/gpg-Avoid-importing-secret-keys-if-the-keyblock-is-not-va.patch +from-2.2.14/gpg-Allow-import-of-PGP-desktop-exported-secret-keys.patch +from-2.2.14/gpg-Do-not-bail-out-on-v5-keys-in-the-local-keyring.patch +from-2.2.15/doc-fix-formatting-error.patch +from-2.2.15/wkd-New-command-print-wkd-hash-for-gpg-wks-client.patch +from-2.2.15/doc-Clarify-option-no-keyring.patch +from-2.2.15/wkd-New-command-print-wkd-url-for-gpg-wks-client.patch +from-2.2.15/agent-Allow-other-ssh-fingerprint-algos-in-KEYINFO.patch +from-2.2.15/sm-Allow-decryption-even-if-expired-other-keys-are-config.patch +from-2.2.16/gpg-Don-t-use-EdDSA-algo-ID-for-ECDSA-curves.patch +from-2.2.16/g10-Fix-symmetric-cipher-algo-constant-for-ECDH.patch +from-2.2.16/dirmngr-Better-error-code-for-http-status-413.patch +from-2.2.16/gpg-Set-a-limit-of-5-to-the-number-of-keys-imported-from-.patch +from-2.2.16/gpg-Accept-also-armored-data-from-the-WKD.patch +from-2.2.16/g10-Fix-double-free-when-locating-by-mbox.patch +from-2.2.16/gpg-Use-just-the-addrspec-from-the-Signer-s-UID.patch +from-2.2.16/doc-Minor-doc-fix-to-dirmngr.patch +from-2.2.16/dirmngr-Add-a-CSRF-expection-for-pm.me.patch +from-2.2.16/doc-correct-documentation-for-gpgconf-kill.patch +from-2.2.16/gpg-Change-update_keysig_packet-to-replace-SHA-1-by-SHA-2.patch +from-2.2.16/g10-Fix-possible-null-dereference.patch +from-2.2.16/gpg-Do-not-print-a-hint-to-use-the-deprecated-keyserver-o.patch +from-2.2.16/doc-Minor-edit-for-a-gpg-option.patch +from-2.2.16/agent-correct-length-for-uri-and-comment-on-64-bit-big-en.patch +from-2.2.16/gpgconf-Support-homedir-for-launch.patch +from-2.2.16/gpg-enable-OpenPGP-export-of-cleartext-keys-with-comments.patch +from-2.2.16/doc-Do-not-mention-gpg-s-deprecated-keyserver-option.patch +from-2.2.16/gpgconf-Before-launch-check-that-the-config-file-is-fine.patch +from-2.2.16/gpg-Do-not-delete-any-keys-if-dry-run-is-passed.patch +from-2.2.16/agent-For-SSH-key-don-t-put-NUL-byte-at-the-end.patch +from-2.2.16/gpg-Do-not-allow-creation-of-user-ids-larger-than-our-par.patch +from-2.2.16/gpg-Do-not-bail-on-an-invalid-packet-in-the-local-keyring.patch +from-2.2.16/agent-Stop-scdaemon-after-reload-when-disable_scdaemon.patch +from-2.2.16/gpg-Allow-deletion-of-subkeys-with-delete-secret-key.patch +from-2.2.16/dirmngr-Allow-for-other-hash-algorithms-than-SHA-1-in-OCS.patch +from-2.2.17/doc-wks.texi-fix-typo.patch +from-2.2.17/Return-better-error-code-for-some-getinfo-IPC-commands.patch +from-2.2.17/spelling-Fix-synchronize.patch +from-2.2.17/tools-gpgconf-Killing-order-is-children-first.patch +from-2.2.17/gpg-Make-read_block-in-import.c-more-flexible.patch +from-2.2.17/gpg-New-import-and-keyserver-option-self-sigs-only.patch +from-2.2.17/gpg-Fallback-to-import-with-self-sigs-only-on-too-large-k.patch +from-2.2.17/dirmngr-Support-the-new-WKD-draft-with-the-openpgpkey-sub.patch +from-2.2.17/Mention-sender-in-documentation.patch +from-2.2.17/dirmngr-Do-not-rewrite-the-redirection-for-the-openpgpkey.patch +from-2.2.17/dirmngr-Avoid-endless-loop-in-case-of-HTTP-error-503.patch +from-2.2.17/gpg-Add-self-sigs-only-and-import-clean-to-the-keyserver-.patch +from-2.2.17/dirmngr-fix-handling-of-HTTPS-redirections-during-HKP.patch +from-2.2.17/gpg-Fix-regression-in-option-self-sigs-only.patch +from-2.2.17/gpg-Do-not-try-the-import-fallback-if-the-options-are-alr.patch +from-2.2.18-prerelease/gpg-Fix-keyring-retrieval.patch +from-2.2.18-prerelease/gpg-Improve-import-slowness.patch +from-2.2.18-prerelease/dirmngr-Don-t-add-system-CAs-for-SKS-HKPS-pool.patch +keyserver-cleanup/dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch +keyserver-cleanup/gpg-drop-import-clean-from-default-keyserver-import-optio.patch +keyserver-cleanup/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch +import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch +import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch +import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch +from-master/g10-Fix-garbled-status-messages-in-NOTATION_DATA.patch diff --git a/patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch b/patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch new file mode 100644 index 0000000..97580e8 --- /dev/null +++ b/patches/update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch @@ -0,0 +1,64 @@ +From: Daniel Kahn Gillmor +Date: Thu, 7 Sep 2017 18:49:35 -0400 +Subject: gpg: Default to SHA-512 for all signature types on RSA keys. + +* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in +--gnupg mode (leave strict RFC and PGP modes alone). +* configure.ac: Do not allow disabling sha512. +* g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512. + +-- + +SHA512 is more performant on most 64-bit platforms than SHA256, and +offers a better security margin. It is also widely implemented. + +Signed-off-by: Daniel Kahn Gillmor +--- + configure.ac | 2 +- + g10/main.h | 2 +- + g10/misc.c | 5 +---- + 3 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index b5a72e6..8c68cb8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -317,7 +317,7 @@ GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash]) + GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash]) + # SHA256 is a MUST algorithm for GnuPG. + GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash]) +-GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash]) ++# SHA512 is a MUST algorithm for GnuPG. + + + # Allow disabling of zip support. +diff --git a/g10/main.h b/g10/main.h +index 6f93de9..dcd3767 100644 +--- a/g10/main.h ++++ b/g10/main.h +@@ -41,7 +41,7 @@ + # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES + #endif + +-#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) ++#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA512:DIGEST_ALGO_SHA1) + #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1 + #ifdef HAVE_ZIP + # define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP +diff --git a/g10/misc.c b/g10/misc.c +index 9780969..86baff9 100644 +--- a/g10/misc.c ++++ b/g10/misc.c +@@ -743,11 +743,8 @@ map_md_openpgp_to_gcry (digest_algo_t algo) + case DIGEST_ALGO_SHA384: return 0; + #endif + +-#ifdef GPG_USE_SHA512 + case DIGEST_ALGO_SHA512: return GCRY_MD_SHA512; +-#else +- case DIGEST_ALGO_SHA512: return 0; +-#endif ++ + default: return 0; + } + } diff --git a/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch b/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch new file mode 100644 index 0000000..fb7bdba --- /dev/null +++ b/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch @@ -0,0 +1,46 @@ +From: Daniel Kahn Gillmor +Date: Wed, 3 Jan 2018 12:34:26 -0500 +Subject: gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences. + +* g10/keygen.c (keygen_set_std_prefs): prefer SHA-512 +and SHA-384 by default. + +-- + +In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the +defaults for --default-preference-list to advertise a preference for +SHA-512, without touching --personal-digest-preferences. This makes +the same change for --personal-digest-preferences, since every modern +OpenPGP library supports them all. + +Signed-off-by: Daniel Kahn Gillmor +--- + g10/keygen.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/g10/keygen.c b/g10/keygen.c +index 492c65f..a8333b0 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -386,16 +386,16 @@ keygen_set_std_prefs (const char *string,int personal) + if (personal) + { + /* The default internal hash algo order is: +- * SHA-256, SHA-384, SHA-512, SHA-224, SHA-1. ++ * SHA-512, SHA-384, SHA-256, SHA-224, SHA-1. + */ +- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) +- strcat (dummy_string, "H8 "); ++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) ++ strcat (dummy_string, "H10 "); + + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) + strcat (dummy_string, "H9 "); + +- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) +- strcat (dummy_string, "H10 "); ++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) ++ strcat (dummy_string, "H8 "); + } + else + { diff --git a/rules b/rules new file mode 100755 index 0000000..30f22d9 --- /dev/null +++ b/rules @@ -0,0 +1,89 @@ +#!/usr/bin/make -f +# debian/rules file - for GnuPG +# Copyright 1994,1995 by Ian Jackson. +# Copyright 1998-2003 by James Troup. +# Copyright 2003-2004 by Matthias Urlichs. +# +# I hereby give you perpetual unlimited permission to copy, +# modify and relicense this file, provided that you do not remove +# my name from the file itself. (I assert my moral right of +# paternity under the Copyright, Designs and Patents Act 1988.) +# This file may have to be extensively modified + +include /usr/share/dpkg/architecture.mk + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# avoid -pie for gpgv-static on kfreebsd-amd64, and x32 +# platforms, which cannot support it by default: +ifeq (,$(filter $(DEB_HOST_ARCH), kfreebsd-amd64 x32)) +GPGV_STATIC_HARDENING = "-pie" +else +GPGV_STATIC_HARDENING = "" +endif + +# Avoid parallel tests on hppa and riscv64 architecture. +# Parallel tests generates high load on machine which causes timeouts and thus +# triggers unexpected failures. +ifeq (,$(filter $(DEB_HOST_ARCH), hppa riscv64)) +AUTOTEST_FLAGS = "--parallel" +else +AUTOTEST_FLAGS = "--no-parallel" +endif + +%: + dh $@ --with=autoreconf --builddirectory=build + +GPGV_UDEB_UNNEEDED = gpgtar bzip2 gpgsm scdaemon dirmngr doc tofu exec ldap gnutls sqlite libdns + +WIN32_FLAGS=LDFLAGS="-Xlinker --no-insert-timestamp -static" CFLAGS="-g -Os" CPPFLAGS= + +override_dh_auto_configure: + dh_auto_configure --builddirectory=build-gpgv-udeb -- \ + $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) + dh_auto_configure --builddirectory=build-maintainer -- \ + --enable-maintainer-mode \ + $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) + dh_auto_configure --builddirectory=build -- --libexecdir=\$${prefix}/lib/gnupg \ + --enable-wks-tools \ + --enable-all-tests \ + --with-agent-s2k-calibration=300 \ + --enable-symcryptrun --enable-large-secmem + +override_dh_auto_build-arch: + dh_auto_build --builddirectory=build-gpgv-udeb + dh_auto_build --builddirectory=build + dh_auto_build --builddirectory=build-maintainer + cp -a build-gpgv-udeb build-gpgv-static + rm -f build-gpgv-static/g10/gpgv + cd build-gpgv-static/g10 && $(MAKE) LDFLAGS="$$LDFLAGS $(GPGV_STATIC_HARDENING) -static" gpgv + mv build-gpgv-static/g10/gpgv build-gpgv-static/g10/gpgv-static + +override_dh_auto_build-indep: + mkdir -p build-gpgv-win32 + cd build-gpgv-win32 && $(WIN32_FLAGS) ../configure \ + $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) \ + $(foreach x, libgpg-error libgcrypt libassuan ksba npth, --with-$x-prefix=/usr/i686-w64-mingw32) \ + --enable-gpg2-is-gpg \ + --with-zlib=/usr/i686-w64-mingw \ + --prefix=/usr/i686-w64-mingw32 \ + --host i686-w64-mingw32 + cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libcommon.a + cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libgpgrl.a + cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libsimple-pwquery.a + cd build-gpgv-win32/kbx && $(WIN32_FLAGS) $(MAKE) libkeybox.a + cd build-gpgv-win32/g10 && $(WIN32_FLAGS) $(MAKE) gpgv.exe + strip build-gpgv-win32/g10/gpgv.exe + + +override_dh_auto_test: + dh_auto_test --builddirectory=build -- verbose=3 TESTFLAGS=$(AUTOTEST_FLAGS) + +override_dh_shlibdeps: +# Make ldap a recommends rather than a hard dependency. + dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr* + dh_shlibdeps -Ndirmngr + +# visualizations of package dependencies: +debian/%.png: debian/%.dot + dot -T png -o $@ $< diff --git a/scdaemon.examples b/scdaemon.examples new file mode 100644 index 0000000..29f41a8 --- /dev/null +++ b/scdaemon.examples @@ -0,0 +1 @@ +doc/examples/scd-event diff --git a/scdaemon.install b/scdaemon.install new file mode 100644 index 0000000..5b7bd35 --- /dev/null +++ b/scdaemon.install @@ -0,0 +1,2 @@ +debian/org.gnupg.scdaemon.metainfo.xml usr/share/metainfo +debian/tmp/usr/lib/gnupg/scdaemon diff --git a/scdaemon.manpages b/scdaemon.manpages new file mode 100644 index 0000000..9efee23 --- /dev/null +++ b/scdaemon.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man1/scdaemon.1 diff --git a/scdaemon.udev b/scdaemon.udev new file mode 100644 index 0000000..c992e4a --- /dev/null +++ b/scdaemon.udev @@ -0,0 +1,65 @@ +# do not edit this file, it will be overwritten on update + +SUBSYSTEM!="usb", GOTO="gnupg_rules_end" +ACTION!="add", GOTO="gnupg_rules_end" + +# USB SmartCard Readers +## Cherry GmbH (XX33, ST2000) +SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and SPR532) +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Omnikey AG (CardMan 3821, CardMan 6121) +SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Gemalto +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Reiner (SCT cyberJack) +SUBSYSTEM=="usb", ATTR{idVendor}=="0c4b", ATTR{idProduct}=="0500", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Kobil (KAAN) +SUBSYSTEM=="usb", ATTR{idVendor}=="0d46", ATTR{idProduct}=="2012", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## VASCO (DIGIPASS 920) +SUBSYSTEM=="usb", ATTR{idVendor}=="1a44", ATTR{idProduct}=="0920", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Crypto Stick +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Nitrokey +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Gnuk Token +SUBSYSTEM=="usb", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Alcor Micro Corp cardreader (in ThinkPad X250) +SUBSYSTEM=="usb", ATTR{idVendor}=="058f", ATTR{idProduct}=="9540", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Fujitsu Siemens +SUBSYSTEM=="usb", ATTR{idVendor}=="0bf8", ATTR{idProduct}=="1006", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Yubico +# Yubikey NEO OTP+CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey NEO CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0112", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey NEO U2F+CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey NEO OTP+U2F+CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0404", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 OTP+CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0405", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 U2F+CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +# Yubikey 4 OTP+U2F+CCID +SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0407", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +## Trustica Cryptoucan +SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", ATTR{idProduct}=="81e6", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + +LABEL="gnupg_rules_end" diff --git a/simplified-package-dependencies.dot b/simplified-package-dependencies.dot new file mode 100644 index 0000000..2edb3fb --- /dev/null +++ b/simplified-package-dependencies.dot @@ -0,0 +1,43 @@ +#!/usr/bin/dot + +# interrelationships between binary packages produced by gnupg2 source +# package, if we were to move to the simplified package structure: + +# it would be good to graph the external dependencies as well. + +digraph gnupg2 { + # odd-duck packages: + node [shape=box]; + gpgv_udeb [label="gpgv-udeb"]; + gpgv_static [label="gpgv-static"]; + gpgv_win32 [label="gpgv-win32"]; + + # meta-packages, transitional packages: + node [shape=diamond]; + gnupg_agent [label="gnupg-agent"]; + gnupg2; + gpgv2; + gpgsm; + dirmngr; + + node [shape=ellipse]; + gnupg_l10n [label="gnupg-l10n"]; + + # depends: + edge [color=black]; + scdaemon -> gnupg; + gnupg2 -> gnupg; + gnupg_agent -> gnupg; + gpgsm -> gnupg; + dirmngr -> gnupg; + gpgv2 -> gpgv; + + # recommends: + edge [color=red]; + gnupg -> gnupg_l10n; + gnupg -> gpgv; + + # suggests: + edge [color=blue]; + gpgv -> gnupg; +} diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/source/lintian-overrides b/source/lintian-overrides new file mode 100644 index 0000000..14caca0 --- /dev/null +++ b/source/lintian-overrides @@ -0,0 +1,2 @@ +# doc merely references / cites IETF RFC: +gnupg2 source: license-problem-non-free-RFC doc/OpenPGP diff --git a/systemd-environment-generator/90gpg-agent b/systemd-environment-generator/90gpg-agent new file mode 100755 index 0000000..38fea9c --- /dev/null +++ b/systemd-environment-generator/90gpg-agent @@ -0,0 +1,10 @@ +#!/bin/bash + +# Author: rufo +# See https://bugs.debian.org/855868 + +if [ -n "$(gpgconf --list-options gpg-agent | \ + awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then + echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) + echo GSM_SKIP_SSH_AGENT_WORKAROUND=true +fi diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..7f84c8b --- /dev/null +++ b/tests/control @@ -0,0 +1,11 @@ +Tests: gpgv-win32 +Depends: gpgv-win32, gnupg2, gpgv2, wine32, diffutils +Restrictions: allow-stderr, skip-not-installable + +Tests: simple-tests +Depends: gnupg2, gpgv2 +Restrictions: allow-stderr + +Tests: migration +Depends: gpg, gnupg1, gnupg-utils, debian-archive-keyring, diffutils +Restrictions: allow-stderr diff --git a/tests/gpgv-win32 b/tests/gpgv-win32 new file mode 100755 index 0000000..035c060 --- /dev/null +++ b/tests/gpgv-win32 @@ -0,0 +1,34 @@ +#!/bin/bash + +set -e + +export GNUPGHOME=$(mktemp -d) +gpgargs=(--batch --quiet --pinentry-mode=loopback --passphrase '' --with-colons) + +# Generate a minimal signing key: +gpg "${gpgargs[@]}" --quick-gen-key 'Test key for gpgv-win32 ' + +gpg "${gpgargs[@]}" -o "$GNUPGHOME/key.gpg" --export test-key@example.com + +# Sign this very script +rm -f "${0}.gpg" +gpg "${gpgargs[@]}" --output "${0}.gpg" --detach-sign "${0}" + +# Verify using gpgv +gpgv --quiet --status-fd 3 3> native.status --keyring "$GNUPGHOME/key.gpg" "${0}.gpg" "${0}" + +WINE=/usr/lib/wine/wine +export WINESERVER=/usr/lib/wine/wineserver32 + +# Verify using gpgv.exe (using --status-fd 1 because i don't know how +# to pass a non-standard file descriptor into wine) +"$WINE" /usr/share/win32/gpgv.exe --quiet --status-fd 1 > win32.status --keyring "Z://${GNUPGHOME}/key.gpg" "${0}.gpg" "${0}" + +# convert to unix newlines if necessary: +sed -i 's/\r$//' win32.status + +diff -u native.status win32.status + +head -v win32.status + +rm -rf "$GNUPGHOME" diff --git a/tests/migration b/tests/migration new file mode 100755 index 0000000..b676999 --- /dev/null +++ b/tests/migration @@ -0,0 +1,20 @@ +#!/bin/bash + +set -e +set -x + +DIR=$(mktemp -d) +GPG_HOME="$DIR/gnupg" +gpg=(gpg --homedir "$GPG_HOME" --batch --quiet --with-colons) +gpg1=(gpg1 --homedir "$GPG_HOME" --batch --quiet --with-colons) + +mkdir "$GPG_HOME" +chmod 700 "$GPG_HOME" + +cat /usr/share/keyrings/debian-archive-*.gpg | "${gpg1[@]}" --import +"${gpg1[@]}" --list-keys +"${gpg[@]}" --list-keys > "$DIR/key.list.before" +migrate-pubring-from-classic-gpg "$GPG_HOME" +"${gpg[@]}" --list-keys > "$DIR/key.list.after" + +diff -u "$DIR/key.list.before" "$DIR/key.list.after" diff --git a/tests/simple-tests b/tests/simple-tests new file mode 100755 index 0000000..97d4ab4 --- /dev/null +++ b/tests/simple-tests @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e +set -x + +DIR=$(mktemp -d) +GPG_HOME=$DIR/gnupg +gpg="gpg --homedir $GPG_HOME" + +mkdir $GPG_HOME +chmod 700 $GPG_HOME + +#trap "cd $HOME && rm -rf $DIR" EXIT + +cd $DIR + +cat > key-batch << EOF +Key-Type: default +Subkey-Type: default +Name-Real: test case +Name-Email: example@example.com +Expire-Date: 0 +%no-protection +%commit +EOF + +$gpg --batch --generate-key key-batch +$gpg -abs < $GPG_HOME/pubring.kbx > pubring.kbx.asc +$gpg --verify pubring.kbx.asc $GPG_HOME/pubring.kbx +gpgv --keyring $GPG_HOME/pubring.kbx pubring.kbx.asc $GPG_HOME/pubring.kbx + +# Encrypt +$gpg -e -r example@example.com < $GPG_HOME/pubring.kbx > pubring.kbx.gpg +$gpg -d -r example@example.com < pubring.kbx.gpg > pubring.kbx.gpg.dec diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 0000000..4cefd75 --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I +Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg +jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 +KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u +qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB +1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk +aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW +AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s +hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8 +5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8 +Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc +WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC +E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2L +gQEIAKHwucgbaRj0V7Ht0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX +1bDVwr/iTPaPPEtpi7oQoHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHUL +hzKsGg5FC6pRYcEyzRXHtv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7 +nJdwG1cGQOZOIDQQM41gBzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOM +EJwlo0+NYx2Yn75x66bYwdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6J +sPmXEyeAyLiCWSh7Rwq8uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2f +AgAKCRAkmznSTyXjtrsSCACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU +3BO8iQ0Koy+m0QKY1kWjaHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4Mep +TgpxNiw4+XmykCkN1AfVhvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu +1GGTTOH0r12Ochc/um+QGAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1 +Lku4bIVG1Huwo1/0WHc2vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacut +ZXQQ2PPCIY7LlpuS/45CXWbT5Y+mxY3y7dbz4aF+8uyCmQENBFRQXwcBCACHWajy +v6RVZVM2w2XK6uba11kqJBt15WCkGBwOeojd8BXnwLecLwNW4rmpUZk8H+Nu7jaN +zwFcY/WXpQ/7nXktAvkalO1XSlFZQ7TZY65MtkFVByrne/NuDXFWjfWtZX3qaoYA ++zyUZQKbT1+m6JUpCiM7r8iGSDv9ufN5JtxfleT14ouHIHu2dqS5gl5FibhuOz5g +MCkrwgVDJ69gXymNNxstNI0k9b1YsKyjOzLXWvjF19FxNaMBFXPlXNOdD4/Hxi2y +eNDerA0kGmyowsJ0M3tgaGH+aXA+OB2r9QV/n5tjp/d7DS+yEGoicFDJwFKZjKhf +Rh7ewBL85Hie7llpABEBAAG0PkRhdmlkIFNoYXcgKEdudVBHIFJlbGVhc2UgU2ln +bmluZyBLZXkpIDxkc2hhd0BqYWJiZXJ3b2NreS5jb20+iQEfBDABAgAJBQJYn3pR +Ah0gAAoJEAQ3bz7ghWlZdmsH/ApwZWbcBg2zYE3+psWhZpiVNyTbePiglJlhjbUf +77cCfFsVhim5WG+YrTu8hcaf5/G9kZrsb4SvyMnqR2RXierKS6rBrE6TZHixb3Kh +6z2QqkC5ftGo/7lruMnW61cmDvt4sEUuUJviSTxTTBvnw0ct1zfgLvRWVzWdqQXU +w82oM8AOg0zQ0Ix/LoxwoX2hFNNThxLQHyitYdHlMdPhkO8/k92cei+n2fWbwtb5 +VOxXhoCWYAxOmr0JSiqYJhzBYakLhkqcPS8s8uAbt+jEaYot0NdQemUeJPJIy/rl +LWYdPNnPf9Ma5pGlNVDIQ9A6iC5JniFnmrmyI6McqdtQAui0JkRhdmlkIFNoYXcg +KEdudVBHIFJlbGVhc2UgU2lnbmluZyBLZXkpiQE+BBMBAgAoBQJYn3oyAhsDBQkJ +unbuBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAEN28+4IVpWcUJB/46snb+ ++ypPIhQjUPHVHb9U8r92QSh/XLi6xxJcqokzpif7fCvh+DrenlLOQznwB1PDPBmT +lffv2p7XvEAPMoaEOA/i67phDzsjaUrHkevsv0fAIqX8yHmVKQ773hhD+VbuO29o +J7h7LIQ5yrJScpmNmE2FjnjcHGHnr9UaoU4RQVqA9jyHEVt+aRvKvQEzMtFlSIkn +6rBNeU5HHh6oHhlzkNUP9hExRPBorodWEH0r7E2C+CORloR9ZG/EK4rU+Fkp1mdV +Stt2maNfG5QxaFgseT9X+QMeD7ktht5I/t05coSL/1dKyUjiHp84K8uZIfi09LPI +2dT9ikq5JHN8zHXZuQENBFRQXwcBCACh1PSJ34Lo8xXsLwnETw84a9fbADpAvDb0 +RI7Razz4mr0Q9DfXXiYf6wL6QOzB4IMzJpjfiLyC+HqFbEb0l9mZKRFS/RBfbO+V +zCvxI5n11fOtXuKn5CCnM7bZ5hGcf9EH4pZ8XOpKinnWx3VSWzjWoqmEMSb9kCed +PDFhZfqMSU4Kki56ZMCJLGmq2M9dV+1yFITLTr9sNEW4LgV699TlpZODcVJkRmmT +QoXlFkF3O859f0/Ad/YXGGBC0uQCx2+9bMNOhgPSo55wz8wa3V2ivIGjwiQCIcn5 +NE3JWLr98Cr+uKDdusXkRMY3tbkhFEagt61j77hg77WBjsRr7W1nABEBAAGJASUE +GAECAA8FAlRQXwcCGyAFCQm6du4ACgkQBDdvPuCFaVno8Af+JMwLn4f9iePsbUo6 +OHKi58+gz6P6DgRzxGYQDq9g5YiLwXgBTzqJLpKrYeRldIrEuABhta6x4UdLpAD+ +pk8M90i/xNx4TeMxbdkSaaacKxLpyaRCGmNEIq5YZ9o7JkgRXYFPoSt74xTmNT7B +GqRskaTUFLybJAeRlE3/l2B+jmzIVgpjhPrhnsO+VtAXvRwIBGWwjCTiU3pAn+Kp +odH1zaxa3Md/EC91y0Cl2DnDwZFwSl0MyJ56OFr+UExFNhVZjW+sSD76aSSG8I6Q +GKUMUUJWiM6dJ1MnLt01mOIGUQXCWZyMur3zgLkVHCPn543QF6/mFmxahst5Gq3x +A4YyUbkBDQRUUF8HAQgArhuRQ9LFKWYTwYcAjgU1AMD5BnMi8s+l/WnkmoVQukl5 +6XB9W1uPqo588rBdW9qbTIc6LKsyd992Vn/r5BeM/rrlF1uw/MQM/EIf3vZ4aZ3D +zJX3nCY8JVqjIFMf1cENNfbnaHS8+OBxts4tS9S5gFXwLviKvoRKgDbSD+uNgQaM +n9QC2AEYh8yjRWTZBzr/vDEzeM0/FRz/qHmiKCBSSB1sVyDMLaw4BSPecnQJLTV0 +08m4CUY9GOKD2jrX8+K6ZI5XL3x58B62yMstLTTKwCaPGPt4W7Gd/vdMk7IAi0pk ++/eLsrgsiAxlfAvvU7HTTNR3Obof78miZKiuq0uU5QARAQABiQElBBgBAgAPBQJU +UF8HAhsMBQkJunbuAAoJEAQ3bz7ghWlZuTEH/RrOy+kD14k+vqg27cjDhoK8tCL0 +jaOh0Zemw2DcY34BOnc8oyLbUqyd6qRhfPDFj7bscDA1JASYx7I6HfueQ9ckyUGA +nT5pXsnacCPdqzfXSCdXeRgh3w1e8uL5gueCp9PJCnF50OEF5LJNgsA/3qYO1S4Y +VD39NYEXTCNmQGoWWWeyaZQKz2UyZ1oVSTVxPX9HW/CIbPWYBpTPI/Y01SdeygTb +lOR5eD4p/3lCTFLQLcL1L5wDiMIIdcS4YXEx7j7ohu5uxV6khQWuXNtRpilgHyXA +VC62hInWotzaMVxbTRDLZnZI5VgnmjIyFk16LRkWyBD22nY+G0gKObkl+8+ZAQ0E +VEOpUgEIALSTx5koOY2p2ZrA6Un+brYvaDy5dP/7+8AQZvXJqJvT3Ejq18ZfNuqU +PCsshlwmxIhP+e39qMmchVtzfXfu9rhdvAzOwOkAwfiaaJOiqT6LMQKEabaSfOsv +CGh+VHxoawovflChlP96t2N+A94JEu9/bl8ew3YlvRYgzMLnpWQx4WjNr70dnmGu +R6aab6A+8i+ERSinELI5LyYrlaMHjPMh3IMl+SpWke9p80/Q3gsix50p3IdyP8re +Rjgp6OX30ZbXPWycGA9qag3b97nY9/opPDYWOxIZnvahqVyuQFHjBpxSLMbEpxEP +ZjpdrSD2bBOhZ00FAIggj65PM7OrUQMAEQEAAbQhV2VybmVyIEtvY2ggKFJlbGVh +c2UgU2lnbmluZyBLZXkpiQE9BBMBCAAnBQJUQ6lSAhsDBQkLqgX1BQsJCAcCBhUI +CQoLAgQWAgMBAh4BAheAAAoJEIqGGxx+/WDZofsH/AhbqZWZObNbbFzWrUxR2ywT +FAGER442ttYn8eIZk/8xppuBD/7Bm5OFMDB8YznMVAE6+sE4ZRGEg1TqVhCVw6tW +j5XxnWY1AoVZorElpjkq7VsHU65f0UcsSIyJuiAe7l+MkhcETxeue+556PIVDmD+ +5fbFwaAJaUx7j2xHcr6USXef3fFOZI2E/navSBOMyNuopYpRogYnk5xZKu9rB1+o +teTFHymGrYCUccR/Glxmw6n2ZmKtZhDmNyAaAU/QthdTD9GfEWk5yuPjmq5+bIQv +1AkqMFXlFocluq6R5/BQic9C1VSYg2pDHO1KHlDFA/a2xQ8h4SLlECgLAslqbzOZ +AQ0EVFA7IwEIAOYQcDfRdzqin/vZlwl1AyuJW+cDI3bYvesRtOIAJ+8FqOzp+nOZ +7a4mULkXUeRh3HcO91wughXoR3qP3klWIlqgTQQHxPVM25BEvnGPuMA86lWnKoSs +Xe9F5h0IMiu6aURvzMJC9VMgKwhhgCjejFf9n8zuiBkMN457Ubnt/9jxhpxmorDQ +Cpb7bR1mfdbsuCmOXwTNfbkAoGXceL/P6z9PskKrFk8CVCr8pseRiHzWgib4Bfr/ +mj68LKcQTH/Y6R16g154eC6PAvxrEDA+hgpVX0I7L781Byh9nqC+KDX5LvlGuQbg +B2IvrgLs6lfU3aRfTwqUDMj37rmXJTDy3TMAEQEAAbQyTklJQkUgWXV0YWthIChH +bnVQRyBSZWxlYXNlIEtleSkgPGduaWliZUBmc2lqLm9yZz6JATwEEwEIACYCGwMF +CwcICQMEFQgJCgUWAgMBAAIeAQIXgAUCWA8UWQUJC0uQNgAKCRAgcbCKM70/Brxv +CADASJRs/b6GHEklwHUDrr89oDNpDo7zB8zelZUvVT9OiI5089g53oxWcC5sScPH +vJmY1KNI8NtrqNR0REIQ653t0tSGszzHk1AlDc6VhTMVzXOkgMq8PWqVmvIKLhlF +ib9xzsFbPBBQNhPVHbQydrhuzGP/nguSv2njgMrnWRG70vK4GcqUxawbQXDSlFmY +c+xUZ+tx8RJmCxN6eiNfWQ163NVk2sxdqM9fM8punLlEa+sGkW3UnplE7IaS5ygg +WV8yfNm1wYFzZ33ZnN4LUtuGZjN2Xyv62M7RA5Ik5LNkdYMA8H+UbQ6Wn+Sw9rnx +EnWy7k/vG5QJbHG4GCwXMA6ruQENBFRQOyMBCAC94CWuMHLmP1B7oFxU0FjKv3D6 +RTpLSLqC/nqRWeKVdlSddR4LnO/r9ahRsGgekAEVyeD04SKAD7g3OWMhWvEsK6aY +gmzc0cLJCJRTsLW+X7kRWo33KUAKIpKYO8VF8iErWejajvo5UgN3y1V/anqlBU45 +DalLk/mu6JXOr6t7u83+IscTrFQTkW17wOxoc6i9zDOU1FoWZFyNU+hxpPCGndfn +S25qzaEpb1qzxYoHpyttCkGX4R3siX6gAkRLIPhsYK4sZihBZhTBgHdAVYSYkCrK +hRNWoSb3XpUhdT5l88uPozwxXruXmzk6WCv6ZdCJ+0rGShwJjU1j6g+Fksk9ABEB +AAGJASUEGAEIAA8CGwwFAlgPFEYFCQtLkCMACgkQIHGwijO9PwYKDQf9HXQ1Rb4n +eC/s//vRfwqpEsYTqGLgd/O8d/0BrHojE1d6iyidZIGX40Sgmq1OPUZE9GtW5l2W +uwjychrIySR8NnQ8h9cN0agYjLfp+3sJFGYRGsL2J7EmJVPUd6+gHcq2L5+zhm3e +98aaSxMlS5QGcE9IyDtdNeTUBya3kg6ltazSo9ztzGV6n585P2UiSQnL1fsvik5i +QkD8k6DcygmhBnxfbny5jPaV7PTcpxwY8k6jHIL8Z144GYHZYbuHMQuwH357vRgv +q0epdh+7JxJmtDtS8gpnR/U2kVhogSwPQnB06ztcPvXnwZznYGrw+Z3a57w+ef2M +Z4bi8gOtEd0zhw== +=3t3v +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 0000000..e1c393d --- /dev/null +++ b/watch @@ -0,0 +1,5 @@ +version=4 + +opts=pgpsigurlmangle=s/$/.sig/ \ + https://gnupg.org/ftp/gcrypt/gnupg/gnupg@ANY_VERSION@@ARCHIVE_EXT@ \ + debian -- 2.30.2