Merging debian version 2.2.43-1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 44 insertions, 0 deletions

diff --git a/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
new file mode 100644
index 0000000..821038f
--- /dev/null
+++ b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
@@ -0,0 +1,44 @@
+From: Andreas Metzler <ametzler@debian.org>
+Date: Thu, 9 May 2024 13:57:27 +0200
+Subject: Do not use OCB mode even if AEAD: OCB key preference is set.
+
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2024-05-09
+
+(overrideable with --force-ocb)
+---
+ g10/encrypt.c             | 6 ++++++
+ tests/openpgp/encrypt.scm | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/g10/encrypt.c b/g10/encrypt.c
+index a4863fa..d2ad3fe 100644
+--- a/g10/encrypt.c
++++ b/g10/encrypt.c
+@@ -279,6 +279,12 @@ use_aead (pk_list_t pk_list, int algo)
+         }
+       return AEAD_ALGO_OCB;
+     }
++  else
++    {
++    /* Ignore AEAD: OCB key preference unless --force-ocb is set. It is
++     * a LibrePGP feature.  */
++      return 0;
++    }
+ 
+   /* AEAD does only work with 128 bit cipher blocklength.  */
+   if (!can_use)
+diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm
+index ef2f7b0..a44f5ca 100755
+--- a/tests/openpgp/encrypt.scm
++++ b/tests/openpgp/encrypt.scm
+@@ -88,7 +88,7 @@
+  (lambda (source)
+    (tr:do
+     (tr:open source)
+-    (tr:gpgstatus "" `(--yes -e
++    (tr:gpgstatus "" `(--yes -e --force-ocb
+                        -r ,"patrice.lumumba"
+                        -r ,"mahsa.amini"))
+     (tr:call-with-content