diff options
Diffstat (limited to '')
21 files changed, 216 insertions, 248 deletions
diff --git a/debian/changelog b/debian/changelog index 1bcbc3c..423b510 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,48 @@ +gnupg2 (2.2.43-1) unstable; urgency=medium + + [ Andreas Metzler ] + * New upstream version. + + Unfuzz patches. + + Drop patches from-upstream/*. + + Bump b-d versioning for libgnutls28-dev, libgpg-error-dev and + libksba-dev as specified in configure.ac. + * Drop unused b-d on libcurl4-gnutls-dev. (See #980768). + * Drop dirmngr dependency on lsb-base. (Empty transitional package + depending on essential package) + * [lintian] B-d on pkgconf instead of pkg-config. + * Drop transitional gpgv2 package (requested in #873186) and update CI + test dependencies. Also remove Breaks/Replaces against ancient + (pre-buster) versions of gpgv2. + * Drop Breaks/Replaces against ancient versions of gnupg/gnupg2. + * Update CI test dependencies (gnupg2 --> gnupg). + * Fixup recommends of architecture-any packages on architecture-all package + "gnupg" to use (= ${source:Version}) instead of binary:Version. (Thanks, + James McCoy) Closes: #1060366 + * Run wrap-and-sort -ast. + * Set --with-mailprog=/usr/sbin/sendmail and add a dependency on + default-mta | mail-transport-agent to gpg-wks-server. Closes: #1025782 + * Demote gnupg metapackage dependency on gpg-wks-server to Suggests since it + pulls in an MTA. + * Fix binary-all FTBFS by running a regular build for arch-all builds. + Otherwise the test suite was run against /usr/bin/gpg for + binary-all builds and failed if it was missing. + * Speed up indep build by only running needed dh_auto_configure instances. + * Add support for nodoc build-profile to ease bootstrapping. Turn + debian/gnupg-l10n.install into an executable that parses + $DEB_BUILD_PROFILES. This seems to be the only working solution to avoid + bad interaction of dh_install/dh_missing with nodoc. + Closes: #980768 + * Add patches to avoid setting AEAD: OCB key-preference on generated keys + and to avoid using OCB-mode even if AEAD: OCB key preference is set + on recipient key. + + [ Daniel Kahn Gillmor ] + * Standards-Version: bump to 4.7.0 (no changes needed) + * gbp: use upstream-2.2 as the name of the upstream branch + * d/copyright: Update dates, add Andreas Metzler for debian/* + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 13 May 2024 15:45:52 -0400 + gnupg2 (2.2.40-3) unstable; urgency=medium * Team upload. diff --git a/debian/clean b/debian/clean index 4b27f09..c5225d4 100644 --- a/debian/clean +++ b/debian/clean @@ -7,3 +7,4 @@ build-maintainer/ doc/gnupg.info doc/gnupg.info-1 doc/gnupg.info-2 +doc/gnupg.info-3 diff --git a/debian/control b/debian/control index 953bc73..20f47c5 100644 --- a/debian/control +++ b/debian/control @@ -5,32 +5,31 @@ Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org> Uploaders: Eric Dorland <eric@debian.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, -Standards-Version: 4.6.1 +Standards-Version: 4.7.0 Build-Depends: automake, autopoint, debhelper-compat (= 13), file, gettext, -# ghostscript, +# ghostscript <!nodoc>, gpgrt-tools, -# imagemagick, +# imagemagick <!nodoc>, libassuan-dev (>= 2.5.0), libbz2-dev, - libcurl4-gnutls-dev, libgcrypt20-dev (>= 1.8.0), - libgnutls28-dev (>= 3.0), - libgpg-error-dev (>= 1.35), - libksba-dev (>= 1.3.5), + libgnutls28-dev (>= 3.2), + libgpg-error-dev (>= 1.38), + libksba-dev (>= 1.4.0), libldap2-dev, libnpth0-dev (>= 1.2), libreadline-dev, libsqlite3-dev, libusb-1.0-0-dev [!hurd-any], openssh-client <!nocheck>, - pkg-config, - texinfo, -# transfig, + pkgconf, + texinfo <!nodoc>, +# transfig <!nodoc>, zlib1g-dev | libz-dev, Build-Depends-Indep: binutils-multiarch [!amd64 !i386], @@ -90,7 +89,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, Recommends: - gnupg (= ${binary:Version}), + gnupg (= ${source:Version}), ${shlibs:Recommends}, Suggests: dbus-user-session, @@ -120,12 +119,13 @@ Package: gpg-wks-server Architecture: any Multi-Arch: foreign Depends: + default-mta | mail-transport-agent, gpg (= ${binary:Version}), gpg-agent (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}, Recommends: - gnupg (= ${binary:Version}), + gnupg (= ${source:Version}), ${shlibs:Recommends}, Description: GNU privacy guard - Web Key Service server GnuPG is GNU's tool for secure communication and data storage. @@ -152,7 +152,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, Recommends: - gnupg (= ${binary:Version}), + gnupg (= ${source:Version}), ${shlibs:Recommends}, Description: GNU privacy guard - Web Key Service client GnuPG is GNU's tool for secure communication and data storage. @@ -195,12 +195,8 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, Recommends: - gnupg (= ${binary:Version}), + gnupg (= ${source:Version}), ${shlibs:Recommends}, -Breaks: - gnupg2 (<< 2.1.10-2), -Replaces: - gnupg2 (<< 2.1.10-2), Description: GNU privacy guard - S/MIME version GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. @@ -219,7 +215,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, Recommends: - gnupg (= ${binary:Version}), + gnupg (= ${source:Version}), ${shlibs:Recommends}, Breaks: gnupg (<< 2.1.21-4), @@ -252,8 +248,6 @@ Depends: gpg-agent (>= ${source:Version}), gpg-wks-client (<< ${source:Version}.1~), gpg-wks-client (>= ${source:Version}), - gpg-wks-server (<< ${source:Version}.1~), - gpg-wks-server (>= ${source:Version}), gpgsm (<< ${source:Version}.1~), gpgsm (>= ${source:Version}), gpgv (<< ${source:Version}.1~), @@ -265,10 +259,11 @@ Recommends: Suggests: parcimonie, xloadimage, + gpg-wks-server (<< ${source:Version}.1~), + gpg-wks-server (>= ${source:Version}), Breaks: debsig-verify (<< 0.15), dirmngr (<< ${binary:Version}), - gnupg2 (<< 2.1.11-7+exp1), libgnupg-interface-perl (<< 0.52-3), libgnupg-perl (<= 0.19-1), libmail-gnupg-perl (<= 0.22-1), @@ -277,8 +272,6 @@ Breaks: python-apt (<= 1.1.0~beta4), python-gnupg (<< 0.3.8-3), python3-apt (<= 1.1.0~beta4), -Replaces: - gnupg2 (<< 2.1.11-7+exp1), Description: GNU privacy guard - a free PGP replacement GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. @@ -312,12 +305,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, Breaks: - gnupg2 (<< 2.0.21-2), - gpgv2 (<< 2.1.11-7+exp1), python-debian (<< 0.1.29), -Replaces: - gnupg2 (<< 2.0.21-2), - gpgv2 (<< 2.1.11-7+exp1), Suggests: gnupg, Description: GNU privacy guard - signature verification tool @@ -329,41 +317,21 @@ Description: GNU privacy guard - signature verification tool used to make the signature are valid. There are no configuration files and only a few options are implemented. -Package: gpgv2 -Section: oldlibs -Architecture: all -Multi-Arch: foreign -Depends: - gpgv (>= ${source:Version}), - ${misc:Depends}, -Description: GNU privacy guard - signature verification tool (dummy transitional package) - GnuPG is GNU's tool for secure communication and data storage. gpgv - is a stripped-down version of gpg which is only able to check - signatures. - . - This is a dummy transitional package that provides symlinks from gpgv2 - to gpgv. - Package: dirmngr Architecture: any Multi-Arch: foreign Depends: adduser, gpgconf (= ${binary:Version}), - lsb-base (>= 3.2-13), ${misc:Depends}, ${shlibs:Depends}, Recommends: - gnupg (= ${binary:Version}), + gnupg (= ${source:Version}), ${shlibs:Recommends}, Enhances: gpg, gpgsm, squid, -Breaks: - gnupg2 (<< 2.1.10-2), -Replaces: - gnupg2 (<< 2.1.10-2), Suggests: dbus-user-session, libpam-systemd, @@ -450,12 +418,6 @@ Enhances: dirmngr, gpg, gpg-agent, -Breaks: - gnupg (<< 2.1.14-2~), - gnupg2 (<< 2.1.14-2~), -Replaces: - gnupg (<< 2.1.14-2~), - gnupg2 (<< 2.1.14-2~), Description: GNU privacy guard - localization files GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. diff --git a/debian/copyright b/debian/copyright index fa0ce87..a454f7c 100644 --- a/debian/copyright +++ b/debian/copyright @@ -4,7 +4,7 @@ Upstream-Contact: GnuPG development mailing list <gnupg-devel@gnupg.org> Source: https://gnupg.org/download/ Files: * -Copyright: 1992, 1995-2020, Free Software Foundation, Inc +Copyright: 1992, 1995-2024, Free Software Foundation, Inc License: GPL-3+ Files: agent/command.c @@ -70,10 +70,11 @@ Copyright: 2000, Dimitrios Souflis License: TinySCHEME Files: debian/* -Copyright: 1998-2022 Debian GnuPG packagers, including +Copyright: 1998-2024 Debian GnuPG packagers, including Eric Dorland <eric@debian.org> Daniel Kahn Gillmor <dkg@fifthhorseman.net> NIIBE Yutaka <gniibe@fsij.org> + Andreas Metzler <ametzler@debian.org> License: GPL-3+ Files: debian/org.gnupg.scdaemon.metainfo.xml diff --git a/debian/gbp.conf b/debian/gbp.conf index cb11b4d..77b338a 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,5 +1,6 @@ [DEFAULT] debian-branch = debian/unstable +upstream-branch = upstream-2.2 pristine-tar = True upstream-vcs-tag = gnupg-%(version)s diff --git a/debian/gnupg-l10n.install b/debian/gnupg-l10n.install index a84f37d..2f14679 100644..100755 --- a/debian/gnupg-l10n.install +++ b/debian/gnupg-l10n.install @@ -1,3 +1,7 @@ -debian/tmp/usr/share/gnupg/help.*.txt -debian/tmp/usr/share/gnupg/help.txt -debian/tmp/usr/share/locale +#!/bin/sh +set -e +echo debian/tmp/usr/share/locale +if ! echo ${DEB_BUILD_PROFILES} | grep -q nodoc ; then + echo 'usr/share/gnupg/help.*.txt' + echo usr/share/gnupg/help.txt +fi diff --git a/debian/gnupg-utils.install b/debian/gnupg-utils.install index 5c764d4..808257b 100644 --- a/debian/gnupg-utils.install +++ b/debian/gnupg-utils.install @@ -2,8 +2,8 @@ build-maintainer/g10/gpgcompose usr/bin build/tools/gpg-zip usr/bin debian/migrate-pubring-from-classic-gpg usr/bin debian/tmp/usr/bin/gpgparsemail -debian/tmp/usr/bin/gpgtar debian/tmp/usr/bin/gpgsplit +debian/tmp/usr/bin/gpgtar debian/tmp/usr/bin/kbxutil debian/tmp/usr/bin/watchgnupg debian/tmp/usr/sbin/addgnupghome diff --git a/debian/gnupg.docs b/debian/gnupg.docs index 66384bb..23a6bd3 100644 --- a/debian/gnupg.docs +++ b/debian/gnupg.docs @@ -1,4 +1,4 @@ -debian/tmp/usr/share/doc/gnupg/* NEWS THANKS TODO +debian/tmp/usr/share/doc/gnupg/* diff --git a/debian/gpgv2.links b/debian/gpgv2.links deleted file mode 100644 index 5107429..0000000 --- a/debian/gpgv2.links +++ /dev/null @@ -1,2 +0,0 @@ -usr/bin/gpgv usr/bin/gpgv2 -usr/share/man/man1/gpgv.1.gz usr/share/man/man1/gpgv2.1.gz diff --git a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch index cc9ee90..ab4eccf 100644 --- a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch +++ b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch @@ -36,14 +36,14 @@ bug. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> --- configure.ac | 2 +- - doc/dirmngr.texi | 6 +++++- - 2 files changed, 6 insertions(+), 2 deletions(-) + doc/dirmngr.texi | 9 +++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac -index 0a4ae1e..c48cb8c 100644 +index 1ea8b7a..a3ff5c4 100644 --- a/configure.ac +++ b/configure.ac -@@ -1837,7 +1837,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon", +@@ -1828,7 +1828,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon", AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr", [The name of the dirmngr socket]) AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER, @@ -53,19 +53,22 @@ index 0a4ae1e..c48cb8c 100644 AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix]) diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi -index ab831de..f7c7672 100644 +index 39c0c45..4ac6174 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi -@@ -331,7 +331,11 @@ whether Tor is locally running or not. The check for a running Tor is +@@ -339,8 +339,13 @@ whether Tor is locally running or not. The check for a running Tor is done for each new connection. If no keyserver is explicitly configured, dirmngr will use the --built-in default of @code{https://keyserver.ubuntu.com}. +-built-in default of @code{https://keyserver.ubuntu.com}. To avoid the +-use of a default keyserver the value @code{none} can be used. +built-in default of @code{https://keys.openpgp.org}. + +Note that the above default is a Debian-specific choice. Upstream +GnuPG prefers @code{hkps://keyserver.ubuntu.com}. See +/usr/share/doc/gpgconf/NEWS.Debian.gz for more details. ++ ++To avoid the use of a default keyserver the value @code{none} can be used. Windows users with a keyserver running on their Active Directory may use the short form @code{ldap:///} for @var{name} to access this directory. diff --git a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch index 81a1877..11ab394 100644 --- a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch +++ b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch @@ -23,12 +23,12 @@ index 954f88a..f65eed5 100644 +#define LDAP_DEPRECATED 1 #include <ldap.h> #endif - ],[ldap_open("foobar",1234);], + ]],[[ldap_open("foobar",1234);]])], @@ -53,6 +54,7 @@ if test x$_ldap_with != xno ; then if test $gnupg_cv_func_ldap_init = no; then AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h]) - AC_TRY_LINK([#include <lber.h> + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <lber.h> +#define LDAP_DEPRECATED 1 - #include <ldap.h>],[ldap_open("foobar",1234);], + #include <ldap.h>]],[[ldap_open("foobar",1234);]])], [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no]) AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init]) diff --git a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch b/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch deleted file mode 100644 index c21409f..0000000 --- a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Tue, 18 Oct 2022 10:16:11 +0900 -Subject: dirmngr: Fix build with no LDAP support. - -* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize. - --- - -Cherry-pick master commit of: - 7011286ce6e1fb56c2989fdafbd11b931c489faa - -GnuPG-bug-id: 6239 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit a5c3821664886ffffbe6a83aac088a6e0088a607) ---- - dirmngr/server.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/dirmngr/server.c b/dirmngr/server.c -index 651f67c..87a0d77 100644 ---- a/dirmngr/server.c -+++ b/dirmngr/server.c -@@ -3135,8 +3135,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id) - ctrl->refcount); - else - { -+#if USE_LDAP - ks_ldap_free_state (ctrl->ks_get_state); - ctrl->ks_get_state = NULL; -+#endif - release_ctrl_ocsp_certs (ctrl); - xfree (ctrl->server_local); - dirmngr_deinit_default_ctrl (ctrl); diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch deleted file mode 100644 index 99117df..0000000 --- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Tue, 18 Oct 2022 10:24:54 +0900 -Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS (another). - -* g10/Makefile.am (t_keydb_LDADD): Add NETLIBS after GPG_ERROR_LIBS. - --- - -Fixes-commit: b26bb03ed96f380ad603f7ad902862625233c931 -GnuPG-bug-id: 6244 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit 256b3c05789d8026b62f594bd592199a90b1b446) ---- - g10/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/g10/Makefile.am b/g10/Makefile.am -index d38e292..cd5307e 100644 ---- a/g10/Makefile.am -+++ b/g10/Makefile.am -@@ -200,7 +200,7 @@ module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter - t_rmd160_SOURCES = t-rmd160.c rmd160.c - t_rmd160_LDADD = $(t_common_ldadd) - t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) --t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ -+t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(t_common_ldadd) - t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \ - $(common_source) diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch deleted file mode 100644 index c4ad203..0000000 --- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Tue, 18 Oct 2022 10:08:20 +0900 -Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS. - -* g10/Makefile.am (LDADD): Remove NETLIBS. -(gpg_LDADD, gpgv_LDADD): Add NETLIBS after GPG_ERROR_LIBS. -(gpgcompose_LDADD, t_keydb_get_keyblock_LDADD): Likewise. -(t_stutter_LDADD): Likewise. - --- - -GnuPG-bug-id: 6244 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit b26bb03ed96f380ad603f7ad902862625233c931) ---- - g10/Makefile.am | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/g10/Makefile.am b/g10/Makefile.am -index f885673..d38e292 100644 ---- a/g10/Makefile.am -+++ b/g10/Makefile.am -@@ -180,18 +180,18 @@ gpgv_SOURCES = gpgv.c \ - # $(common_source) - - LDADD = $(needed_libs) ../common/libgpgrl.a \ -- $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS) -+ $(ZLIBS) $(LIBINTL) $(CAPLIBS) - gpg_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(SQLITE3_LIBS) $(LIBREADLINE) \ -- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ -+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(gpg_robjs) $(extra_sys_libs) - gpg_LDFLAGS = $(extra_bin_ldflags) - gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ -- $(GPG_ERROR_LIBS) \ -+ $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(gpgv_robjs) $(extra_sys_libs) - gpgv_LDFLAGS = $(extra_bin_ldflags) - - gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ -- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ -+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(extra_sys_libs) - gpgcompose_LDFLAGS = $(extra_bin_ldflags) - -@@ -205,10 +205,10 @@ t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ - t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \ - $(common_source) - t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ -- $(LIBICONV) $(t_common_ldadd) -+ $(NETLIBS) $(LIBICONV) $(t_common_ldadd) - t_stutter_SOURCES = t-stutter.c test-stubs.c \ - $(common_source) --t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ -+t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(t_common_ldadd) - - diff --git a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch b/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch deleted file mode 100644 index bf542d0..0000000 --- a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Thu, 26 Nov 2020 09:50:40 +0900 -Subject: gpg: Report an error for receiving key from agent. - -* g10/export.c (do_export_one_keyblock): Report an error. - --- - -GnuPG-bug-id: 5151 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit 6f0066db2c87e6362473d17c0621011ed1e1eae6) ---- - g10/export.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/g10/export.c b/g10/export.c -index e98af59..8e17df3 100644 ---- a/g10/export.c -+++ b/g10/export.c -@@ -1814,6 +1814,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, - { - if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) - goto leave; -+ write_status_error ("export_keys.secret", err); - skip_until_subkey = 1; - err = 0; - } diff --git a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch index fa6dd9f..da2b781 100644 --- a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch +++ b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch @@ -13,14 +13,14 @@ This fixes two of the three broken tests in import-incomplete.scm. GnuPG-Bug-id: 4393 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> --- - g10/import.c | 44 +++++++++++--------------------------------- - 1 file changed, 11 insertions(+), 33 deletions(-) + g10/import.c | 45 +++++++++++---------------------------------- + 1 file changed, 11 insertions(+), 34 deletions(-) diff --git a/g10/import.c b/g10/import.c -index b2d5c1d..078a78c 100644 +index f11dedc..59c83f7 100644 --- a/g10/import.c +++ b/g10/import.c -@@ -1855,7 +1855,6 @@ import_one_real (ctrl_t ctrl, +@@ -1858,7 +1858,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -28,7 +28,7 @@ index b2d5c1d..078a78c 100644 KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1892,14 +1891,6 @@ import_one_real (ctrl_t ctrl, +@@ -1895,14 +1894,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -43,11 +43,12 @@ index b2d5c1d..078a78c 100644 if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1974,17 +1965,10 @@ import_one_real (ctrl_t ctrl, +@@ -1977,18 +1968,10 @@ import_one_real (ctrl_t ctrl, } } -- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) - { - if (!silent) - { @@ -61,11 +62,11 @@ index b2d5c1d..078a78c 100644 + /* Delete invalid parts, and note if we have any valid ones left. + * We will later abort import if this key is new but contains + * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options); ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -1994,24 +1978,11 @@ import_one_real (ctrl_t ctrl, +@@ -1998,24 +1981,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -90,7 +91,7 @@ index b2d5c1d..078a78c 100644 } /* The keyblock is valid and ready for real import. */ -@@ -2069,6 +2040,13 @@ import_one_real (ctrl_t ctrl, +@@ -2073,6 +2043,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/debian/patches/series b/debian/patches/series index e62c9b8..9ea1b66 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -12,6 +12,8 @@ from-master/gpg-default-to-3072-bit-keys.patch from-master/gpg-default-to-AES-256.patch update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch +update-defaults/gpg-Do-not-set-OCB-key-preference.diff +update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -21,7 +23,3 @@ gpg-drop-import-clean-from-default-keyserver-import-optio.patch from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch from-master/common-Fix-the-previous-commit.patch from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch -from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch -from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch -from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch -from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch diff --git a/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff new file mode 100644 index 0000000..13f020f --- /dev/null +++ b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff @@ -0,0 +1,26 @@ +From: Andreas Metzler <ametzler@debian.org> +Date: Thu, 9 May 2024 13:57:27 +0200 +Subject: Do not set AEAD: OCB key preference on new keys. + +Origin: vendor +Forwarded: not-needed +Last-Update: 2024-05-09 +--- + g10/keygen.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/g10/keygen.c b/g10/keygen.c +index 6612352..dfaa591 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -527,6 +527,10 @@ keygen_set_std_prefs (const char *string,int personal) + if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB)) + ocb = 0; + ++ /* Do not set AEAD: OCB on newly generated key, it is a LibrePGP ++ * feature. */ ++ ocb = 0; ++ + if(!rc) + { + if(personal) diff --git a/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff new file mode 100644 index 0000000..821038f --- /dev/null +++ b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff @@ -0,0 +1,44 @@ +From: Andreas Metzler <ametzler@debian.org> +Date: Thu, 9 May 2024 13:57:27 +0200 +Subject: Do not use OCB mode even if AEAD: OCB key preference is set. + +Origin: vendor +Forwarded: not-needed +Last-Update: 2024-05-09 + +(overrideable with --force-ocb) +--- + g10/encrypt.c | 6 ++++++ + tests/openpgp/encrypt.scm | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/g10/encrypt.c b/g10/encrypt.c +index a4863fa..d2ad3fe 100644 +--- a/g10/encrypt.c ++++ b/g10/encrypt.c +@@ -279,6 +279,12 @@ use_aead (pk_list_t pk_list, int algo) + } + return AEAD_ALGO_OCB; + } ++ else ++ { ++ /* Ignore AEAD: OCB key preference unless --force-ocb is set. It is ++ * a LibrePGP feature. */ ++ return 0; ++ } + + /* AEAD does only work with 128 bit cipher blocklength. */ + if (!can_use) +diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm +index ef2f7b0..a44f5ca 100755 +--- a/tests/openpgp/encrypt.scm ++++ b/tests/openpgp/encrypt.scm +@@ -88,7 +88,7 @@ + (lambda (source) + (tr:do + (tr:open source) +- (tr:gpgstatus "" `(--yes -e ++ (tr:gpgstatus "" `(--yes -e --force-ocb + -r ,"patrice.lumumba" + -r ,"mahsa.amini")) + (tr:call-with-content diff --git a/debian/rules b/debian/rules index b6aba08..bf8fe12 100755 --- a/debian/rules +++ b/debian/rules @@ -31,6 +31,10 @@ else AUTOTEST_FLAGS = "--no-parallel" endif +ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),) + NODOC = --disable-doc +endif + %: dh $@ --with=autoreconf --builddirectory=build @@ -38,21 +42,35 @@ GPGV_UDEB_UNNEEDED = gpgtar bzip2 gpgsm scdaemon dirmngr doc tofu exec ldap gnut WIN32_FLAGS=LDFLAGS="-Xlinker --no-insert-timestamp -static" CFLAGS="-g -Os" CPPFLAGS= -override_dh_auto_configure: - dh_auto_configure --builddirectory=build-gpgv-udeb -- \ - $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) - dh_auto_configure --builddirectory=build-maintainer -- \ - --enable-maintainer-mode \ - $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) - dh_auto_configure --builddirectory=build -- --libexecdir=\$${prefix}/lib/gnupg \ +# runs for both arch-all and arch-indep builds +execute_after_dh_auto_configure: + dh_auto_configure --builddirectory=build --verbose -- \ + --libexecdir=\$${prefix}/lib/gnupg \ --enable-wks-tools \ --enable-all-tests \ --with-agent-s2k-calibration=300 \ - --enable-large-secmem + --enable-large-secmem \ + --with-mailprog=/usr/sbin/sendmail \ + $(NODOC) + +override_dh_auto_configure-arch: + dh_auto_configure --builddirectory=build-maintainer -- \ + --enable-maintainer-mode \ + $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) \ + $(NODOC) + dh_auto_configure --builddirectory=build-gpgv-udeb -- \ + $(NODOC) \ + $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) + +override_dh_auto_configure-indep: + # nothing to do + +# needed for both arch-all and -indep builds +execute_after_dh_auto_build: + dh_auto_build --builddirectory=build override_dh_auto_build-arch: dh_auto_build --builddirectory=build-gpgv-udeb - dh_auto_build --builddirectory=build dh_auto_build --builddirectory=build-maintainer cp -a build-gpgv-udeb build-gpgv-static rm -f build-gpgv-static/g10/gpgv @@ -64,6 +82,7 @@ override_dh_auto_build-indep: cd build-gpgv-win32 && $(WIN32_FLAGS) ../configure \ $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) \ $(foreach x, libgpg-error libgcrypt libassuan ksba npth, --with-$x-prefix=/usr/i686-w64-mingw32) \ + $(NODOC) \ --enable-gpg2-is-gpg \ --with-zlib=/usr/i686-w64-mingw \ --prefix=/usr/i686-w64-mingw32 \ diff --git a/debian/tests/control b/debian/tests/control index 9609918..1cf6de2 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,12 +1,24 @@ Tests: gpgv-win32 -Depends: gpgv-win32, gnupg2, gpgv2, wine32, diffutils +Depends: + diffutils, + gnupg, + gpgv, + gpgv-win32, + wine32, Restrictions: allow-stderr Architecture: i386 Tests: simple-tests -Depends: gnupg2, gpgv2 +Depends: + gnupg, + gpgv, Restrictions: allow-stderr Tests: migration -Depends: gpg, gnupg1, gnupg-utils, debian-archive-keyring, diffutils +Depends: + debian-archive-keyring, + diffutils, + gnupg-utils, + gnupg1, + gpg, Restrictions: allow-stderr |