summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog45
-rw-r--r--debian/clean1
-rw-r--r--debian/control74
-rw-r--r--debian/copyright5
-rw-r--r--debian/gbp.conf1
-rwxr-xr-x[-rw-r--r--]debian/gnupg-l10n.install10
-rw-r--r--debian/gnupg-utils.install2
-rw-r--r--debian/gnupg.docs2
-rw-r--r--debian/gpgv2.links2
-rw-r--r--debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch17
-rw-r--r--debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch6
-rw-r--r--debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch33
-rw-r--r--debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch29
-rw-r--r--debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch58
-rw-r--r--debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch27
-rw-r--r--debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch21
-rw-r--r--debian/patches/series6
-rw-r--r--debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff26
-rw-r--r--debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff44
-rwxr-xr-xdebian/rules37
-rw-r--r--debian/tests/control18
21 files changed, 216 insertions, 248 deletions
diff --git a/debian/changelog b/debian/changelog
index 1bcbc3c..423b510 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,48 @@
+gnupg2 (2.2.43-1) unstable; urgency=medium
+
+ [ Andreas Metzler ]
+ * New upstream version.
+ + Unfuzz patches.
+ + Drop patches from-upstream/*.
+ + Bump b-d versioning for libgnutls28-dev, libgpg-error-dev and
+ libksba-dev as specified in configure.ac.
+ * Drop unused b-d on libcurl4-gnutls-dev. (See #980768).
+ * Drop dirmngr dependency on lsb-base. (Empty transitional package
+ depending on essential package)
+ * [lintian] B-d on pkgconf instead of pkg-config.
+ * Drop transitional gpgv2 package (requested in #873186) and update CI
+ test dependencies. Also remove Breaks/Replaces against ancient
+ (pre-buster) versions of gpgv2.
+ * Drop Breaks/Replaces against ancient versions of gnupg/gnupg2.
+ * Update CI test dependencies (gnupg2 --> gnupg).
+ * Fixup recommends of architecture-any packages on architecture-all package
+ "gnupg" to use (= ${source:Version}) instead of binary:Version. (Thanks,
+ James McCoy) Closes: #1060366
+ * Run wrap-and-sort -ast.
+ * Set --with-mailprog=/usr/sbin/sendmail and add a dependency on
+ default-mta | mail-transport-agent to gpg-wks-server. Closes: #1025782
+ * Demote gnupg metapackage dependency on gpg-wks-server to Suggests since it
+ pulls in an MTA.
+ * Fix binary-all FTBFS by running a regular build for arch-all builds.
+ Otherwise the test suite was run against /usr/bin/gpg for
+ binary-all builds and failed if it was missing.
+ * Speed up indep build by only running needed dh_auto_configure instances.
+ * Add support for nodoc build-profile to ease bootstrapping. Turn
+ debian/gnupg-l10n.install into an executable that parses
+ $DEB_BUILD_PROFILES. This seems to be the only working solution to avoid
+ bad interaction of dh_install/dh_missing with nodoc.
+ Closes: #980768
+ * Add patches to avoid setting AEAD: OCB key-preference on generated keys
+ and to avoid using OCB-mode even if AEAD: OCB key preference is set
+ on recipient key.
+
+ [ Daniel Kahn Gillmor ]
+ * Standards-Version: bump to 4.7.0 (no changes needed)
+ * gbp: use upstream-2.2 as the name of the upstream branch
+ * d/copyright: Update dates, add Andreas Metzler for debian/*
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 13 May 2024 15:45:52 -0400
+
gnupg2 (2.2.40-3) unstable; urgency=medium
* Team upload.
diff --git a/debian/clean b/debian/clean
index 4b27f09..c5225d4 100644
--- a/debian/clean
+++ b/debian/clean
@@ -7,3 +7,4 @@ build-maintainer/
doc/gnupg.info
doc/gnupg.info-1
doc/gnupg.info-2
+doc/gnupg.info-3
diff --git a/debian/control b/debian/control
index 953bc73..20f47c5 100644
--- a/debian/control
+++ b/debian/control
@@ -5,32 +5,31 @@ Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Uploaders:
Eric Dorland <eric@debian.org>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
-Standards-Version: 4.6.1
+Standards-Version: 4.7.0
Build-Depends:
automake,
autopoint,
debhelper-compat (= 13),
file,
gettext,
-# ghostscript,
+# ghostscript <!nodoc>,
gpgrt-tools,
-# imagemagick,
+# imagemagick <!nodoc>,
libassuan-dev (>= 2.5.0),
libbz2-dev,
- libcurl4-gnutls-dev,
libgcrypt20-dev (>= 1.8.0),
- libgnutls28-dev (>= 3.0),
- libgpg-error-dev (>= 1.35),
- libksba-dev (>= 1.3.5),
+ libgnutls28-dev (>= 3.2),
+ libgpg-error-dev (>= 1.38),
+ libksba-dev (>= 1.4.0),
libldap2-dev,
libnpth0-dev (>= 1.2),
libreadline-dev,
libsqlite3-dev,
libusb-1.0-0-dev [!hurd-any],
openssh-client <!nocheck>,
- pkg-config,
- texinfo,
-# transfig,
+ pkgconf,
+ texinfo <!nodoc>,
+# transfig <!nodoc>,
zlib1g-dev | libz-dev,
Build-Depends-Indep:
binutils-multiarch [!amd64 !i386],
@@ -90,7 +89,7 @@ Depends:
${misc:Depends},
${shlibs:Depends},
Recommends:
- gnupg (= ${binary:Version}),
+ gnupg (= ${source:Version}),
${shlibs:Recommends},
Suggests:
dbus-user-session,
@@ -120,12 +119,13 @@ Package: gpg-wks-server
Architecture: any
Multi-Arch: foreign
Depends:
+ default-mta | mail-transport-agent,
gpg (= ${binary:Version}),
gpg-agent (= ${binary:Version}),
${misc:Depends},
${shlibs:Depends},
Recommends:
- gnupg (= ${binary:Version}),
+ gnupg (= ${source:Version}),
${shlibs:Recommends},
Description: GNU privacy guard - Web Key Service server
GnuPG is GNU's tool for secure communication and data storage.
@@ -152,7 +152,7 @@ Depends:
${misc:Depends},
${shlibs:Depends},
Recommends:
- gnupg (= ${binary:Version}),
+ gnupg (= ${source:Version}),
${shlibs:Recommends},
Description: GNU privacy guard - Web Key Service client
GnuPG is GNU's tool for secure communication and data storage.
@@ -195,12 +195,8 @@ Depends:
${misc:Depends},
${shlibs:Depends},
Recommends:
- gnupg (= ${binary:Version}),
+ gnupg (= ${source:Version}),
${shlibs:Recommends},
-Breaks:
- gnupg2 (<< 2.1.10-2),
-Replaces:
- gnupg2 (<< 2.1.10-2),
Description: GNU privacy guard - S/MIME version
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
@@ -219,7 +215,7 @@ Depends:
${misc:Depends},
${shlibs:Depends},
Recommends:
- gnupg (= ${binary:Version}),
+ gnupg (= ${source:Version}),
${shlibs:Recommends},
Breaks:
gnupg (<< 2.1.21-4),
@@ -252,8 +248,6 @@ Depends:
gpg-agent (>= ${source:Version}),
gpg-wks-client (<< ${source:Version}.1~),
gpg-wks-client (>= ${source:Version}),
- gpg-wks-server (<< ${source:Version}.1~),
- gpg-wks-server (>= ${source:Version}),
gpgsm (<< ${source:Version}.1~),
gpgsm (>= ${source:Version}),
gpgv (<< ${source:Version}.1~),
@@ -265,10 +259,11 @@ Recommends:
Suggests:
parcimonie,
xloadimage,
+ gpg-wks-server (<< ${source:Version}.1~),
+ gpg-wks-server (>= ${source:Version}),
Breaks:
debsig-verify (<< 0.15),
dirmngr (<< ${binary:Version}),
- gnupg2 (<< 2.1.11-7+exp1),
libgnupg-interface-perl (<< 0.52-3),
libgnupg-perl (<= 0.19-1),
libmail-gnupg-perl (<= 0.22-1),
@@ -277,8 +272,6 @@ Breaks:
python-apt (<= 1.1.0~beta4),
python-gnupg (<< 0.3.8-3),
python3-apt (<= 1.1.0~beta4),
-Replaces:
- gnupg2 (<< 2.1.11-7+exp1),
Description: GNU privacy guard - a free PGP replacement
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
@@ -312,12 +305,7 @@ Depends:
${misc:Depends},
${shlibs:Depends},
Breaks:
- gnupg2 (<< 2.0.21-2),
- gpgv2 (<< 2.1.11-7+exp1),
python-debian (<< 0.1.29),
-Replaces:
- gnupg2 (<< 2.0.21-2),
- gpgv2 (<< 2.1.11-7+exp1),
Suggests:
gnupg,
Description: GNU privacy guard - signature verification tool
@@ -329,41 +317,21 @@ Description: GNU privacy guard - signature verification tool
used to make the signature are valid. There are no configuration
files and only a few options are implemented.
-Package: gpgv2
-Section: oldlibs
-Architecture: all
-Multi-Arch: foreign
-Depends:
- gpgv (>= ${source:Version}),
- ${misc:Depends},
-Description: GNU privacy guard - signature verification tool (dummy transitional package)
- GnuPG is GNU's tool for secure communication and data storage. gpgv
- is a stripped-down version of gpg which is only able to check
- signatures.
- .
- This is a dummy transitional package that provides symlinks from gpgv2
- to gpgv.
-
Package: dirmngr
Architecture: any
Multi-Arch: foreign
Depends:
adduser,
gpgconf (= ${binary:Version}),
- lsb-base (>= 3.2-13),
${misc:Depends},
${shlibs:Depends},
Recommends:
- gnupg (= ${binary:Version}),
+ gnupg (= ${source:Version}),
${shlibs:Recommends},
Enhances:
gpg,
gpgsm,
squid,
-Breaks:
- gnupg2 (<< 2.1.10-2),
-Replaces:
- gnupg2 (<< 2.1.10-2),
Suggests:
dbus-user-session,
libpam-systemd,
@@ -450,12 +418,6 @@ Enhances:
dirmngr,
gpg,
gpg-agent,
-Breaks:
- gnupg (<< 2.1.14-2~),
- gnupg2 (<< 2.1.14-2~),
-Replaces:
- gnupg (<< 2.1.14-2~),
- gnupg2 (<< 2.1.14-2~),
Description: GNU privacy guard - localization files
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
diff --git a/debian/copyright b/debian/copyright
index fa0ce87..a454f7c 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -4,7 +4,7 @@ Upstream-Contact: GnuPG development mailing list <gnupg-devel@gnupg.org>
Source: https://gnupg.org/download/
Files: *
-Copyright: 1992, 1995-2020, Free Software Foundation, Inc
+Copyright: 1992, 1995-2024, Free Software Foundation, Inc
License: GPL-3+
Files: agent/command.c
@@ -70,10 +70,11 @@ Copyright: 2000, Dimitrios Souflis
License: TinySCHEME
Files: debian/*
-Copyright: 1998-2022 Debian GnuPG packagers, including
+Copyright: 1998-2024 Debian GnuPG packagers, including
Eric Dorland <eric@debian.org>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
NIIBE Yutaka <gniibe@fsij.org>
+ Andreas Metzler <ametzler@debian.org>
License: GPL-3+
Files: debian/org.gnupg.scdaemon.metainfo.xml
diff --git a/debian/gbp.conf b/debian/gbp.conf
index cb11b4d..77b338a 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,5 +1,6 @@
[DEFAULT]
debian-branch = debian/unstable
+upstream-branch = upstream-2.2
pristine-tar = True
upstream-vcs-tag = gnupg-%(version)s
diff --git a/debian/gnupg-l10n.install b/debian/gnupg-l10n.install
index a84f37d..2f14679 100644..100755
--- a/debian/gnupg-l10n.install
+++ b/debian/gnupg-l10n.install
@@ -1,3 +1,7 @@
-debian/tmp/usr/share/gnupg/help.*.txt
-debian/tmp/usr/share/gnupg/help.txt
-debian/tmp/usr/share/locale
+#!/bin/sh
+set -e
+echo debian/tmp/usr/share/locale
+if ! echo ${DEB_BUILD_PROFILES} | grep -q nodoc ; then
+ echo 'usr/share/gnupg/help.*.txt'
+ echo usr/share/gnupg/help.txt
+fi
diff --git a/debian/gnupg-utils.install b/debian/gnupg-utils.install
index 5c764d4..808257b 100644
--- a/debian/gnupg-utils.install
+++ b/debian/gnupg-utils.install
@@ -2,8 +2,8 @@ build-maintainer/g10/gpgcompose usr/bin
build/tools/gpg-zip usr/bin
debian/migrate-pubring-from-classic-gpg usr/bin
debian/tmp/usr/bin/gpgparsemail
-debian/tmp/usr/bin/gpgtar
debian/tmp/usr/bin/gpgsplit
+debian/tmp/usr/bin/gpgtar
debian/tmp/usr/bin/kbxutil
debian/tmp/usr/bin/watchgnupg
debian/tmp/usr/sbin/addgnupghome
diff --git a/debian/gnupg.docs b/debian/gnupg.docs
index 66384bb..23a6bd3 100644
--- a/debian/gnupg.docs
+++ b/debian/gnupg.docs
@@ -1,4 +1,4 @@
-debian/tmp/usr/share/doc/gnupg/*
NEWS
THANKS
TODO
+debian/tmp/usr/share/doc/gnupg/*
diff --git a/debian/gpgv2.links b/debian/gpgv2.links
deleted file mode 100644
index 5107429..0000000
--- a/debian/gpgv2.links
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/bin/gpgv usr/bin/gpgv2
-usr/share/man/man1/gpgv.1.gz usr/share/man/man1/gpgv2.1.gz
diff --git a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
index cc9ee90..ab4eccf 100644
--- a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
+++ b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
@@ -36,14 +36,14 @@ bug.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
configure.ac | 2 +-
- doc/dirmngr.texi | 6 +++++-
- 2 files changed, 6 insertions(+), 2 deletions(-)
+ doc/dirmngr.texi | 9 +++++++--
+ 2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 0a4ae1e..c48cb8c 100644
+index 1ea8b7a..a3ff5c4 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1837,7 +1837,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
+@@ -1828,7 +1828,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
[The name of the dirmngr socket])
AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
@@ -53,19 +53,22 @@ index 0a4ae1e..c48cb8c 100644
AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index ab831de..f7c7672 100644
+index 39c0c45..4ac6174 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
-@@ -331,7 +331,11 @@ whether Tor is locally running or not. The check for a running Tor is
+@@ -339,8 +339,13 @@ whether Tor is locally running or not. The check for a running Tor is
done for each new connection.
If no keyserver is explicitly configured, dirmngr will use the
--built-in default of @code{https://keyserver.ubuntu.com}.
+-built-in default of @code{https://keyserver.ubuntu.com}. To avoid the
+-use of a default keyserver the value @code{none} can be used.
+built-in default of @code{https://keys.openpgp.org}.
+
+Note that the above default is a Debian-specific choice. Upstream
+GnuPG prefers @code{hkps://keyserver.ubuntu.com}. See
+/usr/share/doc/gpgconf/NEWS.Debian.gz for more details.
++
++To avoid the use of a default keyserver the value @code{none} can be used.
Windows users with a keyserver running on their Active Directory
may use the short form @code{ldap:///} for @var{name} to access this directory.
diff --git a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
index 81a1877..11ab394 100644
--- a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
+++ b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
@@ -23,12 +23,12 @@ index 954f88a..f65eed5 100644
+#define LDAP_DEPRECATED 1
#include <ldap.h>
#endif
- ],[ldap_open("foobar",1234);],
+ ]],[[ldap_open("foobar",1234);]])],
@@ -53,6 +54,7 @@ if test x$_ldap_with != xno ; then
if test $gnupg_cv_func_ldap_init = no; then
AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
- AC_TRY_LINK([#include <lber.h>
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <lber.h>
+#define LDAP_DEPRECATED 1
- #include <ldap.h>],[ldap_open("foobar",1234);],
+ #include <ldap.h>]],[[ldap_open("foobar",1234);]])],
[gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
diff --git a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch b/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
deleted file mode 100644
index c21409f..0000000
--- a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 18 Oct 2022 10:16:11 +0900
-Subject: dirmngr: Fix build with no LDAP support.
-
-* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.
-
---
-
-Cherry-pick master commit of:
- 7011286ce6e1fb56c2989fdafbd11b931c489faa
-
-GnuPG-bug-id: 6239
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit a5c3821664886ffffbe6a83aac088a6e0088a607)
----
- dirmngr/server.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index 651f67c..87a0d77 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -3135,8 +3135,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id)
- ctrl->refcount);
- else
- {
-+#if USE_LDAP
- ks_ldap_free_state (ctrl->ks_get_state);
- ctrl->ks_get_state = NULL;
-+#endif
- release_ctrl_ocsp_certs (ctrl);
- xfree (ctrl->server_local);
- dirmngr_deinit_default_ctrl (ctrl);
diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
deleted file mode 100644
index 99117df..0000000
--- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 18 Oct 2022 10:24:54 +0900
-Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS (another).
-
-* g10/Makefile.am (t_keydb_LDADD): Add NETLIBS after GPG_ERROR_LIBS.
-
---
-
-Fixes-commit: b26bb03ed96f380ad603f7ad902862625233c931
-GnuPG-bug-id: 6244
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit 256b3c05789d8026b62f594bd592199a90b1b446)
----
- g10/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/Makefile.am b/g10/Makefile.am
-index d38e292..cd5307e 100644
---- a/g10/Makefile.am
-+++ b/g10/Makefile.am
-@@ -200,7 +200,7 @@ module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter
- t_rmd160_SOURCES = t-rmd160.c rmd160.c
- t_rmd160_LDADD = $(t_common_ldadd)
- t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
--t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-+t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(t_common_ldadd)
- t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
- $(common_source)
diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
deleted file mode 100644
index c4ad203..0000000
--- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 18 Oct 2022 10:08:20 +0900
-Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS.
-
-* g10/Makefile.am (LDADD): Remove NETLIBS.
-(gpg_LDADD, gpgv_LDADD): Add NETLIBS after GPG_ERROR_LIBS.
-(gpgcompose_LDADD, t_keydb_get_keyblock_LDADD): Likewise.
-(t_stutter_LDADD): Likewise.
-
---
-
-GnuPG-bug-id: 6244
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit b26bb03ed96f380ad603f7ad902862625233c931)
----
- g10/Makefile.am | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/g10/Makefile.am b/g10/Makefile.am
-index f885673..d38e292 100644
---- a/g10/Makefile.am
-+++ b/g10/Makefile.am
-@@ -180,18 +180,18 @@ gpgv_SOURCES = gpgv.c \
- # $(common_source)
-
- LDADD = $(needed_libs) ../common/libgpgrl.a \
-- $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-+ $(ZLIBS) $(LIBINTL) $(CAPLIBS)
- gpg_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(SQLITE3_LIBS) $(LIBREADLINE) \
-- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(gpg_robjs) $(extra_sys_libs)
- gpg_LDFLAGS = $(extra_bin_ldflags)
- gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
-- $(GPG_ERROR_LIBS) \
-+ $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(gpgv_robjs) $(extra_sys_libs)
- gpgv_LDFLAGS = $(extra_bin_ldflags)
-
- gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
-- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(extra_sys_libs)
- gpgcompose_LDFLAGS = $(extra_bin_ldflags)
-
-@@ -205,10 +205,10 @@ t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
- t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
- $(common_source)
- t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-- $(LIBICONV) $(t_common_ldadd)
-+ $(NETLIBS) $(LIBICONV) $(t_common_ldadd)
- t_stutter_SOURCES = t-stutter.c test-stubs.c \
- $(common_source)
--t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-+t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(t_common_ldadd)
-
-
diff --git a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch b/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch
deleted file mode 100644
index bf542d0..0000000
--- a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Thu, 26 Nov 2020 09:50:40 +0900
-Subject: gpg: Report an error for receiving key from agent.
-
-* g10/export.c (do_export_one_keyblock): Report an error.
-
---
-
-GnuPG-bug-id: 5151
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit 6f0066db2c87e6362473d17c0621011ed1e1eae6)
----
- g10/export.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/g10/export.c b/g10/export.c
-index e98af59..8e17df3 100644
---- a/g10/export.c
-+++ b/g10/export.c
-@@ -1814,6 +1814,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
- {
- if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
- goto leave;
-+ write_status_error ("export_keys.secret", err);
- skip_until_subkey = 1;
- err = 0;
- }
diff --git a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
index fa6dd9f..da2b781 100644
--- a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
+++ b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
@@ -13,14 +13,14 @@ This fixes two of the three broken tests in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
- g10/import.c | 44 +++++++++++---------------------------------
- 1 file changed, 11 insertions(+), 33 deletions(-)
+ g10/import.c | 45 +++++++++++----------------------------------
+ 1 file changed, 11 insertions(+), 34 deletions(-)
diff --git a/g10/import.c b/g10/import.c
-index b2d5c1d..078a78c 100644
+index f11dedc..59c83f7 100644
--- a/g10/import.c
+++ b/g10/import.c
-@@ -1855,7 +1855,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1858,7 +1858,6 @@ import_one_real (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
@@ -28,7 +28,7 @@ index b2d5c1d..078a78c 100644
KEYDB_HANDLE hd = NULL;
if (r_valid)
-@@ -1892,14 +1891,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1895,14 +1894,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n");
}
@@ -43,11 +43,12 @@ index b2d5c1d..078a78c 100644
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -1974,17 +1965,10 @@ import_one_real (ctrl_t ctrl,
+@@ -1977,18 +1968,10 @@ import_one_real (ctrl_t ctrl,
}
}
-- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
+- /* Delete invalid parts and bail out if there are no user ids left. */
+- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
- {
- if (!silent)
- {
@@ -61,11 +62,11 @@ index b2d5c1d..078a78c 100644
+ /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains
+ * no valid uids. */
-+ delete_inv_parts (ctrl, keyblock, keyid, options);
++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
/* Get rid of deleted nodes. */
commit_kbnode (&keyblock);
-@@ -1994,24 +1978,11 @@ import_one_real (ctrl_t ctrl,
+@@ -1998,24 +1981,11 @@ import_one_real (ctrl_t ctrl,
{
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
@@ -90,7 +91,7 @@ index b2d5c1d..078a78c 100644
}
/* The keyblock is valid and ready for real import. */
-@@ -2069,6 +2040,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2073,6 +2043,13 @@ import_one_real (ctrl_t ctrl,
err = 0;
stats->skipped_new_keys++;
}
diff --git a/debian/patches/series b/debian/patches/series
index e62c9b8..9ea1b66 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,6 +12,8 @@ from-master/gpg-default-to-3072-bit-keys.patch
from-master/gpg-default-to-AES-256.patch
update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
+update-defaults/gpg-Do-not-set-OCB-key-preference.diff
+update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch
import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
@@ -21,7 +23,3 @@ gpg-drop-import-clean-from-default-keyserver-import-optio.patch
from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch
from-master/common-Fix-the-previous-commit.patch
from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
-from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch
-from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
-from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
-from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
diff --git a/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff
new file mode 100644
index 0000000..13f020f
--- /dev/null
+++ b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff
@@ -0,0 +1,26 @@
+From: Andreas Metzler <ametzler@debian.org>
+Date: Thu, 9 May 2024 13:57:27 +0200
+Subject: Do not set AEAD: OCB key preference on new keys.
+
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2024-05-09
+---
+ g10/keygen.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/g10/keygen.c b/g10/keygen.c
+index 6612352..dfaa591 100644
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -527,6 +527,10 @@ keygen_set_std_prefs (const char *string,int personal)
+ if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB))
+ ocb = 0;
+
++ /* Do not set AEAD: OCB on newly generated key, it is a LibrePGP
++ * feature. */
++ ocb = 0;
++
+ if(!rc)
+ {
+ if(personal)
diff --git a/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
new file mode 100644
index 0000000..821038f
--- /dev/null
+++ b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
@@ -0,0 +1,44 @@
+From: Andreas Metzler <ametzler@debian.org>
+Date: Thu, 9 May 2024 13:57:27 +0200
+Subject: Do not use OCB mode even if AEAD: OCB key preference is set.
+
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2024-05-09
+
+(overrideable with --force-ocb)
+---
+ g10/encrypt.c | 6 ++++++
+ tests/openpgp/encrypt.scm | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/g10/encrypt.c b/g10/encrypt.c
+index a4863fa..d2ad3fe 100644
+--- a/g10/encrypt.c
++++ b/g10/encrypt.c
+@@ -279,6 +279,12 @@ use_aead (pk_list_t pk_list, int algo)
+ }
+ return AEAD_ALGO_OCB;
+ }
++ else
++ {
++ /* Ignore AEAD: OCB key preference unless --force-ocb is set. It is
++ * a LibrePGP feature. */
++ return 0;
++ }
+
+ /* AEAD does only work with 128 bit cipher blocklength. */
+ if (!can_use)
+diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm
+index ef2f7b0..a44f5ca 100755
+--- a/tests/openpgp/encrypt.scm
++++ b/tests/openpgp/encrypt.scm
+@@ -88,7 +88,7 @@
+ (lambda (source)
+ (tr:do
+ (tr:open source)
+- (tr:gpgstatus "" `(--yes -e
++ (tr:gpgstatus "" `(--yes -e --force-ocb
+ -r ,"patrice.lumumba"
+ -r ,"mahsa.amini"))
+ (tr:call-with-content
diff --git a/debian/rules b/debian/rules
index b6aba08..bf8fe12 100755
--- a/debian/rules
+++ b/debian/rules
@@ -31,6 +31,10 @@ else
AUTOTEST_FLAGS = "--no-parallel"
endif
+ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
+ NODOC = --disable-doc
+endif
+
%:
dh $@ --with=autoreconf --builddirectory=build
@@ -38,21 +42,35 @@ GPGV_UDEB_UNNEEDED = gpgtar bzip2 gpgsm scdaemon dirmngr doc tofu exec ldap gnut
WIN32_FLAGS=LDFLAGS="-Xlinker --no-insert-timestamp -static" CFLAGS="-g -Os" CPPFLAGS=
-override_dh_auto_configure:
- dh_auto_configure --builddirectory=build-gpgv-udeb -- \
- $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x))
- dh_auto_configure --builddirectory=build-maintainer -- \
- --enable-maintainer-mode \
- $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x))
- dh_auto_configure --builddirectory=build -- --libexecdir=\$${prefix}/lib/gnupg \
+# runs for both arch-all and arch-indep builds
+execute_after_dh_auto_configure:
+ dh_auto_configure --builddirectory=build --verbose -- \
+ --libexecdir=\$${prefix}/lib/gnupg \
--enable-wks-tools \
--enable-all-tests \
--with-agent-s2k-calibration=300 \
- --enable-large-secmem
+ --enable-large-secmem \
+ --with-mailprog=/usr/sbin/sendmail \
+ $(NODOC)
+
+override_dh_auto_configure-arch:
+ dh_auto_configure --builddirectory=build-maintainer -- \
+ --enable-maintainer-mode \
+ $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) \
+ $(NODOC)
+ dh_auto_configure --builddirectory=build-gpgv-udeb -- \
+ $(NODOC) \
+ $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x))
+
+override_dh_auto_configure-indep:
+ # nothing to do
+
+# needed for both arch-all and -indep builds
+execute_after_dh_auto_build:
+ dh_auto_build --builddirectory=build
override_dh_auto_build-arch:
dh_auto_build --builddirectory=build-gpgv-udeb
- dh_auto_build --builddirectory=build
dh_auto_build --builddirectory=build-maintainer
cp -a build-gpgv-udeb build-gpgv-static
rm -f build-gpgv-static/g10/gpgv
@@ -64,6 +82,7 @@ override_dh_auto_build-indep:
cd build-gpgv-win32 && $(WIN32_FLAGS) ../configure \
$(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) \
$(foreach x, libgpg-error libgcrypt libassuan ksba npth, --with-$x-prefix=/usr/i686-w64-mingw32) \
+ $(NODOC) \
--enable-gpg2-is-gpg \
--with-zlib=/usr/i686-w64-mingw \
--prefix=/usr/i686-w64-mingw32 \
diff --git a/debian/tests/control b/debian/tests/control
index 9609918..1cf6de2 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,12 +1,24 @@
Tests: gpgv-win32
-Depends: gpgv-win32, gnupg2, gpgv2, wine32, diffutils
+Depends:
+ diffutils,
+ gnupg,
+ gpgv,
+ gpgv-win32,
+ wine32,
Restrictions: allow-stderr
Architecture: i386
Tests: simple-tests
-Depends: gnupg2, gpgv2
+Depends:
+ gnupg,
+ gpgv,
Restrictions: allow-stderr
Tests: migration
-Depends: gpg, gnupg1, gnupg-utils, debian-archive-keyring, diffutils
+Depends:
+ debian-archive-keyring,
+ diffutils,
+ gnupg-utils,
+ gnupg1,
+ gpg,
Restrictions: allow-stderr