summaryrefslogtreecommitdiffstats
path: root/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
new file mode 100644
index 0000000..bdb33f9
--- /dev/null
+++ b/debian/patches/update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
@@ -0,0 +1,46 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Wed, 3 Jan 2018 12:34:26 -0500
+Subject: gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences.
+
+* g10/keygen.c (keygen_set_std_prefs): prefer SHA-512
+and SHA-384 by default.
+
+--
+
+In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the
+defaults for --default-preference-list to advertise a preference for
+SHA-512, without touching --personal-digest-preferences. This makes
+the same change for --personal-digest-preferences, since every modern
+OpenPGP library supports them all.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ g10/keygen.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/g10/keygen.c b/g10/keygen.c
+index 5b4a785..2066bf1 100644
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -391,16 +391,16 @@ keygen_set_std_prefs (const char *string,int personal)
+ if (personal)
+ {
+ /* The default internal hash algo order is:
+- * SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
++ * SHA-512, SHA-384, SHA-256, SHA-224, SHA-1.
+ */
+- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
+- strcat (dummy_string, "H8 ");
++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
++ strcat (dummy_string, "H10 ");
+
+ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
+ strcat (dummy_string, "H9 ");
+
+- if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
+- strcat (dummy_string, "H10 ");
++ if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
++ strcat (dummy_string, "H8 ");
+ }
+ else
+ {